Pages:
Author

Topic: Info about the recent attack - page 11. (Read 52589 times)

hero member
Activity: 686
Merit: 564
September 11, 2011, 04:54:38 AM
#54
How to keep abreast of security vulnerabilities in SMF 1.1.14 - From there you should be able to click your way to discovering less known vulnerabilities. Also, a tip: Check your plugins for holes.
Ah, so you can't actually point to any then? I even Googled for this specific vulnerability when I noticed theymos's post about it - nada.

(It looks like SMF 2.0 probably doesn't have this vulnerability due to a much-needed restructuring of how they handle the database, but I'm not sure I'd trust it to be secure; whoever rewrote SMF should've spotted there was something fishy about the existing code if they were security-conscious.)
legendary
Activity: 1050
Merit: 1000
You are WRONG!
September 11, 2011, 04:10:13 AM
#53
you did say that he paid, right?

are you able to trace his payment back to an account on some of the exchanges?

He paid to 1JadERuRgxMgrNcpCPmG35wbYkb7d6jZkw.
then can you have some of the exchanges to check, who cashed out to that address.
or trace it back to when the coins last come in contact with an exchange.

make a list of involved addresses, and then check them.

you could get an account/address(real world) of the attacker.
member
Activity: 98
Merit: 10
September 11, 2011, 04:06:24 AM
#52
I'm done with this bullshit. Every month my password is leaked by fail bitcoin sites and their shit security.

Yes, I use different passwords for each site. I don't give a flying fuck.

This is unacceptable,
bye
sr. member
Activity: 280
Merit: 250
September 11, 2011, 04:05:28 AM
#51
you can go hunter2 my hunter2-ing hunter2!
administrator
Activity: 5222
Merit: 13032
September 11, 2011, 04:01:10 AM
#50
you did say that he paid, right?

are you able to trace his payment back to an account on some of the exchanges?

He paid to 1JadERuRgxMgrNcpCPmG35wbYkb7d6jZkw.
hero member
Activity: 574
Merit: 513
September 11, 2011, 03:49:14 AM
#49
I cannot recall where I read it, but I think theymos (was it someone else?) mentioned that only a few bitcoin community members were contacted by email regarding volunteers for hosting the forum.  Is it possible to shed some light on the people that were contacted so the community knows who were the only people that had opportunity to volunteer to host the forum?
legendary
Activity: 1050
Merit: 1000
You are WRONG!
September 11, 2011, 03:46:24 AM
#48
you did say that he paid, right?

are you able to trace his payment back to an account on some of the exchanges?
hero member
Activity: 770
Merit: 502
September 11, 2011, 03:39:54 AM
#47
Valid question.

theymos, did they have access to our IP's connected to our user accounts by any chance?
As admin, they would have access to all, including that.

omy. Well, for the hell of it, I've taken the listed IP's in OP, did whois, got the IP ranges and popped them in my blockzones of my firewall.
sr. member
Activity: 308
Merit: 258
September 11, 2011, 03:33:34 AM
#46
Valid question.

theymos, did they have access to our IP's connected to our user accounts by any chance?
As admin, they would have access to all, including that.
hero member
Activity: 770
Merit: 502
September 11, 2011, 03:13:25 AM
#45
Valid question.

theymos, did they have access to our IP's connected to our user accounts by any chance?
administrator
Activity: 5222
Merit: 13032
September 11, 2011, 03:12:44 AM
#44
Where can i find more information on what exactly is in the way of upgrading to 2.somthing?

I need updated versions of these mods (some of them might already exist or be covered by the new core):
Custom Profile Field Mod
Edit_Display_Name_Permission
Ignore Boards
Prevent Adding Signature Images And Links
Ignore user

There are also two major custom modifications:
- Membergroup membership based on time online as well as posts
- Advanced CAPTCHAs

I'd also like to use the same theme we have now.

