Pages:
Author

Topic: About the recent server compromise - page 9. (Read 15385 times)

legendary
Activity: 1036
Merit: 1001
/dev/null
May 25, 2015, 11:50:38 AM
#88
15 XAU....how much is that in US Dollars?  If it isn't enough for me I will not tell what I know about the attack.  Hint -- it came from China.  They are trying to counterfeit and steal everything in the world, and it seems like no one tries to stop them.

My password was a single keyboard character repeated 10 times, maybe I should change it?

And no amount of security in the world will stop this if some dumbass at the data center believes what someone on the phone tells him and resets the access password.

1 XAU = ~ 1200USD

rest of post is just bullshit, sorry.
global moderator
Activity: 4018
Merit: 2728
Join the world-leading crypto sportsbook NOW!
hero member
Activity: 955
Merit: 1004
May 25, 2015, 11:46:50 AM
#86
15 XAU....how much is that in US Dollars?  If it isn't enough for me I will not tell what I know about the attack.  Hint -- it came from China.  They are trying to counterfeit and steal everything in the world, and it seems like no one tries to stop them.

My password was a single keyboard character repeated 10 times, maybe I should change it?

And no amount of security in the world will stop this if some dumbass at the data center believes what someone on the phone tells him and resets the access password.
administrator
Activity: 5222
Merit: 13032
May 25, 2015, 11:43:38 AM
#85
If our account still gets compromised, are you still able to revert permissions back with a PGP btc address to confirm user?

Yes. I also have a database snapshot from a little before the attack which I can use to verify people by email if necessary.
sgk
legendary
Activity: 1470
Merit: 1002
!! HODL !!
May 25, 2015, 11:41:20 AM
#84
It is possible the attacker is selling the stolen email address database to spammers to make quick bucks.

ahh, I really don't wanna start any drama. maybe it was just spam in "wrong time" and it is not related at all. just reporting..Smiley

This doesn't look like the average email spam hack to me.

It definitely isn't. The hacker was downloading the complete members table which allows him to compromise many user accounts on this forum as well as other sites.

Selling email addresses might be a side income for him with no extra effort until he brute-forces the passwords.
legendary
Activity: 2072
Merit: 1049
┴puoʎǝq ʞool┴
May 25, 2015, 11:39:14 AM
#83
Hey guys!

One more thing: DON'T FORGET TO CHECK YOUR WALLET ADDRESS, TOO!!! IN YOUR PROFILE.

This is most important for users already participating in campaigns (FOR AUTOMATED PAID campaigns like bitmixer etc)

Hacker would easily check the participants accounts and just change the payment address to his own, in order to receive the payments.

 Wink

A hacker after small change.  Grin
Good joke. Smiley

Over 5 BTC a week wouldn't be that tiny.
legendary
Activity: 1666
Merit: 1185
dogiecoin.com
May 25, 2015, 11:38:10 AM
#82
Glad that it's back, but as previously said it's fairly unacceptable that a forum with such a security aura can still be compromised by attackers.
When will the new forum be happening? It's been in speculation for at least a year, if not longer now. It cannot take this long to code a forum software.

Yeah, DDOS you out of digital existence.
Do you think that they would bother? Surely to take down as many people as it would be worth here it would take more resources than what the attacker could get back.

Yes because a) people are malicious and b) it costs them nothing. There are plenty of "stress test your website" sites that use botnets to do evil things when asked to, either for free or a small fee. The attacker gets nothing other than "winning" the argument.
copper member
Activity: 2310
Merit: 1032
May 25, 2015, 11:37:30 AM
#81
Thanks for the info,

If our account still gets compromised, are you still able to revert permissions back with a PGP btc address to confirm user?
legendary
Activity: 1274
Merit: 1000
Personal text my ass....
May 25, 2015, 11:36:55 AM
#80
Why can't 1.5 million USD donated in bitcoin protect this forum from attack?
Is there any proof that the entire 1.5 million went into this forum & not into theymos' Carribean Island retirement pot?
Wallet transactions etc?

There is actually , here is his wallet as far as I know : https://blockchain.info/address/1M4yNbSCwSMFLF9BaLqzoo2to1WHtZrPke
Source is from here , those are people who are helding the money of the forum (which is not out yet ) : https://bitcointalksearch.org/topic/forum-funds-155000

@Theymos , thanks for your hard work .. a question tho ... if we don't change password and that password isn't the same as our email adresses then we should be good right ? just curious i will change my pass anyway

That's just one donation wallet. It was supposed to be spread around last year when bitcoin was really high. So you may want to at least triple that number. 6 million dollars in donations. Although we will never know the true numbers. He just happen to be at the right place, right time. BAM and people donated like crazy to keep the site up. I'm not complaining, because I donated myself (knowing the forum had millions of dollars) but really thought security and features, and updates would be top priority here. You can have the sweetest forum running on the Internet. I say try out discourse.
staff
Activity: 2454
Merit: 1617
Crypto Swap Exchange
May 25, 2015, 11:34:15 AM
#79

Thanks for the info, but don't you think it is time you really take some of those donations and upgrade this forum software? There are quite a few new styles out there that are really nice. This pretty much static version has been around and looked the same since it was installed. And last year when there was a thread about how you had so much bitcoin worth millions of dollars I think it was, you wanted other user's to hold on to it in case some of it was lost. Why can't you take some of those donations, build a brand new dedicated box, hire one of the best programmers you can find and get this forum software out of the dark ages?

