Pages:
Author

Topic: About the recent server compromise - page 5. (Read 15385 times)

hero member
Activity: 784
Merit: 1000
May 26, 2015, 10:03:31 AM
Just back after a long break and saw this, that explain why I can't access the forum recently.

Also I suddenly receive spam email from somewhere (mostly german or something), anyone got the same problem?
hero member
Activity: 532
Merit: 500
no longer selling accounts
May 26, 2015, 09:36:10 AM
The site has become incredibly slow since the compromise and I'm getting a lot of "502 Bad Gateway" notifications.
Not actually see errors here. And the site works fine and fluent, however sometimes when I do actions(PM,Posts) it laggs so much that it usually takes about 30 seconds to post something

The forum was very laggy earlier on but it's been working ok since. I'm sure it'll be up and down every now and again until the forum gets back on its feet.
I think the period when it was laggy/slow was a peak usage time for the forum. I would be interested to see if the forum experiences similar performance issues around the same time tonight.
legendary
Activity: 2968
Merit: 3061
Join the world-leading crypto sportsbook NOW!
May 26, 2015, 09:27:23 AM
The site has become incredibly slow since the compromise and I'm getting a lot of "502 Bad Gateway" notifications.
Not actually see errors here. And the site works fine and fluent, however sometimes when I do actions(PM,Posts) it laggs so much that it usually takes about 30 seconds to post something

The forum was very laggy earlier on but it's been working ok since. I'm sure it'll be up and down every now and again until the forum gets back on its feet.
hero member
Activity: 896
Merit: 508
May 26, 2015, 08:53:38 AM
The site has become incredibly slow since the compromise and I'm getting a lot of "502 Bad Gateway" notifications.
Not actually see errors here. And the site works fine and fluent, however sometimes when I do actions(PM,Posts) it laggs so much that it usually takes about 30 seconds to post something
legendary
Activity: 1414
Merit: 1077
May 26, 2015, 05:03:00 AM
The site has become incredibly slow since the compromise and I'm getting a lot of "502 Bad Gateway" notifications.

Same here Sad.
sr. member
Activity: 476
Merit: 500
I like boobies
May 26, 2015, 04:57:53 AM
The site has become incredibly slow since the compromise and I'm getting a lot of "502 Bad Gateway" notifications.
member
Activity: 84
Merit: 10
★YoBit.Net★ 100+ Coins Exchange & Dice
May 26, 2015, 04:28:52 AM
Geeze, well thanks Theymos for being awesome, if not discovered so quickly this could have been much worse.  After seeing that chart, time to go change a few passwords (eek!)
legendary
Activity: 1764
Merit: 1000
May 26, 2015, 04:14:22 AM
have a strong feeling they inserted a backdoor somewhere or a keylogger.

something that would keep them getting access to the forum and retrieve data

do you even know how a keylogger works?

anyways, host was compromised due to social engineering, so theymos did nothing wrong. In fact, the amateurs at NForce gave the attacker access (good job!)
sr. member
Activity: 366
Merit: 250
May 26, 2015, 03:53:45 AM
The NSA hacked the forum to link users' information (nicknames, emails, IP's, passwords) with illegal activity made elsewhere..  Roll Eyes

Why would they need to hack the forum when the NSA likely has access to all this info already?

have a strong feeling they inserted a backdoor somewhere or a keylogger.

something that would keep them getting access to the forum and retrieve data

I'm sure theymos checked for this kind of stuff or would have noticed if this had of happened. Probably why the forum was down for so long.
hero member
Activity: 700
Merit: 500
If you think you know me.. Think again
May 26, 2015, 03:35:35 AM
have a strong feeling they inserted a backdoor somewhere or a keylogger.

something that would keep them getting access to the forum and retrieve data
legendary
Activity: 2898
Merit: 1017
May 26, 2015, 03:30:29 AM
The NSA hacked the forum to link users' information (nicknames, emails, IP's, passwords) with illegal activity made elsewhere..  Roll Eyes
newbie
Activity: 32
Merit: 0
May 26, 2015, 01:31:50 AM
So when is the next compromise?  Grin

Just kidding. Need to know what happened though.
AGD
legendary
Activity: 2070
Merit: 1164
Keeper of the Private Key
May 26, 2015, 01:07:42 AM
It wasn't the forum's fault but the hosting.

