About the recent server compromise - page 9.

Xialla

legendary

Activity: 1036

Merit: 1000

/dev/null

Quote from: timk225 on May 25, 2015, 12:46:50 PM

15 XAU....how much is that in US Dollars? If it isn't enough for me I will not tell what I know about the attack. Hint -- it came from China. They are trying to counterfeit and steal everything in the world, and it seems like no one tries to stop them.

My password was a single keyboard character repeated 10 times, maybe I should change it?

And no amount of security in the world will stop this if some dumbass at the data center believes what someone on the phone tells him and resets the access password.

1 XAU = ~ 1200USD

rest of post is just bullshit, sorry.

hilariousandco

global moderator

Activity: 3794

Merit: 2615

Join the world-leading crypto sportsbook NOW!

Quote from: timk225 on May 25, 2015, 12:46:50 PM

15 XAU....how much is that in US Dollars?

http://www.xe.com/currency/xau-gold-ounce

timk225

hero member

Activity: 955

Merit: 1004

15 XAU....how much is that in US Dollars? If it isn't enough for me I will not tell what I know about the attack. Hint -- it came from China. They are trying to counterfeit and steal everything in the world, and it seems like no one tries to stop them.

My password was a single keyboard character repeated 10 times, maybe I should change it?

And no amount of security in the world will stop this if some dumbass at the data center believes what someone on the phone tells him and resets the access password.

theymos

administrator

Activity: 5166

Merit: 12850

Quote from: squall1066 on May 25, 2015, 12:37:30 PM

If our account still gets compromised, are you still able to revert permissions back with a PGP btc address to confirm user?

Yes. I also have a database snapshot from a little before the attack which I can use to verify people by email if necessary.

sgk

legendary

Activity: 1470

Merit: 1002

!! HODL !!

Quote from: AGD on May 25, 2015, 12:13:37 PM

Quote from: Xialla on May 25, 2015, 12:03:42 PM

Quote from: sgk on May 25, 2015, 12:00:53 PM

It is possible the attacker is selling the stolen email address database to spammers to make quick bucks.

ahh, I really don't wanna start any drama. maybe it was just spam in "wrong time" and it is not related at all. just reporting..

This doesn't look like the average email spam hack to me.

It definitely isn't. The hacker was downloading the complete members table which allows him to compromise many user accounts on this forum as well as other sites.

Selling email addresses might be a side income for him with no extra effort until he brute-forces the passwords.

marcotheminer

legendary

Activity: 2072

Merit: 1049

┴puoʎǝq ʞool┴

Quote from: botany on May 25, 2015, 12:28:58 PM

Quote from: locopao on May 25, 2015, 12:25:47 PM

Hey guys!

One more thing: DON'T FORGET TO CHECK YOUR WALLET ADDRESS, TOO!!! IN YOUR PROFILE.

This is most important for users already participating in campaigns (FOR AUTOMATED PAID campaigns like bitmixer etc)

Hacker would easily check the participants accounts and just change the payment address to his own, in order to receive the payments.

Wink

A hacker after small change. Grin

Good joke.

Over 5 BTC a week wouldn't be that tiny.

dogie

legendary

Activity: 1666

Merit: 1183

dogiecoin.com

Quote from: minifrij on May 25, 2015, 12:05:47 PM

Glad that it's back, but as previously said it's fairly unacceptable that a forum with such a security aura can still be compromised by attackers.
When will the new forum be happening? It's been in speculation for at least a year, if not longer now. It cannot take this long to code a forum software.

Quote from: dogie on May 25, 2015, 12:01:40 PM

Yeah, DDOS you out of digital existence.

Do you think that they would bother? Surely to take down as many people as it would be worth here it would take more resources than what the attacker could get back.

Yes because a) people are malicious and b) it costs them nothing. There are plenty of "stress test your website" sites that use botnets to do evil things when asked to, either for free or a small fee. The attacker gets nothing other than "winning" the argument.

squall1066

copper member

Activity: 2310

Merit: 1032

Thanks for the info,

If our account still gets compromised, are you still able to revert permissions back with a PGP btc address to confirm user?

opentoe

legendary

Activity: 1274

Merit: 1000

Personal text my ass....

Quote from: RappelzReborn on May 25, 2015, 11:26:27 AM

Quote from: LFC_Bitcoin on May 25, 2015, 11:09:57 AM

Why can't 1.5 million USD donated in bitcoin protect this forum from attack?
Is there any proof that the entire 1.5 million went into this forum & not into theymos' Carribean Island retirement pot?
Wallet transactions etc?

There is actually , here is his wallet as far as I know : https://blockchain.info/address/1M4yNbSCwSMFLF9BaLqzoo2to1WHtZrPke
Source is from here , those are people who are helding the money of the forum (which is not out yet ) : https://bitcointalksearch.org/topic/forum-funds-155000

@Theymos , thanks for your hard work .. a question tho ... if we don't change password and that password isn't the same as our email adresses then we should be good right ? just curious i will change my pass anyway

That's just one donation wallet. It was supposed to be spread around last year when bitcoin was really high. So you may want to at least triple that number. 6 million dollars in donations. Although we will never know the true numbers. He just happen to be at the right place, right time. BAM and people donated like crazy to keep the site up. I'm not complaining, because I donated myself (knowing the forum had millions of dollars) but really thought security and features, and updates would be top priority here. You can have the sweetest forum running on the Internet. I say try out discourse.

dbshck

staff

Activity: 2440

Merit: 1616

Crypto Swap Exchange

Quote from: opentoe on May 25, 2015, 12:19:41 PM

Thanks for the info, but don't you think it is time you really take some of those donations and upgrade this forum software? There are quite a few new styles out there that are really nice. This pretty much static version has been around and looked the same since it was installed. And last year when there was a thread about how you had so much bitcoin worth millions of dollars I think it was, you wanted other user's to hold on to it in case some of it was lost. Why can't you take some of those donations, build a brand new dedicated box, hire one of the best programmers you can find and get this forum software out of the dark ages?

