Topic: About the recent server compromise - page 6. (Read 15325 times)

Thanks for the info and hope you are able to figure out exactly how it happened.

Did he confirm his identity ??

check the pgp signature in the e mail you would have got.

that confirms it

----------

Thanks for these details.

Also the people running this board CANNOT control if someone social eng. the employee's working or the isp.
This hack is not on them.

Furthermore I would suggest to everyone to do what i do regarding forums or anything else you 'sign up for' ....

Always use different e mail addresses and long difficult passwords, (also login names if possible)

If the information in the op is correct my password is good for several million years at present technology although I did change it as recommended.

Another item to remember.  If you use the e mail for this forum for other 'accounts' , for example twitter, or a coin exchange.....  remember for many places your e mail address is as good as your log in name.....

Therefore it may make it MUCH easier for someone to attack you someplace else unless you use only e mail addresses for one place. 

Anyone who uses the same password for more than one thing in life is just a sitting duck in cyberspace waiting to be taken out.

Personally what I am most curious about is why someone would go to such trouble to hack this forum ?

As most here are going to be way above average in security habits the chance of getting a password to something else is almost nil (and they were not stored in plaintext although I guess the attacker may have hoped they would be) . 

Was it an enemy of bitcoin ??

Was it a teenager hoping to be a famous hacker ?? (doubtful no one claimed respnsibility or  posted information to pastebin proving they pulled this off)

Was it some curious person wondering if they could figure out who Satoshi is ??

Was it a wealthy jealous spouse that paid a private investigator a lot of money to 'sniff out' all their spouses online activity ?

Was it a team of scammers hoping to steal bitcoin ??

I wonder....


When hacks take place they remind everyone how important it is to practice good secure methods on everything.  I guess now we wait and watch........ see what happens next.

   

ddosbtc is fucking around with his annoying booter.

Was running ok earlier but it's got a bit sluggish now, but that's to be expected as everyone tries logging on and resetting their passwords etc. Wouldn't surprise me if the forum will get ddosed as well.

please do so!

Well yes, I do agree on that. People should consider using one and using Protonmail (or a similar service) with Bitcointalk. Using that email only for Bitcointalk is also recommended.
I'm pretty sure that individuals will receive emails in the future; whoever uses the same email for other services too will receive a taste of social engineering.

I recall theymos saying that deleted PMs and posts are kept in the db? This is a concern (especially PMs) in situations like these. Hopefully PMs have not been compromised.

It's also loading slower for me, although I'm confident that this will improve throughout the day.

I'm sorry, but has theymos actually confirmed his forum identity after the attack yet?  And also, is it just me or is the forum currently loading slower than normal?

I don't think he stated or insinuated that, just that people should consider using them.


Yes, they were sent out by theymos en masse, though that doesn't mean you might not have recieved a phishing mail. I'm sure the hacker will try something with our emails.

I don't think a witchhunt + grease is a good combination, it just ends up in a "everyone is Satoshi" shitstorm that gets innocent people caught up. Those that aren't yet aware of the hacking yet probably don't have the expertise to work it out, so let those that do get on with it.

Aaaaaand now we know the reason why the server lags every now and then, you're signing in For the sake of the servers might want to set it to a reasonable 50 or so, which has the same strength of 2048 = not worth bruting = just as likely to be social'ed or reset.



From what I saw it wasn't a new virtual identity that was used in the attack.

If you believe that the majority of the users here use a VPN you are wrong.

Then I should have posted less I guess. Although a high post count is quite useless. I'm going to assume that the most likely targets would be people on the default trust list and people with a lot of trust (100+).

Have others received an email from the forum? I took a quick peek. Just want to verify if isn't something fishy.

Theymos,

Check your PMs. I sent you some info on something that might get the ball rolling. That said there are obvious suspects which info I already provided to CCN. Some press coverage might get the right wheels greased to get an actual investigation going.

If having a IP address was that big of an issue, nobody would be safe. Just imagine the amount of websites you've connected to over the years. If you have open ports it can slightly more concerning, but it would likely require a number of things to be truley concerened. For example, vunerable software. Keep up to date with the latest patches is normally advised. If the hacker was interested in using the IP to exploit, it would more than likely be on highly ranked members with a large presensce within the Bitcoin community.

An issue some users may find, is that the hacker may have your IP address, which is a place to start exploiting. Your hash of your password. So if he/she does crack it then they know of one possible password you might use or varations of it. Or have a general idea of the passwords you use. They may also have a secret question and answer. But, I always recommend not using them, or if you must make it completely random.

Of course, if you are concerned. Then you should get started in cranking up your security. A lot of users will be doing this, just to keep it fresh.

Well Seems like It dosen't matter how big the service provider is anymore .
I mean look how big Amazon and famous it is . and you can trick them in less them 60 seconds . "Oh empty box" => "GG , refunded" and people are doing it all the time .

This depends on your ISP. Having your modem/router closed overnight usually does the job. If you didn't login during the short time that the forum was back up but then went offline again then I'm guessing that you most certainly should have a new IP address than the one last used to login.

Yes I am surprised and I know that a 100% security doesn't really exist but c'mon... we are talking about a big service provider and it should not be easy to trick them (in my honest opinion) but everything is possible. The real problem is always the people, you can build the security that you want but you are fuc**ed if an employee will reset the pwd .

I have reported the emails to theymos and hope that he can track those accounts and take an action soon. I don't know how to report it to my email provider. I just clicked "Report Spam."

Well I couldn't get into my account and for a while it looked like the password recovery wasn't working.

Thankfully I don't reuse passwords, but it's always a good wake up call to just go through and refresh your passwords on anything vaguely important once in a while..

Beside our emails and passwords of course ... how bad it could be when the hackers have this "Last-used IP address and registration IP address" , im not an expert or anything but don't the IP change each time we reboot the modem ? Probably not the IP range but well