TalkImg.com - Image hosting for BitcoinTalk - page 9.

bitmover

legendary

Activity: 2352

Merit: 6089

bitcoindata.science

Quote from: babo on November 07, 2024, 02:53:19 AM

if your service is open source I can try to fork it and give one similar to altcoinstalks

The source code is not the point of talkimg. To run the website you money to buy the infrastructure to host all those images, this is main point of a website like that.

Take a look here, this basically the same website as talkimg. There are others if you research more...
https://imgbb.com/

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: LoyceV on November 07, 2024, 04:22:28 AM

How is ChartBuddy doing it?

Quote from: ChartBuddy on November 07, 2024, 04:01:14 AM

Explanation

It links to an IP-address instead of a domain name. Does that mean the attack is on the image proxy's DNS server?

Don't do this! This directly exposes the IP address to every DDoSer in the world, and it will be much harder to switch servers if all the images have the IP address hardcoded.

For now, Cloudflare is acting as a sort of black hole for all the website traffic, but I'm guessing if joker_josue wanted to make this work with IP addresses, it would probably fix the issue, but I do not recommend it for the above reasons.

JiiBs

full member

Activity: 203

Merit: 106

🌀 Cosmic Casino

Quote from: LoyceV on November 07, 2024, 04:22:28 AM

How is ChartBuddy doing it?

Quote from: ChartBuddy on November 07, 2024, 04:01:14 AM

Explanation

It links to an IP-address instead of a domain name. Does that mean the attack is on the image proxy's DNS server?

Does that mean that, the attackers uses previous history from there data logs to keep track and respond proactive by some automation to further access in this time to prevent any uploads and blocking of users by IPs?

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: joker_josue on November 06, 2024, 03:07:35 PM

Now, it is true that many host servers do this logging, even temporarily. But, to access them, you will need to do a deeper investigation. I don't even have time to scratch my itch, let alone scrape IPs... I have more to do in life.

For the record: I wasn't blaming you. I too use default Apache logs on my server, and I too only look at it when there's severe abuse going on.

Quote from: bitmover on November 06, 2024, 03:17:54 PM

I think cloudflare will store some user data anyway, right? Like ip of people who sent files. ?

This comes to mind:

Quote from: theymos on November 29, 2017, 06:35:34 PM

What I meant is that Cloudflare can see your unencrypted password when you log in. It's still encrypted from the real server to Cloudflare and from Cloudflare to you. So it's not blatantly insecure except in that Cloudflare is very probably an NSA honeypot, and it's not like the NSA is going to steal your password in order to scam people on bitcointalk.org or anything.

Since the forum uses Cloudflare already, that doesn't add any new risks.

Quote from: dkbit98 on November 06, 2024, 05:01:06 PM

Quote

Sorry, you have been blocked
You are unable to access talkimg.com

I get the same. It's the same message Cloudflare gives on Bitcointalk when you're trying to post something Cloudflare doesn't like. Just a few weeks ago that was /etc/hosts.

Quote from: Richy_T on November 06, 2024, 11:52:05 PM

Likely the forum is the main target and the attackers just saw talkimg as likely the easier target.

Take down the image hosting and image proxy, take down ChartBuddy. No ChartBuddy, no hourly price updates. This is food for conspiracies Tongue

Quote from: NotATether on November 07, 2024, 01:14:04 AM

Quote from: LoyceV on November 06, 2024, 07:13:12 AM

If you can see this image, the forum's image proxy is working fine:
Image loading...

Negative, on my side.

Same here.

How is ChartBuddy doing it?

Quote from: ChartBuddy on November 07, 2024, 04:01:14 AM

Explanation

It links to an IP-address instead of a domain name. Does that mean the attack is on the image proxy's DNS server?

wwzsocki

legendary

Activity: 2744

Merit: 1708

First 100% Liquid Stablecoin Backed by Gold

Quote from: Richy_T on November 06, 2024, 11:48:25 PM

Quote from: theymos on November 06, 2024, 10:38:45 AM

- Bitcointalk.org could add support for uploading images directly.

I also like talkimg. I wonder if it could be integrated into bitcointalk somehow (and share hosting, perhaps)...

Best option will be to have the ability to upload images directly and Talkimg as a backup run on donations (maybe)

babo

legendary

Activity: 3696

Merit: 4343

The hacker spirit breaks any spell

Quote from: joker_josue on November 06, 2024, 08:18:39 AM

Quote from: bitmover on November 06, 2024, 06:43:53 AM

Joker_josue, I think the decision to expand your service to another forum is up to you.

As it is now, you will lose a huge amount of users in altcoinstalks.com. additionally, some users from bitcointalk who also use the other forum might migrate to another tool that fit both forums.

I understand the costs, it is not a simple decision

Now let this phase calm down, so you can think about it calmly. Wink

Exactly, of course, it was just to discuss something that in my opinion doesn't have such a heavy impact on talkimg's resources
you can do some tests and benches to see this then clearly the decision is yours and yours alone

if your service is open source I can try to fork it and give one similar to altcoinstalks

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: LoyceV on November 06, 2024, 07:13:12 AM

If you can see this image, the forum's image proxy is working fine:
Image loading...

