Pages:
Author

Topic: LocalBitCoins.Com Site Down? - page 2. (Read 3995 times)

donator
Activity: 1617
Merit: 1012
May 03, 2014, 05:50:56 PM
#11
A reasonable encryption strategy is to be able to decrypt with a password of at least 12 (more like 15 - 20) characters for access that lasts a few minutes, or a much longer password (40 characters or more) for access that lasts an hour or two.  If we assume that the hacker grabbed a copy of enough information to be able to start an exhaustive search for the password, LBC knows how long we can expect his search to go on before he finds it.

If his search is ever successful, what data will be compromised?

Is there a list of BTC addresses that LBC can provide to miners, asking them to filter out transactions from them until further notice?

A protocol for that kind of lock would be nice. I would honor it if I were mining. Just a simple request "please lock this BTC addy until further notice," signed with the address would do. It could be broadcast in any transaction and thereby get to all miners.

Ahh, of course if it could be unlocked with a signature from the same address, it would be kind of useless.  But suppose it had to be unlocked with a signature from the same address that locked it?  So the attacker would need that external address' private key too.
Hopefully they used a tiered architecture and kept most of their important data on different servers than the web server. They did say they kept their wallets on a different server, so I would hope that they kept their transactional systems and databases on a separate non-internet facing server as well. The web server is usually the first point of that is attacked, so you shouldn't be keeping anything there except the web programs to render and display the web pages and maybe some transient data.
sr. member
Activity: 444
Merit: 250
I prefer evolution to revolution.
May 03, 2014, 05:21:37 PM
#10
A reasonable encryption strategy is to be able to decrypt with a password of at least 12 (more like 15 - 20) characters for access that lasts a few minutes, or a much longer password (40 characters or more) for access that lasts an hour or two.  If we assume that the hacker grabbed a copy of enough information to be able to start an exhaustive search for the password, LBC knows how long we can expect his search to go on before he finds it.

If his search is ever successful, what data will be compromised?

Is there a list of BTC addresses that LBC can provide to miners, asking them to filter out transactions from them until further notice?

A protocol for that kind of lock would be nice. I would honor it if I were mining. Just a simple request "please lock this BTC addy until further notice," signed with the address would do. It could be broadcast in any transaction and thereby get to all miners.

Ahh, of course if it could be unlocked with a signature from the same address, it would be kind of useless.  But suppose it had to be unlocked with a signature from the same address that locked it?  So the attacker would need that external address' private key too.
hero member
Activity: 882
Merit: 1000
May 03, 2014, 04:28:53 PM
#9
One of my customers and I are both now unable to reach the localbitcoins website.  There is no info about this on their blog either.

The update has been put up in the blog now.
Quote
Saturday, May 3, 2014
Attack against LocalBitcoins infrastructure 3.5.2014
LocalBitcoins received a very dangerous attack against the site infrastructure on Saturday 3.5.2014.
For now

    All user data and Bitcoins are safe;
    The site will be down for a while as the system is being rebuilt

Details
LocalBitcoins hosting provided received a request to restart the LocalBitcoins.com website server and give access to the server console (root) on Sat May 3 13:32:27. LocalBitcoins team did not initiate this request. For now, it looks like the request was made using spoofed email addresses and other weakness in the hosting provider support system.

    LocalBitcoins team was alerted about the abnormal activity when the hosting provider restarted the server.
    The attacker gained a root access to the server for ~40 minutes before the attacker was kicked out and the server shutdown.
    All data on the website server is encrypted. Manual actions are needed to make this data readable, so the attacker could not gain access to the data even when having a server console access.

It is very unlikely that the attacker gained access to any data;  LocalBitcoins is still performing full investigation on the matter.

    Bitcoins in hot wallet and cold wallet are safe, as LocalBitcoins runs its bitcoind and wallets on a separate server.
    LocalBitcoins team has started to rebuild the website server on fresh hardware.

LocalBitcoins team will make further announcements when the investigation proceeds and the site becomes available again.  We expect to spend at least 24 hours on this. LocalBitcoins team apologizes the issues the downtime may cause to the users.



Posted by Andrei Zillo at 10:17 PM
donator
Activity: 1617
Merit: 1012
May 03, 2014, 03:24:04 PM
#8
One of my customers and I are both now unable to reach the localbitcoins website.  There is no info about this on their blog either.
Yes, down for me too. Right in the middle of a transaction too.
sr. member
Activity: 444
Merit: 250
I prefer evolution to revolution.
May 03, 2014, 02:31:26 PM
#7
One of my customers and I are both now unable to reach the localbitcoins website.  There is no info about this on their blog either.
newbie
Activity: 44
Merit: 0
April 28, 2014, 05:56:45 AM
#6
Done moving to Swiss-based servers, site is active. Cheesy
legendary
Activity: 966
Merit: 1001
April 28, 2014, 03:19:20 AM
#5
Twitter Updates here:

https://twitter.com/LocalBitcoins

Looks like they are moving to Swiss-based servers, should be back up in a day or so.

Looks like the site is back up now Smiley
full member
Activity: 224
Merit: 100
April 27, 2014, 11:36:08 PM
#4
Twitter Updates here:

https://twitter.com/LocalBitcoins

Looks like they are moving to Swiss-based servers, should be back up in a day or so.
sr. member
Activity: 444
Merit: 250
I prefer evolution to revolution.
April 27, 2014, 11:31:07 PM
#3
I figured I'd re-open this thread since LBC is giving this same error again.

While the localbitcoins.com server(s?) is down, you can watch their blogspot page since they might update us there while their main service is unavailable: http://localbitcoins.blogspot.com/

Gee, I should check my browser's cache before posting these things!

Hey Mozilla, why do you cache a 500 Internal Server Error page?  The response code is 500; kind of pointless to cache it, don't you think?  Or maybe it wasn't Mozilla?  Someone did...
sr. member
Activity: 325
Merit: 253
February 12, 2014, 02:53:11 AM
#2
It's fixed now, Site are Working fine.
full member
Activity: 224
Merit: 100
February 12, 2014, 02:20:19 AM
#1
It seems that the site is not responding. The following message appears,

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, [email protected] and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.


Have they brought the site down for any corrections ?
Pages:
Jump to: