this doesn't sound good at all.
Literally shitting myself
Topic: Instawallet/Bitcoin-Central Security Breach - page 19. (Read 85341 times)
Literally shitting myself
this doesn't sound good at all.
I just hope that Instawallet has a backup of how many Bitcoins belong to how many people and each URL 
I have only BTC0.012, but that's a lot to me Considering that I'm a faucet loiterer and penny dust collector 
I have only BTC0.012, but that's a lot to me
Considering that I'm a faucet loiterer and penny dust collector Yeah, they put a simple robots.txt.
Seems strange how long it took them to do that. I think it was already a known issue before you reported it
LOL I hope your kidding right? Robots.Txt wasn't the problem ... Google lists your stuff even with robots.txt ban... you have to ban it in webmaster tools ... not via robots.txt ... robots.txt just says "don't spider me" it doesn't say "don't list me"
Google lists your urls regardless of what the robots.txt says.
I would have to say there is as much blame on Google's side as there was at instawallet's... they have people believing that robots.txt ban means don't list the urls... which is not the case at all.
I don't understand any of this robots stuff :/
Basically, was the problem you uncovered something that could see urls then?
I only ever check my instawallet through tor.
I am a little worried at the moment, should I just chill out?
I might be confusing people, but isn't davout behind both instawallet and bitcoin-central, who also "detected a security breach"? https://bitcointalksearch.org/topic/bitcoin-centralnet-say-they-detected-a-security-breach-164132
yep, and instawire.org which disappeared
for a while it was showing an error page with a list of all their directories. saw a lot of ruby gems there not good, anybody remember the insecure gems fiasco a few months ago?
I might be confusing people, but isn't davout behind both instawallet and bitcoin-central, who also "detected a security breach"? https://bitcointalksearch.org/topic/bitcoin-centralnet-say-they-detected-a-security-breach-164132
The maintenance notice is identical. This suggests the same team is running both.
And yes, it IS the same team.
Yeah, they put a simple robots.txt.
Seems strange how long it took them to do that. I think it was already a known issue before you reported it
LOL I hope your kidding right? Robots.Txt wasn't the problem ... Google lists your stuff even with robots.txt ban... you have to ban it in webmaster tools ... not via robots.txt ... robots.txt just says "don't spider me" it doesn't say "don't list me"
Google lists your urls regardless of what the robots.txt says.
I would have to say there is as much blame on Google's side as there was at instawallet's... they have people believing that robots.txt ban means don't list the urls... which is not the case at all.
see under each url there is a "a description not available due to robots.txt" but they still listed the freaking urls.
AFAIK, that's behind the configuration of the robots.txt file. It should be capable of being configured so that the Google bot doesn't even visit the domain
I might be confusing people, but isn't davout behind both instawallet and bitcoin-central, who also "detected a security breach"? https://bitcointalksearch.org/topic/bitcoin-centralnet-say-they-detected-a-security-breach-164132
Yeah, they put a simple robots.txt.
Seems strange how long it took them to do that. I think it was already a known issue before you reported it
LOL I hope your kidding right? Robots.Txt wasn't the problem ... Google lists your stuff even with robots.txt ban... you have to ban it in webmaster tools ... not via robots.txt ... robots.txt just says "don't spider me" it doesn't say "don't list me"
Google lists your urls regardless of what the robots.txt says.
I would have to say there is as much blame on Google's side as there was at instawallet's... they have people believing that robots.txt ban means don't list the urls... which is not the case at all.
see under each url there is a "a description not available due to robots.txt" but they still listed the freaking urls.
I found a security breach in instawallet last week... I fixed it for them... they never tipped me or anything...
https://bitcointalksearch.org/topic/open-letter-to-instawallet-159673
However the bug I found only impacted about 3000 of their clients, what's showing up on that screen is something bigger and most likely unrelated, because mine was just that Google was listing people's wallets.... and they banned it in Google Webmaster tools, so that issue is resolved... that notice though is all sorts of red flags..
https://bitcointalksearch.org/topic/open-letter-to-instawallet-159673
However the bug I found only impacted about 3000 of their clients, what's showing up on that screen is something bigger and most likely unrelated, because mine was just that Google was listing people's wallets.... and they banned it in Google Webmaster tools, so that issue is resolved... that notice though is all sorts of red flags..
Yeah, they put a simple robots.txt.
Seems strange how long it took them to do that. I think it was already a known issue before you reported it
I found a security breach in instawallet last week... I fixed it for them... they never tipped me or anything...
https://bitcointalksearch.org/topic/open-letter-to-instawallet-159673
However the bug I found only impacted about 3000 of their clients and roughly 100 bitcoins max, what's showing up on that screen is something bigger (at least big enough to shut down the whole freaking site) and most likely unrelated, because mine was just that Google was listing people's wallets.... and they banned it in Google Webmaster tools, so that issue is resolved... that notice though is all sorts of red flags..
https://bitcointalksearch.org/topic/open-letter-to-instawallet-159673
However the bug I found only impacted about 3000 of their clients and roughly 100 bitcoins max, what's showing up on that screen is something bigger (at least big enough to shut down the whole freaking site) and most likely unrelated, because mine was just that Google was listing people's wallets.... and they banned it in Google Webmaster tools, so that issue is resolved... that notice though is all sorts of red flags..
Message on their site:
What do you think?
Quote
Down for Maintenance
We have detected a security breach. Services are temporarily suspended until we have thoroughly investigated the situation. We will resume services as soon as possible.
Please do not send funds to your address for the time being.
Stay tuned for further updates, thank you for your understanding.
We have detected a security breach. Services are temporarily suspended until we have thoroughly investigated the situation. We will resume services as soon as possible.
Please do not send funds to your address for the time being.
Stay tuned for further updates, thank you for your understanding.
What do you think?
Jump to: