Pages:
Author

Topic: About the recent server compromise - page 3. (Read 15385 times)

hero member
Activity: 560
Merit: 509
I prefer Zakir over Muhammed when mentioning me!
May 29, 2015, 12:42:53 AM
How do I get hotmail to accept the mail from bitcointalk?

Whitelist Bitcointalk email addresses.
newbie
Activity: 1
Merit: 0
May 28, 2015, 07:47:50 PM
How do I get hotmail to accept the mail from bitcointalk?
legendary
Activity: 1762
Merit: 1011
May 28, 2015, 06:33:45 PM
So, since the forums have been back up, Topic Notifications of new replies have not been getting e-mailed out.

They are getting mailed out, your mail provider is just rejecting them. Maybe I will get a new IP address in the future to stop this from happening, but IMO this is a problem on hotmail's end.

Code:
May 28 17:42:22 B184CA91EB5: to=<...>,
relay=mx1.hotmail.com[65.55.37.72]:25, delay=0.55,
delays=0.16/0/0.28/0.1, dsn=5.0.0, status=bounced (host
mx1.hotmail.com[65.55.37.72] said: 550 OU-002 (COL004-MC1F36)
Unfortunately, messages from 198.251.81.170 weren't sent. Please
contact your Internet service provider since part of their network
is on our block list. You can also refer your provider to
http://mail.live.com/mail/troubleshooting.aspx#errors. (in reply to
MAIL FROM command))

Interesting. Besides this issue with Hotmail, I also have no ability to sign up on bugs.python.org or counterpartytalk.org because the confirmation e-mails are never received. The bugs.python.org e-mails have been blocked for *years*, according to similar complaints I've found online. How obnoxious on Microsoft's part.
legendary
Activity: 1806
Merit: 1090
Learning the troll avoidance button :)
May 28, 2015, 03:43:02 PM
why reject them ??
Probably due to the fact that the site has sent out thousands of mails within a short period of time, due to the recent compromise.

That would make sense it must have triggered some spam filter and ended up on hotmails block list
Guess it might fix itself sooner or later
staff
Activity: 3304
Merit: 4115
May 28, 2015, 03:36:51 PM
why reject them ??
Probably due to the fact that the site has sent out thousands of mails within a short period of time, due to the recent compromise.
legendary
Activity: 1274
Merit: 1006
Trainman
May 28, 2015, 03:35:29 PM
So, since the forums have been back up, Topic Notifications of new replies have not been getting e-mailed out.

They are getting mailed out, your mail provider is just rejecting them. Maybe I will get a new IP address in the future to stop this from happening, but IMO this is a problem on hotmail's end.

Code:
May 28 17:42:22 B184CA91EB5: to=<...>,
relay=mx1.hotmail.com[65.55.37.72]:25, delay=0.55,
delays=0.16/0/0.28/0.1, dsn=5.0.0, status=bounced (host
mx1.hotmail.com[65.55.37.72] said: 550 OU-002 (COL004-MC1F36)
Unfortunately, messages from 198.251.81.170 weren't sent. Please
contact your Internet service provider since part of their network
is on our block list. You can also refer your provider to
http://mail.live.com/mail/troubleshooting.aspx#errors. (in reply to
MAIL FROM command))

why reject them ??
administrator
Activity: 5222
Merit: 13032
May 28, 2015, 03:32:54 PM
So, since the forums have been back up, Topic Notifications of new replies have not been getting e-mailed out.

They are getting mailed out, your mail provider is just rejecting them. Maybe I will get a new IP address in the future to stop this from happening, but IMO this is a problem on hotmail's end.

Code:
May 28 17:42:22 B184CA91EB5: to=<...>,
relay=mx1.hotmail.com[65.55.37.72]:25, delay=0.55,
delays=0.16/0/0.28/0.1, dsn=5.0.0, status=bounced (host
mx1.hotmail.com[65.55.37.72] said: 550 OU-002 (COL004-MC1F36)
Unfortunately, messages from 198.251.81.170 weren't sent. Please
contact your Internet service provider since part of their network
is on our block list. You can also refer your provider to
http://mail.live.com/mail/troubleshooting.aspx#errors. (in reply to
MAIL FROM command))
legendary
Activity: 1762
Merit: 1011
May 28, 2015, 03:28:55 PM
So, since the forums have been back up, Topic Notifications of new replies have not been getting e-mailed out.
legendary
Activity: 1134
Merit: 1118
May 28, 2015, 12:25:15 AM
Ooh. That's a lot of kiloyears to break my password.

