Quickseller
Copper Member
Legendary
Offline
Activity: 2926
Merit: 2347
|
|
May 25, 2015, 03:12:39 PM |
|
]I would prefer a GPG signed message over a twitter message for confirmation, however theymos did send out a GPG signed email advising to change your passwords when he last brought the forum online (the signature was good and was signed within minutes of the google timestamp of this thread previously being created). The google cashe of this thread says that theymos had encrypted the DB to prevent a similar attack in the future. Your password should be considered to be compromised regardless.
I would personally avoid doing any kind of business on here until theymos can prove his identity. I would also suggest treating anyone you deal with to be an imposter until you can get either a GPG or bitcoin signed message to confirm their identity. Thanks theymos for all the time/effort you put into this
What was the message of the email, since I can't find any email from Bitcointalk or Theymos. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
You are receiving this message because your email address is associated with an account on bitcointalk.org. I regret to have to inform you that some information about your account was obtained by an attacker who successfully compromised the bitcointalk.org server. The following information about your account was likely leaked: - Email address - Password hash - Last-used IP address and registration IP address - Secret question and a basic (not brute-force-resistant) hash of your secret answer - Various settings
You should immediately change your forum password and delete or change your secret question. To do this, log into the forum, click "profile", and then go to "account related settings".
If you used the same password on bitcointalk.org as on other sites, then you should also immediately change your password on those other sites. Also, if you had a secret question set, then you should assume that the attacker now knows the answer to your secret question.
Your password was salted and hashed using sha256crypt with 7500 rounds. This will slow down anyone trying to recover your password, but it will not completely prevent it unless your password was extremely strong.
While nothing can ever be ruled out in these sorts of situations, I do not believe that the attacker was able to collect any forum personal messages.
I apologize for the inconvenience and for any trouble that this may cause. -----BEGIN PGP SIGNATURE-----
iF4EAREIAAYFAlVhiGIACgkQxlVWk9q1keeUmgEAhGi8pTghxISo1feeXkUMhW3a uKxLeOOkTQR5Zh7aGKoBAMEvYsGEBGt3hzInIh+k43XJjGYywSiPAal1KI7Arfs0 =bvuI -----END PGP SIGNATURE-----
|
|
|
|
marcotheminer
Legendary
Offline
Activity: 2072
Merit: 1049
┴puoʎǝq ʞool┴
|
|
May 25, 2015, 03:12:44 PM |
|
Why can't 1.5 million USD donated in bitcoin protect this forum from attack? Is there any proof that the entire 1.5 million went into this forum & not into theymos' Carribean Island retirement pot? Wallet transactions etc?
We all wish there were.
|
|
|
|
|
locopao
Legendary
Offline
Activity: 910
Merit: 1000
|
|
May 25, 2015, 03:14:57 PM |
|
Thanks theymos & bitcointalk stuff for getting the forum back online.
Hope you get the m@therf@ckers and make them pay. In any way.
|
|
|
|
Check-0
|
|
May 25, 2015, 03:15:23 PM |
|
|
He иcкyшaй мeня, ибo нeoбyздaн я в жeлaнияx cвoиx... Xoчeшь я взopвy вce звeзды и Зaвтpa нe нacтyпит никoгдa..?
|
|
|
achow101_alt
|
|
May 25, 2015, 03:15:40 PM |
|
Seems Tor IP. Did he mail you anything ? If yes, may we get to know the content ? What are you talking about? Neither IP address shows up as a tor exit node. That list is for the most recent list of exit nodes which updates every hour. I would suggest looking here: https://collector.torproject.org/formats.html#exit-lists for archived lists from the past few days to see if one of the ips was an exit when the attack occurred.
|
|
|
|
achow101_alt
|
|
May 25, 2015, 03:18:00 PM |
|
The tweet for those who didn't follow the link: @bitcointalk Non-authoritative answer: Name: http://bitcointalk.org Address: 186.2.165.183 : this means attackers use DNS Poisoning ... According to the OP, Theymos changed from his previous host NForce to another host because of suspicious activity. This would explain the IP change. Edit: Found the quote: To reduce downtime and avoid temporarily-broken features, I was originally going to stay in NFOrce's data center. However, some things made me suspicious and I moved everything elsewhere. That's where the extra day+ of downtime came from after a short period of uptime. No additional data was leaked.
|
|
|
|
seoincorporation
Legendary
Offline
Activity: 3206
Merit: 3005
Top Crypto Casino
|
|
May 25, 2015, 03:21:46 PM |
|
Is great to have the forum back again thx theymos.
The attack was weird because at last we don't know how he got access to the KVM...
I will give here some possible scenarios.
*Forum admins join to the forum from an insecure point and the forum was compromised. *Attacker was on the same modem with admins and make a Man in the middle attack. *Attacker hack the ISP provider before hack the forum. *There is a 0 day what only the attacker know.
And maybe all that points are wrong... I think if we don't find the source of the problem, it is not fixed yet.
|
|
|
|
Lethn
Legendary
Offline
Activity: 1540
Merit: 1000
|
|
May 25, 2015, 03:22:27 PM |
|
I realise this is a no brainer for a lot of people, but you should never link your financial accounts and website passwords with ones you use on social networks and forums like this one. The only thing these guys are going to get from me are a maybe a few passwords to my gaming stuff but that's it, I think because of how many times Bitcointalk keeps getting compromised it's probably wise to create a unique password just for this site as it's probably going to keep happening the more Bitcoin grows.
There are clearly people out there that think they'll be able to get some from Bitcointalk or maybe this is more malicious than that and they're deliberately trying to bring the site down, either way, there shouldn't be anything sensitive on here and if there is people should move it fast.
|
|
|
|
erikalui
Legendary
Offline
Activity: 2632
Merit: 1094
|
|
May 25, 2015, 03:23:02 PM |
|
Thanks theymos for the hardwork. I changed my password but not my email ID as I'm not sure if I should do it as the pwd used on this forum wasn't used anywhere else fortunately. I've not received any phishing email except this one yesterday:
You are receiving this message because your email address is associated with an account on bitcointalk.org.
-----BEGIN PGP SIGNATURE-----
iF4EAREIAAYFAlVhiGI..........................
I hope the above message is genuine.
|
|
|
|
niktitan132
Legendary
Offline
Activity: 1036
Merit: 1000
|
|
May 25, 2015, 03:24:24 PM |
|
I have changed my password and secret questions.Hopefully there will be no downtime,again. @Theymos When will the new forum be launched?
|
|
|
|
teddy5145
|
|
May 25, 2015, 03:24:36 PM |
|
Thank you for keeping this site safe Maybe you could invest in some kind better security in the future? just in case something like this happening again and im still trying to figure out what's the motive of the attacker to attack this site
|
|
|
|
Check-0
|
|
May 25, 2015, 03:25:04 PM |
|
The tweet for those who didn't follow the link: @bitcointalk Non-authoritative answer: Name: http://bitcointalk.org Address: 186.2.165.183 : this means attackers use DNS Poisoning ... According to the OP, Theymos changed from his previous host NForce to another host because of suspicious activity. This would explain the IP change. Edit: Found the quote: To reduce downtime and avoid temporarily-broken features, I was originally going to stay in NFOrce's data center. However, some things made me suspicious and I moved everything elsewhere. That's where the extra day+ of downtime came from after a short period of uptime. No additional data was leaked. that IP was in Russia, where BTC is illegal http://en.wikipedia.org/wiki/Legality_of_bitcoin_by_countrystrange choice of hoster IMHO.
|
He иcкyшaй мeня, ибo нeoбyздaн я в жeлaнияx cвoиx... Xoчeшь я взopвy вce звeзды и Зaвтpa нe нacтyпит никoгдa..?
|
|
|
BtcTalkAcct
Newbie
Offline
Activity: 12
Merit: 0
|
|
May 25, 2015, 03:26:12 PM |
|
What is theymos's GPG key? Is it published somewhere official? I received the signed email but I can't find a verified source with the key.
|
|
|
|
RappelzReborn
|
|
May 25, 2015, 03:26:27 PM |
|
Why can't 1.5 million USD donated in bitcoin protect this forum from attack? Is there any proof that the entire 1.5 million went into this forum & not into theymos' Carribean Island retirement pot? Wallet transactions etc?
There is actually , here is his wallet as far as I know : https://blockchain.info/address/1M4yNbSCwSMFLF9BaLqzoo2to1WHtZrPkeSource is from here , those are people who are helding the money of the forum (which is not out yet ) : https://bitcointalk.org/index.php?topic=155000.0@Theymos , thanks for your hard work .. a question tho ... if we don't change password and that password isn't the same as our email adresses then we should be good right ? just curious i will change my pass anyway
|
|
|
|
Moebius327
|
|
May 25, 2015, 03:28:56 PM |
|
theymos, thank you for you hard work. Let's hope we will not have to deal this in the future.
|
|
|
|
Gervais
|
|
May 25, 2015, 03:29:06 PM |
|
@Theymos , thanks for your hard work .. a question tho ... if we don't change password and that password isn't the same as our email adresses then we should be good right ? just curious i will change my pass anyway
No, you should change it because it could be broken eventually especially if it was a weak password. I wouldn't take any chances.
|
|
|
|
TheTommyD
|
|
May 25, 2015, 03:30:16 PM |
|
Would not 2fa protected this from occurring?
|
BTC: 1DEj5mbjoYXqvRKfoS4yqtdvSKHpQ4hFLu
|
|
|
MakingMoneyHoney
|
|
May 25, 2015, 03:30:54 PM |
|
Thank you for keeping this site safe Maybe you could invest in some kind better security in the future? just in case something like this happening again and im still trying to figure out what's the motive of the attacker to attack this site If they get an email/password combo figured out, they could have passed them self off as a well respected member and done deals where they get money and run. Or, just use the email/password to log into a bank account, or exchange account and withdraw the money. One of the main things is to use a unique password for each site. Lastpass.com is good for that, if anyone hasn't heard of them.
|
|
|
|
nearmint
Newbie
Offline
Activity: 18
Merit: 0
|
|
May 25, 2015, 03:33:09 PM |
|
He might not want 2fa because it lowers conversion rate. Less people would use the forum and the forum's only strength is its community. BUT the forum would be still big enough after 2fa. It's a classic in the scene, so ppl will continue to use it. I would use it with 2fa
|
|
|
|
|