Pages:
Author

Topic: Instawallet/Bitcoin-Central Security Breach - page 19. (Read 85341 times)

hero member
Activity: 756
Merit: 1000
this doesn't sound good at all.


Literally shitting myself
donator
Activity: 2772
Merit: 1019
this doesn't sound good at all.
legendary
Activity: 1008
Merit: 1000
I just hope that Instawallet has a backup of how many Bitcoins belong to how many people and each URL Tongue
I have only BTC0.012, but that's a lot to me Tongue Considering that I'm a faucet loiterer and penny dust collector Cheesy
hero member
Activity: 756
Merit: 1000

Yeah, they put a simple robots.txt.
Seems strange how long it took them to do that. I think it was already a known issue before you reported it Smiley

LOL I hope your kidding right?  Robots.Txt wasn't the problem ...    Google lists your stuff even with robots.txt ban...  you have to ban it in webmaster tools ... not via robots.txt ... robots.txt just says "don't spider me"  it doesn't say "don't list me"

Google lists your urls regardless of what the robots.txt says.

I would have to say there is as much blame on Google's side as there was at instawallet's... they have people believing that robots.txt ban means don't list the urls... which is not the case at all.





I don't understand any of this robots stuff :/

Basically, was the problem you uncovered something that could see urls then?

I only ever check my instawallet through tor.

I am a little worried at the moment, should I just chill out?
hero member
Activity: 899
Merit: 1002
I might be confusing people, but isn't davout behind both instawallet and bitcoin-central, who also "detected a security breach"? https://bitcointalksearch.org/topic/bitcoin-centralnet-say-they-detected-a-security-breach-164132


yep, and instawire.org which disappeared
for a while it was showing an error page with a list of all their directories. saw a lot of ruby gems there not good, anybody remember the insecure gems fiasco a few months ago?
legendary
Activity: 1008
Merit: 1000
I might be confusing people, but isn't davout behind both instawallet and bitcoin-central, who also "detected a security breach"? https://bitcointalksearch.org/topic/bitcoin-centralnet-say-they-detected-a-security-breach-164132


The maintenance notice is identical. This suggests the same team is running both.

And yes, it IS the same team.
legendary
Activity: 1008
Merit: 1000

Yeah, they put a simple robots.txt.
Seems strange how long it took them to do that. I think it was already a known issue before you reported it Smiley

LOL I hope your kidding right?  Robots.Txt wasn't the problem ...    Google lists your stuff even with robots.txt ban...  you have to ban it in webmaster tools ... not via robots.txt ... robots.txt just says "don't spider me"  it doesn't say "don't list me"

Google lists your urls regardless of what the robots.txt says.

I would have to say there is as much blame on Google's side as there was at instawallet's... they have people believing that robots.txt ban means don't list the urls... which is not the case at all.

see under each url there is a "a description not available due to robots.txt"  but they still listed the freaking urls.







AFAIK, that's behind the configuration of the robots.txt file. It should be capable of being configured so that the Google bot doesn't even visit the domain Tongue
donator
Activity: 2772
Merit: 1019
I might be confusing people, but isn't davout behind both instawallet and bitcoin-central, who also "detected a security breach"? https://bitcointalksearch.org/topic/bitcoin-centralnet-say-they-detected-a-security-breach-164132
sr. member
Activity: 448
Merit: 251
Bitcoin

Yeah, they put a simple robots.txt.
Seems strange how long it took them to do that. I think it was already a known issue before you reported it Smiley

LOL I hope your kidding right?  Robots.Txt wasn't the problem ...    Google lists your stuff even with robots.txt ban...  you have to ban it in webmaster tools ... not via robots.txt ... robots.txt just says "don't spider me"  it doesn't say "don't list me"

Google lists your urls regardless of what the robots.txt says.

I would have to say there is as much blame on Google's side as there was at instawallet's... they have people believing that robots.txt ban means don't list the urls... which is not the case at all.

see under each url there is a "a description not available due to robots.txt"  but they still listed the freaking urls.





legendary
Activity: 1008
Merit: 1000
I found a security breach in instawallet last week...  I fixed it for them... they never tipped me or anything...

https://bitcointalksearch.org/topic/open-letter-to-instawallet-159673

However the bug I found only impacted about 3000 of their clients,  what's showing up on that screen is something bigger and most likely unrelated,  because mine was just that Google was listing people's wallets....  and they banned it in Google Webmaster tools, so that issue is resolved...   that notice though is all sorts of red flags..

Yeah, they put a simple robots.txt.
Seems strange how long it took them to do that. I think it was already a known issue before you reported it Smiley
sr. member
Activity: 448
Merit: 251
Bitcoin
I found a security breach in instawallet last week...  I fixed it for them... they never tipped me or anything...

https://bitcointalksearch.org/topic/open-letter-to-instawallet-159673

However the bug I found only impacted about 3000 of their clients and roughly 100 bitcoins max,  what's showing up on that screen is something bigger (at least big enough to shut down the whole freaking site)  and most likely unrelated,  because mine was just that Google was listing people's wallets....  and they banned it in Google Webmaster tools, so that issue is resolved...   that notice though is all sorts of red flags..







legendary
Activity: 1008
Merit: 1000
Message on their site:

Quote
Down for Maintenance
We have detected a security breach. Services are temporarily suspended until we have thoroughly investigated the situation. We will resume services as soon as possible.

Please do not send funds to your address for the time being.

Stay tuned for further updates, thank you for your understanding.

What do you think?
Pages:
Jump to: