About the recent server compromise - page 2.

deepceleron

legendary

Activity: 1512

Merit: 1028

Quote from: theymos on May 25, 2015, 10:39:49 AM

Code:

Estimated time (conservative) for an attacker to break randomly-constructed
bitcointalk.org passwords with current technology

s=second; m=minute; h=hour; d=day; y=year; ky=1000 years; My=1 million years

Password length a-z a-zA-Z a-zA-Z0-9
8 0 3s 12s 2m
9 0 2m 13m 3h
10 8s 2h 13h 13d
11 3m 5d 34d 1y
12 1h 261d 3y 260y
13 1d 37y 366y 22ky
14 43d 1938y 22ky 1My
15 1y 100ky 1My 160My
-------------------------------------------------------
1 word 0
2 words 0
3 words 0
4 words 3m
5 words 19d
6 words 405y
7 words 3My

Good luck to the password hashers with my 34 character random password. The security answer is similar strength garbage. Don't think I'll need to change it. The forum also has it's own non-reused email address, if any mail turns up there I know the source is the forum or a leak.

Once you are hosting-pwnd though, you have to audit EVERYTHING if you're not going to wipe and restore from backup pre-intrusion. Anything could have been done, such as redirects or php hacks to capture passwords or cookie sessions, or wholesale VM state dumps that still would allow compromise of existing accounts.

theymos

administrator

Activity: 5166

Merit: 12850

Search is enabled again.

BlindMayorBitcorn

legendary

Activity: 1260

Merit: 1115

Quote from: Brewins on May 30, 2015, 08:48:21 PM

Quote from: ?? on ??

Everyone get a load of this?

https://www.reddit.com/r/Bitcoin/comments/37w9a0/bitcointalk_database_for_sell/

Seem legit?

someone is/has been spamming the goods section with that, but got banned pretty quickly.

For me is just scam. Any kid can make a large file that looks more or less like a database with lots of nonsense then put it for sale in the hope that some moron will buy it

Ah. Understood. Roll Eyes

Brewins

legendary

Activity: 1120

Merit: 1000

Quote from: ?? on ??

Everyone get a load of this?

https://www.reddit.com/r/Bitcoin/comments/37w9a0/bitcointalk_database_for_sell/

Seem legit?

someone is/has been spamming the goods section with that, but got banned pretty quickly.

For me is just scam. Any kid can make a large file that looks more or less like a database with lots of nonsense then put it for sale in the hope that some moron will buy it

MakingMoneyHoney

hero member

Activity: 504

Merit: 500

Quote from: svein on May 30, 2015, 05:00:32 PM

Second time I get the error after a post:

Quote

Database error
Please try again. If you come back to this error screen, report the error to an administrator.

But my posts got posted so I don't know if there is really an error or if the message itself is the error

I also saw someone triple posting in a thread I posted in. When I posted, it didn't look like it worked. But I refreshed the page in another tab and was able to see my post went through.

Also, unread new replies, when I click them and read them, they're not showing up as read afterwards.

svein

sr. member

Activity: 298

Merit: 250

Second time I get the error after a post:

Quote

Database error
Please try again. If you come back to this error screen, report the error to an administrator.

But my posts got posted so I don't know if there is really an error or if the message itself is the error

bcearl

full member

Activity: 168

Merit: 103

Quote from: itod on May 29, 2015, 06:06:51 PM

Wait, you are suggesting because few guys' spam filters blocked the circular mail theymos should spam us all with that mail again?!? That makes no sense. Have you ever, I mean ever, seen same circular mail re-sent to you just in case somebody may miss it? No serious entity does that, so should not Bitcointalk either.

It is NOT in the spam filters.

Also: I am a member for 4 years, and I got several mails from bitcointalk in the past.

Racey

legendary

Activity: 1134

Merit: 1000

Soon, I have to go away.

I got the e-mail from here, I am using hotmail, but my mail is masked so its useless to anyone.
Any spam I can reject it back to the Abine website and never get mail from them again

I only changed my password for the forum as it makes sense to keep this, I use many masked mails.
You should give it a go its free, you do get an option to buy premium, it has more features.
I have have the free one...works good for me.

