Topic: Info about the recent attack - page 11. (Read 52589 times)

Ah, so you can't actually point to any then? I even Googled for this specific vulnerability when I noticed theymos's post about it - nada.

(It looks like SMF 2.0 probably doesn't have this vulnerability due to a much-needed restructuring of how they handle the database, but I'm not sure I'd trust it to be secure; whoever rewrote SMF should've spotted there was something fishy about the existing code if they were security-conscious.)

then can you have some of the exchanges to check, who cashed out to that address.
or trace it back to when the coins last come in contact with an exchange.

make a list of involved addresses, and then check them.

you could get an account/address(real world) of the attacker.

I'm done with this bullshit. Every month my password is leaked by fail bitcoin sites and their shit security.

Yes, I use different passwords for each site. I don't give a flying fuck.

This is unacceptable,
bye

you can go hunter2 my hunter2-ing hunter2!

He paid to 1JadERuRgxMgrNcpCPmG35wbYkb7d6jZkw.

I cannot recall where I read it, but I think theymos (was it someone else?) mentioned that only a few bitcoin community members were contacted by email regarding volunteers for hosting the forum.  Is it possible to shed some light on the people that were contacted so the community knows who were the only people that had opportunity to volunteer to host the forum?

you did say that he paid, right?

are you able to trace his payment back to an account on some of the exchanges?

omy. Well, for the hell of it, I've taken the listed IP's in OP, did whois, got the IP ranges and popped them in my blockzones of my firewall.

As admin, they would have access to all, including that.

Valid question.

theymos, did they have access to our IP's connected to our user accounts by any chance?

I need updated versions of these mods (some of them might already exist or be covered by the new core):
Custom Profile Field Mod
Edit_Display_Name_Permission
Ignore Boards
Prevent Adding Signature Images And Links
Ignore user

There are also two major custom modifications:
- Membergroup membership based on time online as well as posts
- Advanced CAPTCHAs

I'd also like to use the same theme we have now.

I'd really prefer to move to some other forum software rather than upgrade, though. SMF is not well-written.

Where can i find more information on what exactly is in the way of upgrading to 2.somthing?

Please please please tell him to not host this forum on any server even close to a server for the trading site. I'd hate to see it used as an attack vector.

Sorry, I stand corrected. Weren't you running 1.1.13 until very recently? I still stand by the other points raised though.
How to keep abreast of security vulnerabilities in SMF 1.1.14 - From there you should be able to click your way to discovering less known vulnerabilities. Also, a tip: Check your plugins for holes.

If you need any further help, I normally charge £200ph an hour for IT consultancy, though I've never worked on any site which has ever used SMF. PM me if you are interested and I will forward you my wallet info.

I'm sure you could've done it much faster and you would run such a site much more securely than theymos.
I'm also sure you'd gladly give up your weekend for no money to recover from a hack.
And I'm also pretty sure you would easily take a bashing from 11-post-know-it-alls without whining.

Thanks to theymos, sirius and whoever else helped in recovery and running the site. I hope you'll keep the forums up in the future. You're doing a great job! Thanks for the transparency, too.

Though if the intention was to steal data, the defacement stuff would be a dumb move, if they stayed hidden they could have stole shit for much longer.

What are you talking about? This is the latest upgrade in the 1.1.xx path.

I am not aware of any other vulnerabilities. If vulnerabilities exist, report them to me and I will take the forum down until they are fixed.

+1

It is possible.

The vulnerabilities in 1.1.14 have been known for a LONG time. You can hardly call what SA did a 0-day exploit. While 1.1.14 might still be 'supported', it is full of security holes. The admins of this site have been aware of these vulnerabilities for a while, as quite a few people (myself included) have pointed out the dangers of using 1.1.14.

Any admin hosting a site which deals with discussions of a financial nature who couldn't even be bothered to upgrade along the 1.1.xx path (yet alone switch to v.2) should hang their head in shame.

As for giving the database, including all PM's, and also the hosting of the site to the owner of the largest bitcoin exchange, I'm gobsmacked.

I took my $$$'s and BTC's out of Mt:Gox at the time when Bruce was visiting their company. I stopped trusting Mt:Gox when MagicalTux was white-knighting Bruce, refusing to address the evidence that was being provided (not the rumours I might add, just the evidence), and for allowing a convicted fraudster into his company's HQ. After this silent take-over of the forums, I trust Mt:Gox as much as I trust PayPal.

I have my $$$'s in my account now, and my BTC's are sitting in an offline USB stick in the gamble that they will be worth something after all this shit settles down. I'm sitting this one out.