This is exactly what theymos is doing right now. Not sure why you haven't notice it, but we're currently developing a brand new forum software with the best programmers since 2014. There is a dedicated subforum for the new forum software https://bitcointalk.org/index.php?board=167.0
You can also check out the progress on Github https://github.com/epochtalk/epochtalk

hilariousandco

global moderator

Activity: 3794

Merit: 2615

Join the world-leading crypto sportsbook NOW!

Quote from: opentoe on May 25, 2015, 12:19:41 PM

Thanks for the info, but don't you think it is time you really take some of those donations and upgrade this forum software? There are quite a few new styles out there that are really nice. This pretty much static version has been around and looked the same since it was installed. And last year when there was a thread about how you had so much bitcoin worth millions of dollars I think it was, you wanted other user's to hold on to it in case some of it was lost. Why can't you take some of those donations, build a brand new dedicated box, hire one of the best programmers you can find and get this forum software out of the dark ages?

It's almost complete and is being tested now. There's a subforum for the discussion of it: https://bitcointalk.org/index.php?board=167.0

locopao

legendary

Activity: 910

Merit: 1000

Quote from: botany on May 25, 2015, 12:28:58 PM

Quote from: locopao on May 25, 2015, 12:25:47 PM

Hey guys!

One more thing: DON'T FORGET TO CHECK YOUR WALLET ADDRESS, TOO!!! IN YOUR PROFILE.

This is most important for users already participating in campaigns (FOR AUTOMATED PAID campaigns like bitmixer etc)

Hacker would easily check the participants accounts and just change the payment address to his own, in order to receive the payments.

Wink

A hacker after small change. Grin

Good joke.

I am sure you just checked yours Grin

Seriously, i agree it's just small change for someone to get in all this trouble just to steal some coins, but on the other hand, how many campaigns & participants are in total? So it might not be just changes.

nor9865

hero member

Activity: 700

Merit: 500

If you think you know me.. Think again

wait a minute .

lopaz???

thats a player of World of Warcraft. you should look into that

if anyone who has the admin login and password has been in WoW recently make sure someone did not install a keylogger or a backdoor in your computer and was able to get the log in and password or some way to perform the attack.

also it is impossible that the forum is so at risk considering the number of times i have seen it down or been attacked. it is becoming a joke now.

you should accelerate into the new forum with more security rather than leaning over this one. the new forum was announced for a while now.

TheTommyD

sr. member

Activity: 319

Merit: 251

I just changed mine: 01100110 01110101 01100011 01101011 01111001 01101111 01110101 01110011 01110000 01100001 01101101 01101101 01100101 01110010

botany

legendary

Activity: 1582

Merit: 1064

Quote from: locopao on May 25, 2015, 12:25:47 PM

Hey guys!

One more thing: DON'T FORGET TO CHECK YOUR WALLET ADDRESS, TOO!!! IN YOUR PROFILE.

This is most important for users already participating in campaigns (FOR AUTOMATED PAID campaigns like bitmixer etc)

Hacker would easily check the participants accounts and just change the payment address to his own, in order to receive the payments.

Wink

A hacker after small change. Grin

Good joke.

locopao

legendary

Activity: 910

Merit: 1000

Hey guys!

One more thing: DON'T FORGET TO CHECK YOUR WALLET ADDRESS, TOO!!! IN YOUR PROFILE.

This is most important for users already participating in campaigns (FOR AUTOMATED PAID campaigns like bitmixer etc)

Hacker would easily check the participants accounts and just change the payment address to his own, in order to receive the payments.

Wink

Morecoin Freeman

hero member

Activity: 854

Merit: 503

Legendary trader

Fucking hackers Angry

botany

legendary

Activity: 1582

Merit: 1064

Quote from: thebitcoinquiz.com on May 25, 2015, 12:18:25 PM

I guess the password changes which were done yesterday (when the forum cane online for a few hours) were reverted back, cause I changed my password yesterday but I had to use my previous password to login today. Idk why was it done.

Yup, you will have to change it again.

Quote from: theymos on May 25, 2015, 10:39:49 AM

If you changed your password in the short time when the forum was online a little over a day ago, the change didn't stick. You'll have to change it again.

theymos

administrator

Activity: 5166

Merit: 12850

Quote from: thebitcoinquiz.com on May 25, 2015, 12:18:25 PM

I guess the password changes which were done yesterday (when the forum cane online for a few hours) were reverted back, cause I changed my password yesterday but I had to use my previous password to login today. Idk why was it done.

Right, you should change your password again.

Quote from: thebitcoinquiz.com on May 25, 2015, 12:18:25 PM

Also, is it just me or the forum looks plain to everyone? Like I am not able to identify what has changed by the layout looks a bit flat.

Your eyes got used to looking at other websites besides this one.

opentoe

legendary

Activity: 1274

Merit: 1000

Personal text my ass....

Topic: About the recent server compromise - page 9. (Read 15325 times)