This is exactly what theymos is doing right now. Not sure why you haven't notice it, but we're currently developing a brand new forum software with the best programmers since 2014. There is a dedicated subforum for the new forum software https://bitcointalk.org/index.php?board=167.0
You can also check out the progress on Github https://github.com/epochtalk/epochtalk
global moderator
Activity: 4018
Merit: 2728
Join the world-leading crypto sportsbook NOW!
May 25, 2015, 11:33:18 AM
#78
Thanks for the info, but don't you think it is time you really take some of those donations and upgrade this forum software? There are quite a few new styles out there that are really nice. This pretty much static version has been around and looked the same since it was installed. And last year when there was a thread about how you had so much bitcoin worth millions of dollars I think it was, you wanted other user's to hold on to it in case some of it was lost. Why can't you take some of those donations, build a brand new dedicated box, hire one of the best programmers you can find and get this forum software out of the dark ages?



It's almost complete and is being tested now. There's a subforum for the discussion of it: https://bitcointalk.org/index.php?board=167.0
legendary
Activity: 910
Merit: 1000
May 25, 2015, 11:32:52 AM
#77
Hey guys!

One more thing: DON'T FORGET TO CHECK YOUR WALLET ADDRESS, TOO!!! IN YOUR PROFILE.

This is most important for users already participating in campaigns (FOR AUTOMATED PAID campaigns like bitmixer etc)

Hacker would easily check the participants accounts and just change the payment address to his own, in order to receive the payments.

 Wink

A hacker after small change.  Grin
Good joke. Smiley

I am sure you just checked yours  Grin

Seriously, i agree it's just small change for someone to get in all this trouble just to steal some coins, but on the other hand, how many campaigns & participants are in total? So it might not be just changes.

hero member
Activity: 700
Merit: 500
If you think you know me.. Think again
May 25, 2015, 11:32:37 AM
#76
wait a minute .

lopaz???

thats a player of World of Warcraft. you should look into that

if anyone who has the admin login and password has been in WoW recently make sure someone did not install a keylogger or a backdoor in your computer and was able to get the log in and password or some way to perform the attack.

also it is impossible that the forum is so at risk considering the number of times i have seen it down or been attacked. it is becoming a joke now.

you should accelerate into the new forum with more security rather than leaning over this one. the new forum was announced for a while now.
sr. member
Activity: 319
Merit: 251
May 25, 2015, 11:29:35 AM
#75
I just changed mine: 01100110 01110101 01100011 01101011 01111001 01101111 01110101 01110011 01110000 01100001 01101101 01101101 01100101 01110010
legendary
Activity: 1582
Merit: 1064
May 25, 2015, 11:28:58 AM
#74
Hey guys!

One more thing: DON'T FORGET TO CHECK YOUR WALLET ADDRESS, TOO!!! IN YOUR PROFILE.

This is most important for users already participating in campaigns (FOR AUTOMATED PAID campaigns like bitmixer etc)

Hacker would easily check the participants accounts and just change the payment address to his own, in order to receive the payments.

 Wink

A hacker after small change.  Grin
Good joke. Smiley
legendary
Activity: 910
Merit: 1000
May 25, 2015, 11:25:47 AM
#73
Hey guys!

One more thing: DON'T FORGET TO CHECK YOUR WALLET ADDRESS, TOO!!! IN YOUR PROFILE.

This is most important for users already participating in campaigns (FOR AUTOMATED PAID campaigns like bitmixer etc)

Hacker would easily check the participants accounts and just change the payment address to his own, in order to receive the payments.

 Wink
hero member
Activity: 854
Merit: 503
Legendary trader
May 25, 2015, 11:22:02 AM
#72
Fucking hackers Angry
legendary
Activity: 1582
Merit: 1064
May 25, 2015, 11:21:27 AM
#71
I guess the password changes which were done yesterday (when the forum cane online for a few hours) were reverted back, cause I changed my password yesterday but I had to use my previous password to login today. Idk why was it done.


Yup, you will have to change it again.


If you changed your password in the short time when the forum was online a little over a day ago, the change didn't stick. You'll have to change it again.
administrator
Activity: 5222
Merit: 13032
May 25, 2015, 11:20:02 AM
#70
I guess the password changes which were done yesterday (when the forum cane online for a few hours) were reverted back, cause I changed my password yesterday but I had to use my previous password to login today. Idk why was it done.

Right, you should change your password again.

Also, is it just me or the forum looks plain to everyone? Like I am not able to identify what has changed by the layout looks a bit flat.

Your eyes got used to looking at other websites besides this one.
legendary
Activity: 1274
Merit: 1000
Personal text my ass....
May 25, 2015, 11:19:41 AM
#69
Pages:
Jump to: