Pages:
Author

Topic: Why Simple Machines forum & not anything else ?. (Read 2530 times)

hero member
Activity: 644
Merit: 500
My goal is becaming a billionaire.

The free open source ones seem to suffer from hacking attempts, not sure about vbulletin, when i used to use phpbb people always got hacked.


phpbb is so far from being secure and safe to use to be honest with you mate , vBulletin is high quality forum and don't really get hacked a lot , one of the biggest forums with more then 5m users called epvp is with vBulletin 3.8.7 and It never  got hacked as far as I know . at least since I joined

just some DDOS attempts , but I guess that Cloudflare should do the job here
legendary
Activity: 1330
Merit: 1000

The free open source ones seem to suffer from hacking attempts, not sure about vbulletin, when i used to use phpbb people always got hacked.
legendary
Activity: 1064
Merit: 1000

Maybe that could be implemented as an April fools joke? Anyways, did you guys catch the hacker, or at least know who he is?

Anyways, I found this picture, it is one of the things the hacker did.



Wait, that actually happened? I thought it was just something in the video that was just put there for humorous reasons (like a montage parody or something).

Yeah that's what actually happened, when users logged in they saw that all over their screen. I wan't here when the forums got hacked, but I found some articles about it.

Maybe that could be implemented as an April fools joke? Anyways, did you guys catch the hacker, or at least know who he is?

I do know who he is, but he didn't cause any permanent damage or steal any user info, so I decided not to go after him. It was just a funny joke.

Oh I see. Wow, that's nice of you. I would be pretty mad if I ran a forum and it got hacked.
hero member
Activity: 644
Merit: 500
My goal is becaming a billionaire.
Maybe that could be implemented as an April fools joke? Anyways, did you guys catch the hacker, or at least know who he is?

I do know who he is, but he didn't cause any permanent damage or steal any user info, so I decided not to go after him. It was just a funny joke.

I wasen't here that time when the forums got hacked and don't know how much the damage that was caused to be honest ...
But you are one nice guy Theymos , really Grin If I were you I would hunt him down  Angry still what you did is cool , that's why we love you  Embarrassed
#Respect for da boss
administrator
Activity: 5222
Merit: 13032
Maybe that could be implemented as an April fools joke? Anyways, did you guys catch the hacker, or at least know who he is?

I do know who he is, but he didn't cause any permanent damage or steal any user info, so I decided not to go after him. It was just a funny joke.
hero member
Activity: 812
Merit: 587
Space Lord
^^ That happened, and CosbyCoin happened Grin
sr. member
Activity: 308
Merit: 250

Maybe that could be implemented as an April fools joke? Anyways, did you guys catch the hacker, or at least know who he is?

Anyways, I found this picture, it is one of the things the hacker did.



Wait, that actually happened? I thought it was just something in the video that was just put there for humorous reasons (like a montage parody or something).
legendary
Activity: 1064
Merit: 1000
The forum got compromised even through avatars. I don't know how wise it will be to leave it exposed, the incentive to attack this is very high.
Does anyone have a link to the main thread where this 2013 security breach was discussed? I'd be interested in
what exactly happened back then.
It's not "just" for this forum, it could be a competitor to all the other forums. If they do it right, it could be quite a boon for bitcoin.
That's true. Will epochtalk be available for free? I guess not, given the >350k dev costs. So one should price licenses competitively and sell only for bitcoins..

Not found the thread but found a video of apparently what the hack did:
https://www.youtube.com/watch?v=LKrOHAfMdxI

That hacker must have a sense of humor, lol.


What the hell lol , this is really happened on the website ? It looks a video montage to me Shocked  btw here is more informations about the hack , found this on the description of that video => http://www.reddit.com/r/Bitcoin/comments/1nmdq4/bitcointalk_hacked/
also more info here : http://cryptolife.net/bitcointalk-hacked/



Yes all else aside, it was pretty funny. Would pop up a dialog box with a progress meter that said it was converting your bitcoins to cosbycoins. 


Maybe that could be implemented as an April fools joke? Anyways, did you guys catch the hacker, or at least know who he is?

Anyways, I found this picture, it is one of the things the hacker did.

sr. member
Activity: 308
Merit: 250
Quote

He didn't donate anything, thats the money the forum currently has and whos holding it. There is a list of some donators here
https://bitcointalk.org/donate.html

Woops right , didn't read it correctly . They are holding them I see , but why it's splitted to different people and I don't know anyone of them at least not Administrators or Moderators/Staff members Shocked

It's split amongst different people for security, I suppose. If one guy gets hacked, all the funds won't be lost as there are others who hold funds as well (the chances of one of them getting hacked should be pretty slim though, as they're being entrusted with quite a lot of Bitcoins).

It wouldn't really matter if they're a staff member or not, they're highly trusted by theymos.
hero member
Activity: 644
Merit: 500
My goal is becaming a billionaire.
Quote

He didn't donate anything, thats the money the forum currently has and whos holding it. There is a list of some donators here
https://bitcointalk.org/donate.html

Woops right , didn't read it correctly . They are holding them I see , but why it's splitted to different people and I don't know anyone of them at least not Administrators or Moderators/Staff members Shocked
hero member
Activity: 882
Merit: 1006
That's true. Will epochtalk be available for free? I guess not, given the >350k dev costs. So one should price licenses competitively and sell only for bitcoins..

The costs are expected to be closer to $1 million in the end, $350k has been spent to date.

The software will be entirely free and open source, released under the MIT license just like Bitcoin Core.

So you are telling me someone would pay 1$ million dollar just to develop a forum & at the end of the day that forum will be Free & Open source ? Like seriously ? do you really belieave that because I don't  Huh It just dosen't make any sense

Yes, read up on it. The funds were raised from donations to bitcointalk and profit from forum ads back when the Bitcoin price was a lot less. The forum never sold any BTC. Here is how much the forum holds now:

https://bitcointalksearch.org/topic/forum-funds-155000

And you do realize that some of the Bitcoin Core developers are paid >$100,000/yr salaries, yet the software is free. And the same can be said about the Linux kernel, Firefox web browser or any other large FOSS software project.


Dafuq only Theymos him self donated like 1.2m (with the current price of BTC) that's so huge Shocked
and to be honest with you , no I didn't knew that . I personally think that only few people donate to free projects like these (Firefox,Ubuntu etc ... ) idk .. I can seem to belieave that people could donate such amounts of money . but i can't say I was thinking about Developpers of those wallets yeah ... nice to hear that they got paid after all Smiley

He didn't donate anything, thats the money the forum currently has and whos holding it. There is a list of some donators here
https://bitcointalk.org/donate.html
hero member
Activity: 644
Merit: 500
My goal is becaming a billionaire.
That's true. Will epochtalk be available for free? I guess not, given the >350k dev costs. So one should price licenses competitively and sell only for bitcoins..

The costs are expected to be closer to $1 million in the end, $350k has been spent to date.

The software will be entirely free and open source, released under the MIT license just like Bitcoin Core.

So you are telling me someone would pay 1$ million dollar just to develop a forum & at the end of the day that forum will be Free & Open source ? Like seriously ? do you really belieave that because I don't  Huh It just dosen't make any sense

Yes, read up on it. The funds were raised from donations to bitcointalk and profit from forum ads back when the Bitcoin price was a lot less. The forum never sold any BTC. Here is how much the forum holds now:

https://bitcointalksearch.org/topic/forum-funds-155000

And you do realize that some of the Bitcoin Core developers are paid >$100,000/yr salaries, yet the software is free. And the same can be said about the Linux kernel, Firefox web browser or any other large FOSS software project.


Dafuq only Theymos him self donated like 1.2m (with the current price of BTC) that's so huge Shocked
and to be honest with you , no I didn't knew that . I personally think that only few people donate to free projects like these (Firefox,Ubuntu etc ... ) idk .. I can seem to belieave that people could donate such amounts of money . but i can't say I was thinking about Developpers of those wallets yeah ... nice to hear that they got paid after all Smiley
hero member
Activity: 882
Merit: 1006
That's true. Will epochtalk be available for free? I guess not, given the >350k dev costs. So one should price licenses competitively and sell only for bitcoins..

The costs are expected to be closer to $1 million in the end, $350k has been spent to date.

The software will be entirely free and open source, released under the MIT license just like Bitcoin Core.

So you are telling me someone would pay 1$ million dollar just to develop a forum & at the end of the day that forum will be Free & Open source ? Like seriously ? do you really belieave that because I don't  Huh It just dosen't make any sense

Yes, read up on it. The funds were raised from donations to bitcointalk and profit from forum ads back when the Bitcoin price was a lot less. The forum never sold any BTC. Here is how much the forum holds now:

https://bitcointalksearch.org/topic/forum-funds-155000

And you do realize that some of the Bitcoin Core developers are paid >$100,000/yr salaries, yet the software is free. And the same can be said about the Linux kernel, Firefox web browser or any other large FOSS software project.
hero member
Activity: 644
Merit: 500
My goal is becaming a billionaire.
That's true. Will epochtalk be available for free? I guess not, given the >350k dev costs. So one should price licenses competitively and sell only for bitcoins..

The costs are expected to be closer to $1 million in the end, $350k has been spent to date.

The software will be entirely free and open source, released under the MIT license just like Bitcoin Core.

So you are telling me someone would pay 1$ million dollar just to develop a forum & at the end of the day that forum will be Free & Open source ? Like seriously ? do you really belieave that because I don't  Huh It just dosen't make any sense
hero member
Activity: 560
Merit: 504
Hmm, I don't have the impression this has been cleared up very well.
For example, is the username known who uploaded the malicious avatar?

I think also if the username was known the "hacker" has used tor or a vpn/proxy.

sure, sure.. Just for curiosity.  Grin
legendary
Activity: 1778
Merit: 1043
#Free market
Hmm, I don't have the impression this has been cleared up very well.
For example, is the username known who uploaded the malicious avatar?

I think also if the username was known the "hacker" has used tor or a vpn/proxy.
hero member
Activity: 882
Merit: 1006
That's true. Will epochtalk be available for free? I guess not, given the >350k dev costs. So one should price licenses competitively and sell only for bitcoins..

The costs are expected to be closer to $1 million in the end, $350k has been spent to date.

The software will be entirely free and open source, released under the MIT license just like Bitcoin Core.
hero member
Activity: 560
Merit: 504
Hmm, I don't have the impression this has been cleared up very well.
For example, is the username known who uploaded the malicious avatar?
legendary
Activity: 1652
Merit: 1128

What the hell lol , this is really happened on the website ? It looks a video montage to me Shocked  btw here is more informations about the hack , found this on the description of that video => http://www.reddit.com/r/Bitcoin/comments/1nmdq4/bitcointalk_hacked/
also more info here : http://cryptolife.net/bitcointalk-hacked/



Yes all else aside, it was pretty funny. Would pop up a dialog box with a progress meter that said it was converting your bitcoins to cosbycoins.  
hero member
Activity: 644
Merit: 500
My goal is becaming a billionaire.
The forum got compromised even through avatars. I don't know how wise it will be to leave it exposed, the incentive to attack this is very high.
Does anyone have a link to the main thread where this 2013 security breach was discussed? I'd be interested in
what exactly happened back then.
It's not "just" for this forum, it could be a competitor to all the other forums. If they do it right, it could be quite a boon for bitcoin.
That's true. Will epochtalk be available for free? I guess not, given the >350k dev costs. So one should price licenses competitively and sell only for bitcoins..

Not found the thread but found a video of apparently what the hack did:
https://www.youtube.com/watch?v=LKrOHAfMdxI

What the hell lol , this is really happened on the website ? It looks a video montage to me Shocked  btw here is more informations about the hack , found this on the description of that video => http://www.reddit.com/r/Bitcoin/comments/1nmdq4/bitcointalk_hacked/
also more info here : http://cryptolife.net/bitcointalk-hacked/

from Theymos

Quote
UPDATE FROM THEYMOS:

It’s unfortunately worse than I thought. There’s a good chance that the attacker(s) could have executed arbitrary PHP code and therefore could have accessed the database, but I’m not sure yet how difficult this would be. I’m sending out a mass mailing to all Forum users about this.

Summary: The forum will be down for a while. Backups exist and are held by several people. At this time I feel that password hashes were probably not compromised, but I can’t say for sure. If you used the same password on bitcointalk.org as on other sites, you may want to change your passwords. Passwords are hashed using sha256crypt with 7500 rounds (very strong). The JavaScript that was injected into bitcointalk.org seems harmless.

Here’s what I know: The attacker injected some code into $modSettings['news'] (the news at the top of pages). Updating news is normally logged, but this action was not logged, so the update was probably done in some roundabout way, not by compromising an admin account or otherwise “legitimately” making the change. Probably, part of SMF related to news-updating or modSettings is flawed. Possibly, the attacker was somehow able to modify the modSettings cache in /tmp or the database directly.

Also, the attacker was able to upload a PHP script and some other files to the avatars directory.

Figuring out the specifics is probably beyond my skills, so 50 BTC to the first person who tells me how this was done. (You have to convince me that your flaw was the one actually used.) The forum won’t go back up until I know how this was done, so it could be down for a while.
Pages:
Jump to: