Bitcoin Forum

Last time I checked this forum had millions in BTC\USD in donations, but still hackers are hacking away at such old software and hacking in almost as easily as signing in with a password. Since I've been here, this is the 4th time this has happened. Can I ask, when the forum operators notice a hack is going on why don't you just turn the server or VPS off for a while? Nothing deters a planned attack then nothing to attack. But instead you leave the place up and running to all our passwords once again can get compromised.

Really, what are you doing with all that donation money? You can run 20 forums with all the bitcoin you have.

They said during year, but who knows if that will happen finally

They have been saying that for years now. I have a strong feeling all those donation are paying for a couple user's really nice lifestyle.

This attack as nothing to do with old software, but rather the people at the company running the data center because this is a social engineering attack, not a technical one.

Theymos, the administrator, did in fact turn off the server, the forum was shutdown when he noticed the attack to prevent the attacker from gaining too much information. Then the forum had 3 days of downtime as theymos got another hosting provider, reinstalled everything, and restored all the data.

You should check out Theymos's thread about the compromise here: https://bitcointalk.org/index.php?topic=1067985.msg11445725#msg11445725

wtf? this forum is running on VPS on some public accessible hypervisor? it is not DMZ cluster in T4 DC? aha.))

It's done when it's done. There is a lot of work left to do on the new forum, but it's progressing. There really isn't an eta, it's ready when it's ready. Not that it matters, but I believe the recent hack bypassed the forums security features by directly attacking the hosting provider. The forum hasn't been hacked since October of 2013 if I recall, given what we are working with and the technical info the bitcoin community has (which works against us in this case)it's track record isn't too bad. I don't think removing Bitcointalk for what could be a while is the best idea.

It was really boring without the forum , 3 days were hardly managed as i really like reading here .
The forum have had many attack attempts since past some months. I really hope it will be better with the new software.

I don't think using the new forum software would have stopped this hack/attack.

I think this is one additional reason to show that theymos needs to be 100% sure about the security of the new forum software before implementing it as there will be many people who will attempt to exploit any security holes in it.

To be honest everything can be hacked. Even the bigger networks, services can be penetrated by hackers. People need to understand this. But I understand what is the problem here. Users are disappointed/angry that despite having multi million dollar budget we still have old forum software, that is the problem. No ETA or any news regarding this upgrade and recent compromise of bitcointalk did not really help either.

From what I got from his post, the forum software was not compromised, but his log-in credentials to the server. Having different forum software would not help in any way for this particular attack.

I think these type of attack (or general) will increase when the new forum software will be 'released' fully functional.. because I think it will come with a lot of bug  ::).  Again: you can build a strong security but if an employes will reset the pwd ... then you are really fuc**d.