Negative, on my side.

Thing about Cloudflare, it's very cheap and therefore flimsy DDoS protection. I may sound like a broken record at this point, but DDoS-protected servers are the way to go. It's better for the attacks to be blocked at hardware level rather than relying on Cloudflare to contain everything for you. Because if the attackers already have your IP address, you're toast - and there are many commercial ~~toasters~~ DDoS stresser tools that can be rented for this purpose.

They (the servers I mean) are also extraordinarily expensive to lease, so probably not applicable to a site that's not bringing in lots of revenue per month.

Richy_T

legendary

Activity: 2674

Merit: 2373

1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k

Quote from: notblox1 on November 06, 2024, 01:28:11 PM

Never a boring time in bitcointalk Sad

I am reporting that talkimg images are not working in forum again and they look like constantly loading but never opening.
Maybe this attackers are not only trying to hurt talkimg website but also to damage bitcointalk forum.

Likely the forum is the main target and the attackers just saw talkimg as likely the easier target.

Richy_T

legendary

Activity: 2674

Merit: 2373

1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k

Quote from: theymos on November 06, 2024, 10:38:45 AM

If the attack is still going on in a few days, I'll consider measures like these:
- If there are any image hosts run by trustworthy companies where the privacy policy says that they don't keep logs, these could be exempted from the proxy. If you know of any, let me know.

I don't know how trustworthy such a privacy policy would be so that would require some level of trust.

Quote from: theymos on November 06, 2024, 10:38:45 AM

- Maybe bitcointalk.org could pay TalkImg a monthly fee for a contractual guarantee that they won't keep logs. TalkImg could then be exempted from the proxy, and furthermore they would have more resources to function well.
- Bitcointalk.org could add support for uploading images directly.

My main concern over image hosting is that as mentioned over in the wall observer thread, we are losing some of the images as time goes on. Sites die, accounts get deleted (all of Risto Pietila's google-based images are gone since he died and presumably his account was deactivated). Obviously, not all of the images are all that important but some may have archival importance. It would be nice to have something more integrated with bitcointalk so it persisted with the site. I also like talkimg. I wonder if it could be integrated into bitcointalk somehow (and share hosting, perhaps) and maintenance contracted to the current owner with the option that it remains the property of bitcointalk if the current owner abandons it. I have seen other SMF sites with integrated media hosting too. So, not sure.

joker_josue

legendary

Activity: 1890

Merit: 5204

**In BTC since 2013**

Continued to work actively to mitigate the attack, hoping that it will end as soon as possible.

I have been creating several levels of blocking, which may affect the experience of some users. This is temporary, and I hope that everything returns to normal soon.

Appreciate your patience and understanding.

bitmover

legendary

Activity: 2352

Merit: 6089

bitcoindata.science

Quote from: joker_josue on November 06, 2024, 05:16:25 PM

Quote from: bitmover on November 06, 2024, 03:17:54 PM

I think cloudflare will store some user data anyway, right? Like ip of people who sent files. ?

In the case of Cloudflare, I don't know how they usually handle this data. But I also don't see them keeping logs from thousands of sites for the rest of their lives.

When someone uploads an image, the IP is recorded. You can use Tor, VPN, DNS or any other similar resource to influence this record. This resource has the sole objective of being able to ban any abuse that occurs. But, honestly, given these events, this becomes the least of my problems, so I will most likely be able to create a system so that this data can be eliminated from the BD.

I think not storing that data would be the best option (from the user perspective). And let cloudflare handle the cases of abuses and possible ban.

joker_josue

legendary

Activity: 1890

Merit: 5204

**In BTC since 2013**

Quote from: bitmover on November 06, 2024, 03:17:54 PM

I think cloudflare will store some user data anyway, right? Like ip of people who sent files. ?

In the case of Cloudflare, I don't know how they usually handle this data. But I also don't see them keeping logs from thousands of sites for the rest of their lives.

When someone uploads an image, the IP is recorded. You can use Tor, VPN, DNS or any other similar resource to influence this record. This resource has the sole objective of being able to ban any abuse that occurs. But, honestly, given these events, this becomes the least of my problems, so I will most likely be able to create a system so that this data can be eliminated from the BD.

OgNasty

donator

Activity: 4760

Merit: 4323

Leading Crypto Sports Betting & Casino Platform

Quote from: dkbit98 on November 06, 2024, 05:01:06 PM

This is the message I received after opening TalkImg website today and trying to upload one image.
It looks like I am one of the cloudflare victims in fight against filthy attackers Tongue

I am bit lazy to use any alternative, so I will just wait for storm to pass...

