|
Title: Ip address instead of bitcoin talk address? Post by: techman05 on January 31, 2014, 01:30:18 AM I'm hoping this is not a sign of bad things to come but instead of bitcointalk.org in an address I got an ip address link to the post of interest.
The ip was/is : https://109.201.133.195 Just thought I'd post it so someone can make sure something didn't die on the domain or if this is something new to expect from this site. I don't normaly open bitcoin talk post by ip since who knows whats on the other end . Hope this helps the universe. edit.. http://ip-lookup.net/index.php seems to show this is bitcoin talks ip address, but still weird. Title: Re: Ip address instead of bitcoin talk address? Post by: Malexo on January 31, 2014, 01:40:19 AM talk dot org and talk dot com are not the same... you know that right?
Title: Re: Ip address instead of bitcoin talk address? Post by: techman05 on January 31, 2014, 01:45:00 AM Still the address is to bitcoin talk for whatever popped up as an ip address.
Did you get the point that my oops was not the issue being noted. Title: Re: Ip address instead of bitcoin talk address? Post by: Kouye on January 31, 2014, 01:58:31 AM -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Here's what we think happened: 8-14 hours ago, an attacker used a flaw in the forum's AnonymousSpeech registrar to change the forum's DNS to point to 108.162.197.161 (exact details unknown). Sirius noticed this 8 hours ago and immediately transferred bitcointalk.org to a different registrar. However, such changes take about 24 hours to propagate. Because the HTTPS protocol is pretty terrible, this alone could have allowed the attacker to intercept and modify encrypted forum transmissions, allowing them to see passwords sent during login, authentication cookies, PMs, etc. Your password only could have been intercepted if you actually entered it while the forum was affected. I invalidated all security codes, so you're not at risk of having your account stolen if you logged in using the "remember me" feature without actually entering your password. For the next ~20 hours, you should only log into the forum if you're quite sure that you're talking to the correct server. This can be done by adding '109.201.133.195 bitcointalk.org' to your hosts file (remember to remove it later!), or by using some browser plugin to ensure that you're talking to the server with TLS certificate SHA1 fingerprint of: 29:0E:CC:82:2B:3C:CE:0A:73:94:35:A0:26:15:EC:D3:EB:1F:46:6B Simultaniously, the forum has been the target of a massive DDoS attack. These two events are probably related, though I'm not yet sure why an attacker would do both of these things at once. -----BEGIN PGP SIGNATURE----- iF4EAREIAAYFAlKb2nkACgkQxlVWk9q1kefhTwD+Ni5k7CUrHjvzG29wO3Gx4Am+ MV5tdw8zE1AAWvbstt8BAIrndOXCYmawoXN+VeSZkLXHnCyQbR8IOftQnpl2aXYs =465T -----END PGP SIGNATURE----- TL;DR : 109.201.133.195 is probably safe, until theymos states otherwise. |