About the recent server compromise

[squall1066]

Thanks for the info,

If our account still gets compromised, are you still able to revert permissions back with a PGP btc address to confirm user?

[dogie]

Glad that it's back, but as previously said it's fairly unacceptable that a forum with such a security aura can still be compromised by attackers.
When will the new forum be happening? It's been in speculation for at least a year, if not longer now. It cannot take this long to code a forum software.

Yeah, DDOS you out of digital existence.

Do you think that they would bother? Surely to take down as many people as it would be worth here it would take more resources than what the attacker could get back.

Yes because a) people are malicious and b) it costs them nothing. There are plenty of "stress test your website" sites that use botnets to do evil things when asked to, either for free or a small fee. The attacker gets nothing other than "winning" the argument.

[marcotheminer]

Hey guys!

One more thing: DON'T FORGET TO CHECK YOUR WALLET ADDRESS, TOO!!! IN YOUR PROFILE.

This is most important for users already participating in campaigns (FOR AUTOMATED PAID campaigns like bitmixer etc)

Hacker would easily check the participants accounts and just change the payment address to his own, in order to receive the payments.

 

A hacker after small change.  
Good joke.

Over 5 BTC a week wouldn't be that tiny.

[sgk]

It is possible the attacker is selling the stolen email address database to spammers to make quick bucks.

ahh, I really don't wanna start any drama. maybe it was just spam in "wrong time" and it is not related at all. just reporting..

This doesn't look like the average email spam hack to me.

It definitely isn't. The hacker was downloading the complete members table which allows him to compromise many user accounts on this forum as well as other sites.

Selling email addresses might be a side income for him with no extra effort until he brute-forces the passwords.

[theymos]

If our account still gets compromised, are you still able to revert permissions back with a PGP btc address to confirm user?

Yes. I also have a database snapshot from a little before the attack which I can use to verify people by email if necessary.

[timk225]

15 XAU....how much is that in US Dollars?  If it isn't enough for me I will not tell what I know about the attack.  Hint -- it came from China.  They are trying to counterfeit and steal everything in the world, and it seems like no one tries to stop them.

My password was a single keyboard character repeated 10 times, maybe I should change it?

And no amount of security in the world will stop this if some dumbass at the data center believes what someone on the phone tells him and resets the access password.

[hilariousandco]

15 XAU....how much is that in US Dollars? 

http://www.xe.com/currency/xau-gold-ounce

[Xialla]

15 XAU....how much is that in US Dollars?  If it isn't enough for me I will not tell what I know about the attack.  Hint -- it came from China.  They are trying to counterfeit and steal everything in the world, and it seems like no one tries to stop them.

My password was a single keyboard character repeated 10 times, maybe I should change it?

And no amount of security in the world will stop this if some dumbass at the data center believes what someone on the phone tells him and resets the access password.

1 XAU = ~ 1200USD

rest of post is just bullshit, sorry.

[nor9865]

15 XAU....how much is that in US Dollars?  If it isn't enough for me I will not tell what I know about the attack.  Hint -- it came from China.  They are trying to counterfeit and steal everything in the world, and it seems like no one tries to stop them.

My password was a single keyboard character repeated 10 times, maybe I should change it?

And no amount of security in the world will stop this if some dumbass at the data center believes what someone on the phone tells him and resets the access password.

XAU is Gold

XAU-USD 1,206.9400 Price of 1 XAU in USD

[alani123]

What's the limit for passwords? I tried using an unreasonably large string as my password and didn't receive any error messages (despite the load time after I press the login button being huge). Were the last characters of the string cut off for it to fit a certain limit?

[matt4054]

I'm quoting this for those like me who didn't understand why they couldn't login after changing pwd yesterday

If you changed your password in the short time when the forum was online a little over a day ago, the change didn't stick. You'll have to change it again.

[1Referee]

As far as I can see no one had access to my account. I have set a stronger password just in case. Better safe than sorry. Credits to theymos for his hard work.

[Panthers52]

I am glad that too much damage wasn't done and that too much personal information wasn't leaked. This is just one more example of the importance of using GPG when sending or receiving any kind of sensitive information.

[Lauda]

I am glad that too much damage wasn't done and that too much personal information wasn't leaked. This is just one more example of the importance of using GPG when sending or receiving any kind of sensitive information.

Actually there is quite some damage. Passwords are irrelevant,as they can be changed.
A lot of people are going to be targeted due to this

- Last-used IP address and registration IP address

There are people who sometimes use a VPN, and some that don't use it at all. We will see what happens in the future.
Hopefully the attacker gets found.

[Fernandez]

I was using a moderately strong password which I could remember too. Now I will have to come with another system.

[Panthers52]

I am glad that too much damage wasn't done and that too much personal information wasn't leaked. This is just one more example of the importance of using GPG when sending or receiving any kind of sensitive information.

Actually there is quite some damage. Passwords are irrelevant,as they can be changed.
A lot of people are going to be targeted due to this

- Last-used IP address and registration IP address

There are people who sometimes use a VPN, and some that don't use it at all. We will see what happens in the future.
Hopefully the attacker gets found.

I am not sure why anyone would consider not using a VPN. They are really not very expensive to use and they provide a lot of added privacy.

[1Referee]

I am glad that too much damage wasn't done and that too much personal information wasn't leaked. This is just one more example of the importance of using GPG when sending or receiving any kind of sensitive information.

Actually there is quite some damage. Passwords are irrelevant,as they can be changed.
A lot of people are going to be targeted due to this

- Last-used IP address and registration IP address

There are people who sometimes use a VPN, and some that don't use it at all. We will see what happens in the future.
Hopefully the attacker gets found.

For most people it doesn't matter if their IP address is now in the hands of the hacker, they will most likely target those with the highest ranks and based on how important that person is in the community.

[btcdealer.nl]

9800 Savage Rd
Fort Meade, MD 20755
USA

 

[alani123]

9800 Savage Rd
Fort Meade, MD 20755
USA

 

What is this?

[btcdealer.nl]

9800 Savage Rd
Fort Meade, MD 20755
USA

 

What is this?

Address of the most loved agency in this world