Theymos claims it was the hosting. That's what you meant to say.
He openly states, in this very thread, that before any of the alleged social engineering took place,
"... The attacker was able to acquire KVM access credentials for the server. The investigation into how this was possible is still ongoing, so I don't know everything ..."

Not sure why everyone is acting like lax DC security is the issue,

The hoster denied beeing attacked with SE. It is still not clear how attacker gained access and why.
 
Possible, that the goal was to extract only a few certain PMs. This attack could be part of another, bigger attack. This also looks so determined to me, that I exclude email spammers, Satoshi seekers and random script kiddies.
legendary
Activity: 2674
Merit: 2970
Terminated.
May 26, 2015, 12:11:41 AM
If it happens again I'm going to stop posting on here & find somewhere else.
It's ridiculous that with 1.5 million USD donated they can't stop attacks like this happening.
Imagine if people had wallet back ups in their emails, bank details etc.
I think it's disgraceful.

Actually no, you're the one being ridiculous. The money is being used to make a new forum, not actively prevent this one from being breached.
You don't even realize how lucky we are that theymos is the man behind the forum. Most of the time when these hacks happen it usually passes some time before detection.
You can blame anyone here. 1.5 million USD is nothing. If you take a look at the recent hacks, millions of people have been completely exposed.
Remember the Sony hack (a multi-million company)? or this:
http://www.usatoday.com/story/tech/2015/02/15/hackers-steal-billion-in-banking-breach/23464913/

Everyone was advised to use VPNs or at least PGP when sharing valuable information.
legendary
Activity: 854
Merit: 1000
May 25, 2015, 06:30:56 PM
All good here. Changed password just in case. Don't use secret question.
sr. member
Activity: 366
Merit: 250
May 25, 2015, 06:13:27 PM
Well it looks like people have already been badly effected by their info being leaked and I'm sure it will become publicly available at some point. It looks like several accounts have already been hacked and over the next few days I'm sure we'll see people complaining about having other accounts hacked or bitcoin balances cleaned out and so on.
legendary
Activity: 3556
Merit: 9709
#1 VIP Crypto Casino
May 25, 2015, 05:58:31 PM
If it happens again I'm going to stop posting on here & find somewhere else.
It's ridiculous that with 1.5 million USD donated they can't stop attacks like this happening.
Imagine if people had wallet back ups in their emails, bank details etc.
I think it's disgraceful.


It wasn't the forum's fault but the hosting. The new forum is being made now but that wouldn't have stopped this either and its being tested to make sure there are no holes or ways to exploit it. And people shouldn't keep their bank details or back ups of their wallets in their emails especially if they can't keep it secure.

Hopefully nobody has been badly effected by all of this.
Hopefully the culprit was just somebody that thought it'd be funny to make the site get taken down, a troll or something.
Wouldn't be nice if it was somebody who wanted to try & do it for monetary reasons.
sr. member
Activity: 366
Merit: 250
May 25, 2015, 05:50:37 PM
If it happens again I'm going to stop posting on here & find somewhere else.
It's ridiculous that with 1.5 million USD donated they can't stop attacks like this happening.
Imagine if people had wallet back ups in their emails, bank details etc.
I think it's disgraceful.


It wasn't the forum's fault but the hosting. The new forum is being made now but that wouldn't have stopped this either and its being tested to make sure there are no holes or ways to exploit it. And people shouldn't keep their bank details or back ups of their wallets in their emails especially if they can't keep it secure.
legendary
Activity: 3556
Merit: 9709
#1 VIP Crypto Casino
May 25, 2015, 05:40:58 PM
If it happens again I'm going to stop posting on here & find somewhere else.
It's ridiculous that with 1.5 million USD donated they can't stop attacks like this happening.
Imagine if people had wallet back ups in their emails, bank details etc.
I think it's disgraceful.
sr. member
Activity: 366
Merit: 250
May 25, 2015, 05:30:46 PM
Personally what I am most curious about is why someone would go to such trouble to hack this forum ?

As most here are going to be way above average in security habits the chance of getting a password to something else is almost nil (and they were not stored in plaintext although I guess the attacker may have hoped they would be) . 

Was it an enemy of bitcoin ??

   

You'd be surprised at how many people will reuse emails and passwords. I'm sure many do the same with their blockchain.info accounts too. Regardless of that, the infodump of all this forum's users emails would be very valuable to advertisers or scammers/spammers but maybe whoever hacked it did it just because he could. Some people just like finding security holes though I'm sure the person will try get some money out of the info he has.
Pages:
Jump to: