Title: LocalBitcoins Attack against infrastructure 3.5.2014 Post by: RUEHL on May 03, 2014, 08:49:16 PM https://plus.google.com/+BitcointrukkokHu/posts/UkRc4jrJAbn
Saturday, May 3, 2014 Attack against LocalBitcoins infrastructure 3.5.2014 LocalBitcoins received a very dangerous attack against the site infrastructure on Saturday 3.5.2014. For now All user data and Bitcoins are safe; The site will be down for a while as the system is being rebuilt Details LocalBitcoins hosting provided received a request to restart the LocalBitcoins.com website server and give access to the server console (root) on Sat May 3 13:32:27. LocalBitcoins team did not initiate this request. For now, it looks like the request was made using spoofed email addresses and other weakness in the hosting provider support system.
Title: Re: LocalBitcoins Attack against infrastructure 3.5.2014 Post by: aceat64 on May 03, 2014, 08:51:00 PM This is pretty standard social engineering, the hosting company screwed up big time. They gave someone root access with apparently no real validation.
Title: Re: LocalBitcoins Attack against infrastructure 3.5.2014 Post by: MoneyGod on May 03, 2014, 10:01:57 PM Another bad news for bitcoiners because now peoples more worry about bitcoin trade
Title: Re: LocalBitcoins Attack against infrastructure 3.5.2014 Post by: franky1 on May 03, 2014, 10:19:15 PM usually you find out the data centre is a "buy a domain and server in bitcoins".. thus it normally ends up as an inside job but twisted into being from a social engineering attempt, that way the customer is too busy calling the host incompetent and not able to have time to realise their the thief
so here are some lessons 1. temptation - DO NOT use a data centre that knows and uses bitcoins themselves, the temptation to steal is higher if people know the data on their system has value to them. 2. pre-knowledge - the fact the the data centre knows about bitcoin also makes it easier for them to navigate your source code without taking long. 3. admin rights. if you own the domain YourDomain. then DO NOT register ceo@YourDomain.com or anything@yourdomain.com instead have the data centre only take requests and queries from a email that looks nothing like your domain. and does not appear on any search listings of your domain or the CEO's personal details. in short make a new address and get the data centre to verify you each time. 4. set up a passphrase that must be mentioned in all correspondence. 5. if your choosing a bitcoin payment datacentre that does not have admin security... dont use them. so stick to FIAT hosting or keep your servers inhouse if any of the tips above cant be done Title: Re: LocalBitcoins Attack against infrastructure 3.5.2014 Post by: keithers on May 03, 2014, 11:46:29 PM If only these hackers could put their talents to good use on something positive...
Title: Re: LocalBitcoins Attack against infrastructure 3.5.2014 Post by: MarketNeutral on May 03, 2014, 11:48:19 PM usually you find out the data centre is a "buy a domain and server in bitcoins".. thus it normally ends up as an inside job but twisted into being from a social engineering attempt, that way the customer is too busy calling the host incompetent and not able to have time to realise their the thief so here are some lessons 1. temptation - DO NOT use a data centre that knows and uses bitcoins themselves, the temptation to steal is higher if people know the data on their system has value to them. 2. pre-knowledge - the fact the the data centre knows about bitcoin also makes it easier for them to navigate your source code without taking long. 3. admin rights. if you own the domain YourDomain. then DO NOT register ceo@YourDomain.com or anything@yourdomain.com instead have the data centre only take requests and queries from a email that looks nothing like your domain. and does not appear on any search listings of your domain or the CEO's personal details. in short make a new address and get the data centre to verify you each time. 4. set up a passphrase that must be mentioned in all correspondence. 5. if your choosing a bitcoin payment datacentre that does not have admin security... dont use them. so stick to FIAT hosting or keep your servers inhouse if any of the tips above cant be done Very good advice. Thank you. Title: Re: LocalBitcoins Attack against infrastructure 3.5.2014 Post by: BurtW on May 03, 2014, 11:50:52 PM If only these hackers could put their talents to good use on something positive... The Bitcoin network and all its peripheral entities need to be tested while we are in beta.All this testing from worthy opponents only makes us stronger. So their talents are being put to good use. Title: Re: LocalBitcoins Attack against infrastructure 3.5.2014 Post by: Bit_Happy on May 04, 2014, 04:40:09 AM If only these hackers could put their talents to good use on something positive... Still a good idea: Many criminals would be much better off if they would try an honest direction. Title: Re: LocalBitcoins Attack against infrastructure 3.5.2014 Post by: kittucrypt on May 04, 2014, 05:35:34 AM usually you find out the data centre is a "buy a domain and server in bitcoins".. thus it normally ends up as an inside job but twisted into being from a social engineering attempt, that way the customer is too busy calling the host incompetent and not able to have time to realise their the thief so here are some lessons 1. temptation - DO NOT use a data centre that knows and uses bitcoins themselves, the temptation to steal is higher if people know the data on their system has value to them. 2. pre-knowledge - the fact the the data centre knows about bitcoin also makes it easier for them to navigate your source code without taking long. 3. admin rights. if you own the domain YourDomain. then DO NOT register ceo@YourDomain.com or anything@yourdomain.com instead have the data centre only take requests and queries from a email that looks nothing like your domain. and does not appear on any search listings of your domain or the CEO's personal details. in short make a new address and get the data centre to verify you each time. 4. set up a passphrase that must be mentioned in all correspondence. 5. if your choosing a bitcoin payment datacentre that does not have admin security... dont use them. so stick to FIAT hosting or keep your servers inhouse if any of the tips above cant be done Thanks for this useful post. Very useful. Title: Re: LocalBitcoins Attack against infrastructure 3.5.2014 Post by: BitCoinDream on May 04, 2014, 11:17:38 AM usually you find out the data centre is a "buy a domain and server in bitcoins".. thus it normally ends up as an inside job but twisted into being from a social engineering attempt, that way the customer is too busy calling the host incompetent and not able to have time to realise their the thief so here are some lessons 1. temptation - DO NOT use a data centre that knows and uses bitcoins themselves, the temptation to steal is higher if people know the data on their system has value to them. 2. pre-knowledge - the fact the the data centre knows about bitcoin also makes it easier for them to navigate your source code without taking long. 3. admin rights. if you own the domain YourDomain. then DO NOT register ceo@YourDomain.com or anything@yourdomain.com instead have the data centre only take requests and queries from a email that looks nothing like your domain. and does not appear on any search listings of your domain or the CEO's personal details. in short make a new address and get the data centre to verify you each time. 4. set up a passphrase that must be mentioned in all correspondence. 5. if your choosing a bitcoin payment datacentre that does not have admin security... dont use them. so stick to FIAT hosting or keep your servers inhouse if any of the tips above cant be done Its secure to run on a cloud service like Amazon ...IMO Title: Re: LocalBitcoins Attack against infrastructure 3.5.2014 Post by: btbrae on May 04, 2014, 04:53:09 PM What hosting provider was it? Other customers should be warned, it sounds like they are beyond clueless.
Title: Re: LocalBitcoins Attack against infrastructure 3.5.2014 Post by: Gyrsur on May 04, 2014, 04:55:38 PM *listen*
Title: Re: LocalBitcoins Attack against infrastructure 3.5.2014 Post by: ViewSonic on May 04, 2014, 06:29:43 PM is LocalBitcoins still safe for trading or it's time to look for another places?
Title: Re: LocalBitcoins Attack against infrastructure 3.5.2014 Post by: MoneyGod on May 04, 2014, 09:31:48 PM is LocalBitcoins still safe for trading or it's time to look for another places? But currently we have no too much places for this trade still this is best place for this workTitle: Re: LocalBitcoins Attack against infrastructure 3.5.2014 Post by: BurtW on May 04, 2014, 10:55:59 PM is LocalBitcoins still safe for trading or it's time to look for another places? Nothing lost so much safer than Gox - although "safer than Gox" does not really say much now does it.Nothing lost so this was basically just a test of their security precautions - and they passed. They have done and I expect will continue to do a great job. Title: Re: LocalBitcoins Attack against infrastructure 3.5.2014 Post by: RockHound on May 05, 2014, 01:32:49 AM is LocalBitcoins still safe for trading or it's time to look for another places? Nothing lost so much safer than Gox - although "safer than Gox" does not really say much now does it.Nothing lost so this was basically just a test of their security precautions - and they passed. They have done and I expect will continue to do a great job. Couldn't agree more - They're a great team! Have a side topic, figured mainly Localbitcoins users reading this, someone posted this: https://bitcointalk.org/index.php?topic=595801.0 Got me thinking, whether we should routinely change addresses, or is it pretty secure so no worries? What do you guys do? Title: Re: LocalBitcoins Attack against infrastructure 3.5.2014 Post by: Bit_Happy on May 05, 2014, 01:36:39 AM https://plus.google.com/+BitcointrukkokHu/posts/UkRc4jrJAbn Saturday, May 3, 2014 Attack against LocalBitcoins infrastructure 3.5.2014 LocalBitcoins received a very dangerous attack against the site infrastructure on Saturday 3.5.2014. For now All user data and Bitcoins are safe; The site will be down for a while as the system is being rebuilt Details LocalBitcoins hosting provided received a request to restart the LocalBitcoins.com website server and give access to the server console (root) on Sat May 3 13:32:27. LocalBitcoins team did not initiate this request. For now, it looks like the request was made using spoofed email addresses and other weakness in the hosting provider support system.
It is very unlikely that the attacker gained access to any data; LocalBitcoins is still performing full investigation on the matter.
They were well prepared for an eventual attack. Their reputation is now even better than before. :) Title: Re: LocalBitcoins Attack against infrastructure 3.5.2014 Post by: acegilz on May 05, 2014, 02:29:19 AM do anybody know how is this done exactly? If its not to hard to do, I would like to protect my files on the server too.. thanks
Quote All data on the website server is encrypted. Manual actions are needed to make this data readable, so the attacker could not gain access to the data even when having a server console access. Title: Re: LocalBitcoins Attack against infrastructure 3.5.2014 Post by: RockHound on May 05, 2014, 03:02:47 AM do anybody know how is this done exactly? If its not to hard to do, I would like to protect my files on the server too.. thanks Quote All data on the website server is encrypted. Manual actions are needed to make this data readable, so the attacker could not gain access to the data even when having a server console access. So the Hacker/Attacker having 40min server access had plenty of time to DL data, he just can't read it? Title: Re: LocalBitcoins Attack against infrastructure 3.5.2014 Post by: PangPang on May 05, 2014, 03:10:09 AM do anybody know how is this done exactly? If its not to hard to do, I would like to protect my files on the server too.. thanks Quote All data on the website server is encrypted. Manual actions are needed to make this data readable, so the attacker could not gain access to the data even when having a server console access. So the Hacker/Attacker having 40min server access had plenty of time to DL data, he just can't read it? Without decryption, the data should look like just bullshit. :) Title: Re: LocalBitcoins Attack against infrastructure 3.5.2014 Post by: acegilz on May 05, 2014, 10:45:46 AM do anybody know how is this done exactly? If its not to hard to do, I would like to protect my files on the server too.. thanks Quote All data on the website server is encrypted. Manual actions are needed to make this data readable, so the attacker could not gain access to the data even when having a server console access. So the Hacker/Attacker having 40min server access had plenty of time to DL data, he just can't read it? Without decryption, the data should look like just bullshit. :) i would love to know how could I make this on my server too.. Title: Re: LocalBitcoins Attack against infrastructure 3.5.2014 Post by: bcoins on May 05, 2014, 01:58:46 PM The dns appears of shared hosting while checking at http://whois.domaintools.com/localbitcoins.com
Should use good provider like www.hosticon.com Title: Re: LocalBitcoins Attack against infrastructure 3.5.2014 Post by: leopard2 on May 05, 2014, 09:09:58 PM https://plus.google.com/+BitcointrukkokHu/posts/UkRc4jrJAbn Saturday, May 3, 2014 Attack against LocalBitcoins infrastructure 3.5.2014 LocalBitcoins received a very dangerous attack against the site infrastructure on Saturday 3.5.2014. For now All user data and Bitcoins are safe; The site will be down for a while as the system is being rebuilt Details LocalBitcoins hosting provided received a request to restart the LocalBitcoins.com website server and give access to the server console (root) on Sat May 3 13:32:27. LocalBitcoins team did not initiate this request. For now, it looks like the request was made using spoofed email addresses and other weakness in the hosting provider support system.
It is very unlikely that the attacker gained access to any data; LocalBitcoins is still performing full investigation on the matter.
They were well prepared for an eventual attack. Their reputation is now even better than before. :) YES!!! Can you believe how well this was thwarted, plus a full server rebuild in 24h? COMPARED TO GOX??!!!!!!!! LBC compared to Gox is like gold compared to DOGCRAP. Great job, now if they would also do such a good job verifying bank accounts... ;) Title: Re: LocalBitcoins Attack against infrastructure 3.5.2014 Post by: faiza1990 on May 05, 2014, 09:13:15 PM Good news is site admin and devs done very good work and many features back site working
Title: Re: LocalBitcoins Attack against infrastructure 3.5.2014 Post by: AgentZero on May 06, 2014, 11:30:21 AM Can anyone confirm whether completing trades works now? I have my eye on an ad at a good price but on the LBC site there's still an error across the top
Quote LocalBitcoins website is currently being restored. Opening contacts may have problems as the file attachments are still being copied to the server. When I log in and see the section: How much you wish to buy? and fill in an amount for FIAT, the site doesn't automatically calculate the corresponding amount in BTC or if I enter a BTC amount, it doesn't show the amount in FIAT. I know I can calculate it manually but did they change this functionality recently? Title: Re: LocalBitcoins Attack against infrastructure 3.5.2014 Post by: Johnny Bitcoin Walker on May 06, 2014, 07:27:31 PM Strange, i still cannot access the website even after a cache clear.
Title: Re: LocalBitcoins Attack against infrastructure 3.5.2014 Post by: RockHound on May 07, 2014, 01:54:00 AM Can anyone confirm whether completing trades works now? I have my eye on an ad at a good price but on the LBC site there's still an error across the top Quote LocalBitcoins website is currently being restored. Opening contacts may have problems as the file attachments are still being copied to the server. When I log in and see the section: How much you wish to buy? and fill in an amount for FIAT, the site doesn't automatically calculate the corresponding amount in BTC or if I enter a BTC amount, it doesn't show the amount in FIAT. I know I can calculate it manually but did they change this functionality recently? Hi AZ, Made several trades since the site has come back online. Some features still definitely lagging (file attachments and escrow) however, all my clients received their BTC quickly, so seems to be almost back to perfect. Non have reported issue with the calculator? Perhaps just manually calculate for now. If wrong, you can Cancel Trade Request and submit another. |