One of my newly created e-mail accounts was used to sign up for that Mine that cloud scam, I recived a few spam mailings, so I knew it came from them, or they sold it on to third parties.

These did admit to buying my mail, but removed his post some time later.

https://bitcointalksearch.org/topic/m.10470176

theymos

administrator

Activity: 5166

Merit: 12850

Quote from: bcearl on May 29, 2015, 09:52:18 AM

Just saying. Get a decent way to send them, theymos, and send all of them again. You cannot just set up a random server with a random IP address and send mails. It's not the 80's any more. Due to spam epidemic, major mail providers will reject those mails.

The mail certainly came from bitcointalk.org due to the forum's SPF policy, and users have been receiving legitimate mail from bitcointalk.org for years, so any mail provider that bounces forum mail is outright broken IMO. It's ridiculous that 500,000 users can receive consistent legitimate mail from the forum for years, but then when I want to send them all one mail some of the big providers freak out.

itod

legendary

Activity: 1974

Merit: 1075

^ Will code for Bitcoins

Quote from: bcearl on May 29, 2015, 09:52:18 AM

Just saying. Get a decent way to send them, theymos, and send all of them again. You cannot just set up a random server with a random IP address and send mails. It's not the 80's any more. Due to spam epidemic, major mail providers will reject those mails.

Wait, you are suggesting because few guys' spam filters blocked the circular mail theymos should spam us all with that mail again?!? That makes no sense. Have you ever, I mean ever, seen same circular mail re-sent to you just in case somebody may miss it? No serious entity does that, so should not Bitcointalk either.

bcearl

full member

Activity: 168

Merit: 103

Thanks for the info. I confirmed at least two people who did not receive any such e-mail. One is a Google Mail address (@gmail.com), the other one has a big German university's e-mail address. The mails are not in the spam folders either.

Just saying. Get a decent way to send them, theymos, and send all of them again. You cannot just set up a random server with a random IP address and send mails. It's not the 80's any more. Due to spam epidemic, major mail providers will reject those mails.

sgk

legendary

Activity: 1470

Merit: 1002

!! HODL !!

Quote from: bcearl on May 29, 2015, 06:32:00 AM

Quote from: Borisz on May 29, 2015, 04:43:39 AM

There was an email on the 24th of May, 2015.

I certainly did not get it, and I asked a few people from whom nobody got it either.

It might be an issue with certain email providers, because most of the users received the email fine. I also received it with no problem.

Here's the full text of the email:

Code:

from:	[email protected]
to:	xxxxxxxxxxxxx
date:	25 May 2015 at 20:41
subject:	Bitcoin Forum: Password change required
mailed-by:	bitcointalk.org


-----BEGIN PGP SIGNED MESSAGE----
Hash: SHA256

You are receiving this message because your email address is associated
with an account on bitcointalk.org. I regret to have to inform you that
some information about your account was obtained by an attacker who
successfully compromised the bitcointalk.org server. The following
information about your account was likely leaked:
 - Email address
 - Password hash
 - Last-used IP address and registration IP address
 - Secret question and a basic (not brute-force-resistant) hash of your
 secret answer
 - Various settings

You should immediately change your forum password and delete or change
your secret question. To do this, log into the forum, click "profile",
and then go to "account related settings".

If you used the same password on bitcointalk.org as on other sites, then
you should also immediately change your password on those other sites.
Also, if you had a secret question set, then you should assume that the
attacker now knows the answer to your secret question.

Your password was salted and hashed using sha256crypt with 7500 rounds.
This will slow down anyone trying to recover your password, but it will
not completely prevent it unless your password was extremely strong.

While nothing can ever be ruled out in these sorts of situations, I do
not believe that the attacker was able to collect any forum personal
messages.

I apologize for the inconvenience and for any trouble that this may cause.
-----BEGIN PGP SIGNATURE-----

iF4EAREIAAYFAlVhiGIACgkQxlVWk9q1keeUmgEAhGi8pTghxISo1feeXkUMhW3a
uKxLeOOkTQR5Zh7aGKoBAMEvYsGEBGt3hzInIh+k43XJjGYywSiPAal1KI7Arfs0
=bvuI
-----END PGP SIGNATURE-----

Borisz

sr. member

Activity: 476

Merit: 251

Quote from: bcearl on May 29, 2015, 06:32:00 AM

Quote from: Borisz on May 29, 2015, 04:43:39 AM

There was an email on the 24th of May, 2015.

I certainly did not get it, and I asked a few people from whom nobody got it either.

It came from the standard email address where I normally receive messages from, regarding new PMs and such. I suggest you either check if you receive emails at all from the forum (settings etc.) or change the email address. It's good to stay up-to-date in such situations.

Although, indeed there was a message in the forum header as well.

DiamondCardz

legendary

Activity: 1134

Merit: 1112

Quote from: hilariousandco on May 29, 2015, 06:51:46 AM

Quote from: bcearl on May 29, 2015, 06:32:00 AM

Quote from: Borisz on May 29, 2015, 04:43:39 AM

There was an email on the 24th of May, 2015.

I certainly did not get it, and I asked a few people from whom nobody got it either.

Some service providers block certain IPs the forum uses to send emails so that may be why.

Perhaps. I certainly got it (as someone who doesn't use hotmail as an email provider, not disclosing my email provider though) and there is a warning at the top of the forum telling you to change your passwords, so I don't see what else could or should be done to keep people "safe".

hilariousandco

global moderator

Activity: 3794

Merit: 2615

Join the world-leading crypto sportsbook NOW!

Quote from: bcearl on May 29, 2015, 06:32:00 AM

Quote from: Borisz on May 29, 2015, 04:43:39 AM

There was an email on the 24th of May, 2015.

I certainly did not get it, and I asked a few people from whom nobody got it either.

Some service providers block certain IPs the forum uses to send emails so that may be why.

jmurjeff

member

Activity: 106

Merit: 10

Quote from: sgk on May 29, 2015, 03:16:57 AM

Quote from: diffused30 on May 28, 2015, 08:47:50 PM

How do I get hotmail to accept the mail from bitcointalk?

I am not using Hotmail, but are you receiving forum emails in 'Junk' folder or you're not receiving them at all?

If you're receiving them in Junk, it should be very easy to just mark them as 'Not Junk'.
If you're not receiving them altogether, you should find out if Hotmail allows 'white-listing' specific domains or email addresses, like MZ suggested above.

I don't need it anymore. I had to create a new account because I could not recover my password and that is why I needed to know how to receive mail. But theymos helped me out by sending mail to my hotmail account. I have not received a single mail from this site. I think they blocked the bitcointalk.org domain. I am going to switch to gmail because I can receive mail from this site.

bcearl

full member

Activity: 168

Merit: 103

Quote from: Borisz on May 29, 2015, 04:43:39 AM

There was an email on the 24th of May, 2015.

I certainly did not get it, and I asked a few people from whom nobody got it either.

Borisz

sr. member

Activity: 476

Merit: 251

Quote from: bcearl on May 29, 2015, 04:35:38 AM

Why did you not even send a warning mail to all addresses? Thousands of casual forum users don't even know about this incident and their password hashes stolen.

There was an email on the 24th of May, 2015.

bcearl

full member

Activity: 168

Merit: 103

Why did you not even send a warning mail to all addresses? Thousands of casual forum users don't even know about this incident and their password hashes stolen.

sgk

legendary

Activity: 1470

Merit: 1002

!! HODL !!

Quote from: diffused30 on May 28, 2015, 08:47:50 PM

How do I get hotmail to accept the mail from bitcointalk?

I am not using Hotmail, but are you receiving forum emails in 'Junk' folder or you're not receiving them at all?

If you're receiving them in Junk, it should be very easy to just mark them as 'Not Junk'.
If you're not receiving them altogether, you should find out if Hotmail allows 'white-listing' specific domains or email addresses, like MZ suggested above.

Topic: About the recent server compromise - page 2. (Read 15325 times)