Thanks for the warning, I updated my password after the hack just to be safe and also to make it a little bit more secure compared to the password that I previously had on my account.

rishabh6115: Depends. If it's extremely secure you might not need to take action, if it's less secure you should, but in all fairness you probably should either way.
hero member
Activity: 504
Merit: 500
May 28, 2015, 12:22:30 AM
Do we have to change our passwords or it is fine to keep before one. Please answer fast.

You should change it.
newbie
Activity: 13
Merit: 0
May 28, 2015, 12:20:11 AM
Do we have to change our passwords or it is fine to keep before one. Please answer fast.
legendary
Activity: 1274
Merit: 1006
Trainman
May 27, 2015, 06:34:02 AM
404 security not found /\ Theymos protect the bitcointalk community there are to much ways
hero member
Activity: 617
Merit: 559
May 27, 2015, 06:10:21 AM
Happy to see that all is good now! I think it was 3rd hack attempt in last 2 months.
newbie
Activity: 17
Merit: 0
May 27, 2015, 05:25:44 AM
Why is this news, "News: Change your password!" only showed on the index page?
I believe that right now this news is the like the most important thing for the forum and should be displayed on all the threads.

At least have it in bold so it's easier to see.
sr. member
Activity: 280
Merit: 250
May 27, 2015, 05:21:51 AM
Why is this news, "News: Change your password!" only showed on the index page?
I believe that right now this news is the like the most important thing for the forum and should be displayed on all the threads.
legendary
Activity: 1974
Merit: 1077
^ Will code for Bitcoins
May 27, 2015, 03:31:53 AM
Although the majority of the passwords will still get broken.

I'm not so sure about this. It's hard to estimate how long passwords people used, but average 11-length alphanumeric password needs 3 months (estimated) to be cracked, and 12-length 3 years. Longer passwords probably won't get cracked. If majority of people here used shorter passwords then, yes, majority will get broken, but I think that is not the case, majority of people here new better then to use short passwords.
legendary
Activity: 2674
Merit: 2970
Terminated.
May 27, 2015, 02:02:52 AM
Yes, you are proberly right....... I need a brand new one, adding 8 letters is not good enough.
I look at that KeePass 2, it looks pretty good, just not sure I can trust it.....
But thank you anyways Smiley
There's no reason no to trust it. Since it is open source, and if coders have accepted it it should be fine. Also there is always the old school method of writing it down on a piece of paper.

Off to change the password
It's good to know that a Bitcoin miner can't be used to break encryption
Thanks for the hard work theymos
Although the majority of the passwords will still get broken.
legendary
Activity: 1414
Merit: 1077
May 27, 2015, 01:12:45 AM
Thanks for your hard work getting the forum back up and running Theymos, it must have been a real headache.

Lets hope the reward your offering helps catch the lowlife scumbags.
legendary
Activity: 1806
Merit: 1090
Learning the troll avoidance button :)
May 26, 2015, 11:23:35 PM
Off to change the password
It's good to know that a Bitcoin miner can't be used to break encryption
Thanks for the hard work theymos
legendary
Activity: 1456
Merit: 1000
May 26, 2015, 10:55:24 PM
Thanks for the explanation theymos.  

On May 22 at 00:56 UTC, an attacker gained root access to the forum's server. He then proceeded to try to acquire a dump of the forum's database before I noticed this at around 1:08 and shut down the server. In the intervening time, it seems that he was able to collect some or all of the "members" table. You should assume that the following information about your account was leaked:

Does this mean that only people with the member rank were effected, or all forum members? Changing my password anyways, just curious.

Also, I found this interesting article: https://www.cryptocoinsnews.com/bitcoin-mining-figure-joshua-zipkin-responsible-bitcointalk-hack/

Opinions?

I think the comments are pretty dated.  I do know AMT has no love here so I could see them having a reason.  But I don't know how much of a threat the owner is. 

I do wonder do we know besides password was other information also salted?  Or are we talking plain text?
Pages:
Jump to: