The forum got compromised even through avatars. I don't know how wise it will be to leave it exposed, the incentive to attack this is very high.
Does anyone have a link to the main thread where this 2013 security breach was discussed? I'd be interested in
what exactly happened back then.
It's not "just" for this forum, it could be a competitor to all the other forums. If they do it right, it could be quite a boon for bitcoin.
That's true. Will epochtalk be available for free? I guess not, given the >350k dev costs. So one should price licenses competitively and sell only for bitcoins..
Not found the thread but found a video of apparently what the hack did:
https://www.youtube.com/watch?v=LKrOHAfMdxIWhat the hell lol , this is really happened on the website ? It looks a video montage to me
btw here is more informations about the hack , found this on the description of that video =>
http://www.reddit.com/r/Bitcoin/comments/1nmdq4/bitcointalk_hacked/also more info here :
http://cryptolife.net/bitcointalk-hacked/from TheymosUPDATE FROM THEYMOS:
It’s unfortunately worse than I thought. There’s a good chance that the attacker(s) could have executed arbitrary PHP code and therefore could have accessed the database, but I’m not sure yet how difficult this would be. I’m sending out a mass mailing to all Forum users about this.
Summary: The forum will be down for a while. Backups exist and are held by several people. At this time I feel that password hashes were probably not compromised, but I can’t say for sure. If you used the same password on bitcointalk.org as on other sites, you may want to change your passwords. Passwords are hashed using sha256crypt with 7500 rounds (very strong). The JavaScript that was injected into bitcointalk.org seems harmless.
Here’s what I know: The attacker injected some code into $modSettings['news'] (the news at the top of pages). Updating news is normally logged, but this action was not logged, so the update was probably done in some roundabout way, not by compromising an admin account or otherwise “legitimately” making the change. Probably, part of SMF related to news-updating or modSettings is flawed. Possibly, the attacker was somehow able to modify the modSettings cache in /tmp or the database directly.
Also, the attacker was able to upload a PHP script and some other files to the avatars directory.
Figuring out the specifics is probably beyond my skills, so 50 BTC to the first person who tells me how this was done. (You have to convince me that your flaw was the one actually used.) The forum won’t go back up until I know how this was done, so it could be down for a while.
If I were you I would hunt him down 
still what you did is cool , that's why we love you 
It just dosen't make any sense