Quote

Sorry, you have been blocked
You are unable to access talkimg.com

Same. Went to upload an image and got blocked. Noooo!!! (would have inserted Darth Vader image here)

dkbit98

legendary

Activity: 2212

Merit: 7064

This is the message I received after opening TalkImg website today and trying to upload one image.
It looks like I am one of the cloudflare victims in fight against filthy attackers Tongue

I am bit lazy to use any alternative, so I will just wait for storm to pass...

Quote

Sorry, you have been blocked
You are unable to access talkimg.com

I_Anime

sr. member

Activity: 602

Merit: 263

Sir joker_josue, I was planning to upload some image in this forum , and I wanted to make use of talkimg.com like usual, so after the human verification

the page endup showing this. https://ibb.co/9YmJm3B

So just want to ask what may have been the issue, because I prefer using talkimg.com compare to the others because is more user friendly than the others.

I've try refreshing the page several times.

bitmover

legendary

Activity: 2352

Merit: 6089

bitcoindata.science

Quote from: joker_josue on November 06, 2024, 03:07:35 PM

Quote from: theymos on November 06, 2024, 10:38:45 AM

If the attack is still going on in a few days, I'll consider measures like these:
- If there are any image hosts run by trustworthy companies where the privacy policy says that they don't keep logs, these could be exempted from the proxy. If you know of any, let me know.
- Maybe bitcointalk.org could pay TalkImg a monthly fee for a contractual guarantee that they won't keep logs. TalkImg could then be exempted from the proxy, and furthermore they would have more resources to function well.
- Bitcointalk.org could add support for uploading images directly.

First of all, I thank you for your trust, but as I say in the OP, I do not record any information. The only thing that is recorded in the database is the IP of the person who uploaded the image for spam control or upload cascade purposes..

Therefore, I am available to work to improve and follow the standards requested by Bitcointalk.

I think cloudflare will store some user data anyway, right? Like ip of people who sent files. ?

JayJuanGee

legendary

Activity: 3962

Merit: 11519

Self-Custody is a right. Say no to"Non-custodial"

Quote from: notblox1 on November 06, 2024, 01:28:11 PM

Never a boring time in bitcointalk Sad

I am reporting that talkimg images are not working in forum again and they look like constantly loading but never opening.
Maybe this attackers are not only trying to hurt talkimg website but also to damage bitcointalk forum.

"They" are trying to stop the BTC price from pumping, but their efforts, so far, are not working.

Cheesy

joker_josue

legendary

Activity: 1890

Merit: 5204

**In BTC since 2013**

Quote from: LoyceV on November 06, 2024, 01:15:13 PM

Quote from: theymos on November 06, 2024, 01:09:53 PM

- If joker_josue merely promises that no logs are kept, then I think that that is sufficient for now, and I will exempt TalkImg from the proxy, once TalkImg is working again.

Joker_joshue just posted IP-addresses (used in the DDOS). His webhost may not even allow him to not keep logs.

These IPs were obtained through Cloudflare data. I had never used Cloudflare for talkimg.com before, this is the first time and so I had access to this data.

Now, it is true that many host servers do this logging, even temporarily. But, to access them, you will need to do a deeper investigation. I don't even have time to scratch my itch, let alone scrape IPs... I have more to do in life.

Quote from: theymos on November 06, 2024, 10:38:45 AM

If the attack is still going on in a few days, I'll consider measures like these:
- If there are any image hosts run by trustworthy companies where the privacy policy says that they don't keep logs, these could be exempted from the proxy. If you know of any, let me know.
- Maybe bitcointalk.org could pay TalkImg a monthly fee for a contractual guarantee that they won't keep logs. TalkImg could then be exempted from the proxy, and furthermore they would have more resources to function well.
- Bitcointalk.org could add support for uploading images directly.

First of all, I thank you for your trust, but as I say in the OP, I do not record any information. The only thing that is recorded in the database is the IP of the person who uploaded the image for spam control or upload cascade purposes..

Therefore, I am available to work to improve and follow the standards requested by Bitcointalk.

Zwei

hero member

Activity: 510

Merit: 574

Too Little, Too Late.

Quote from: LoyceV on November 06, 2024, 01:15:13 PM

Quote

So if anyone is ultra-paranoid, be aware that your browser may start making connections to talkimg.com sometime soon. If you're really opposed to that, block it via a hosts file or something.

Code:

127.0.0.1 talkimg.com
127.0.0.1 www.talkimg.com

for those who don't know, you can find the hosts files (on windows) at this path: C:\Windows\System32\Drivers\etc\hosts
be sure to open notepad as an administrator and open the path from in notepad, otherwise you would not be able to save your edit.

if you do this, you will not be able to see any images hosted on talkimg.com, just so you know!

AB de Royse777

legendary

Activity: 2464

Merit: 3878

Hire Bitcointalk Camp. Manager @ r7promotions.com

Quote from: minerjones on November 06, 2024, 02:17:34 PM

This also applies to other image hosting sites like postimg.cc and imgbb.com

The bitcointalk proxy is in attack and it is already in discussions :-D

Topic: TalkImg.com - Image hosting for BitcoinTalk - page 9. (Read 20808 times)