I'd really prefer to move to some other forum software rather than upgrade, though. SMF is not well-written.
hero member
Activity: 616
Merit: 500
Firstbits.com/1fg4i :)
September 11, 2011, 02:55:58 AM
#43
Where can i find more information on what exactly is in the way of upgrading to 2.somthing?
hero member
Activity: 812
Merit: 1022
No Maps for These Territories
September 11, 2011, 02:52:16 AM
#42
He is providing free hosting. He is not "taking over Bitcointalk". In that IRC excerpt I even say that Sirius will retain control of the DNS.
Please please please tell him to not host this forum on any server even close to a server for the trading site. I'd hate to see it used as an attack vector.
full member
Activity: 154
Merit: 100
September 11, 2011, 02:52:01 AM
#41
Any admin hosting a site which deals with discussions of a financial nature who couldn't even be bothered to upgrade along the 1.1.xx path (yet alone switch to v.2) should hang their head in shame.

What are you talking about? This is the latest upgrade in the 1.1.xx path.
Sorry, I stand corrected. Weren't you running 1.1.13 until very recently? I still stand by the other points raised though.
Quote
I am not aware of any other vulnerabilities. If vulnerabilities exist, report them to me and I will take the forum down until they are fixed.
How to keep abreast of security vulnerabilities in SMF 1.1.14 - From there you should be able to click your way to discovering less known vulnerabilities. Also, a tip: Check your plugins for holes.

If you need any further help, I normally charge £200ph an hour for IT consultancy, though I've never worked on any site which has ever used SMF. PM me if you are interested and I will forward you my wallet info.
donator
Activity: 2772
Merit: 1019
September 11, 2011, 02:42:14 AM
#40
Also, it took you a while to recover.

I'm sure you could've done it much faster and you would run such a site much more securely than theymos.
I'm also sure you'd gladly give up your weekend for no money to recover from a hack.
And I'm also pretty sure you would easily take a bashing from 11-post-know-it-alls without whining.

Thanks to theymos, sirius and whoever else helped in recovery and running the site. I hope you'll keep the forums up in the future. You're doing a great job! Thanks for the transparency, too.
hero member
Activity: 616
Merit: 500
Firstbits.com/1fg4i :)
September 11, 2011, 02:37:08 AM
#39
Though if the intention was to steal data, the defacement stuff would be a dumb move, if they stayed hidden they could have stole shit for much longer.
administrator
Activity: 5222
Merit: 13032
September 11, 2011, 02:35:43 AM
#38
Any admin hosting a site which deals with discussions of a financial nature who couldn't even be bothered to upgrade along the 1.1.xx path (yet alone switch to v.2) should hang their head in shame.

What are you talking about? This is the latest upgrade in the 1.1.xx path.

I am not aware of any other vulnerabilities. If vulnerabilities exist, report them to me and I will take the forum down until they are fixed.
hero member
Activity: 731
Merit: 503
Libertas a calumnia
September 11, 2011, 02:34:37 AM
#37
thanks for the info, theymos. please continue to keep things as transparent as possible.
+1
administrator
Activity: 5222
Merit: 13032
September 11, 2011, 02:33:08 AM
#36
If he could run arbitrary PHP code, maybe it's not just the hashes he collected... He might have also injected some code BEFORE hashing, thus gaining plaintext. I don't know all the hack details, but does it sound possible to you?

It is possible.
full member
Activity: 154
Merit: 100
September 11, 2011, 02:32:59 AM
#35
The vulnerabilities in 1.1.14 have been known for a LONG time. You can hardly call what SA did a 0-day exploit. While 1.1.14 might still be 'supported', it is full of security holes. The admins of this site have been aware of these vulnerabilities for a while, as quite a few people (myself included) have pointed out the dangers of using 1.1.14.

Any admin hosting a site which deals with discussions of a financial nature who couldn't even be bothered to upgrade along the 1.1.xx path (yet alone switch to v.2) should hang their head in shame.

As for giving the database, including all PM's, and also the hosting of the site to the owner of the largest bitcoin exchange, I'm gobsmacked.

I took my $$$'s and BTC's out of Mt:Gox at the time when Bruce was visiting their company. I stopped trusting Mt:Gox when MagicalTux was white-knighting Bruce, refusing to address the evidence that was being provided (not the rumours I might add, just the evidence), and for allowing a convicted fraudster into his company's HQ. After this silent take-over of the forums, I trust Mt:Gox as much as I trust PayPal.

I have my $$$'s in my account now, and my BTC's are sitting in an offline USB stick in the gamble that they will be worth something after all this shit settles down. I'm sitting this one out.
Pages:
Jump to: