favdesu
Legendary
Offline
Activity: 1764
Merit: 1000
|
|
May 26, 2015, 09:14:22 AM |
|
have a strong feeling they inserted a backdoor somewhere or a keylogger.
something that would keep them getting access to the forum and retrieve data
do you even know how a keylogger works? anyways, host was compromised due to social engineering, so theymos did nothing wrong. In fact, the amateurs at NForce gave the attacker access (good job!)
|
|
|
|
Buttknuckle
Member
Offline
Activity: 84
Merit: 10
★YoBit.Net★ 100+ Coins Exchange & Dice
|
|
May 26, 2015, 09:28:52 AM |
|
Geeze, well thanks Theymos for being awesome, if not discovered so quickly this could have been much worse. After seeing that chart, time to go change a few passwords (eek!)
|
|
|
|
(oYo)
|
|
May 26, 2015, 09:57:53 AM |
|
The site has become incredibly slow since the compromise and I'm getting a lot of "502 Bad Gateway" notifications.
|
|
|
|
hedgy73
Legendary
Offline
Activity: 1414
Merit: 1077
|
|
May 26, 2015, 10:03:00 AM |
|
The site has become incredibly slow since the compromise and I'm getting a lot of "502 Bad Gateway" notifications.
Same here .
|
|
|
|
Zeroxal
|
|
May 26, 2015, 01:53:38 PM |
|
The site has become incredibly slow since the compromise and I'm getting a lot of "502 Bad Gateway" notifications.
Not actually see errors here. And the site works fine and fluent, however sometimes when I do actions(PM,Posts) it laggs so much that it usually takes about 30 seconds to post something
|
|
|
|
hilariousetc
Legendary
Offline
Activity: 2828
Merit: 3038
Join the world-leading crypto sportsbook NOW!
|
|
May 26, 2015, 02:27:23 PM |
|
The site has become incredibly slow since the compromise and I'm getting a lot of "502 Bad Gateway" notifications.
Not actually see errors here. And the site works fine and fluent, however sometimes when I do actions(PM,Posts) it laggs so much that it usually takes about 30 seconds to post something The forum was very laggy earlier on but it's been working ok since. I'm sure it'll be up and down every now and again until the forum gets back on its feet.
|
|
|
|
ACCTseller
|
|
May 26, 2015, 02:36:10 PM |
|
The site has become incredibly slow since the compromise and I'm getting a lot of "502 Bad Gateway" notifications.
Not actually see errors here. And the site works fine and fluent, however sometimes when I do actions(PM,Posts) it laggs so much that it usually takes about 30 seconds to post something The forum was very laggy earlier on but it's been working ok since. I'm sure it'll be up and down every now and again until the forum gets back on its feet. I think the period when it was laggy/slow was a peak usage time for the forum. I would be interested to see if the forum experiences similar performance issues around the same time tonight.
|
|
|
|
Josef27
|
|
May 26, 2015, 03:03:31 PM |
|
Just back after a long break and saw this, that explain why I can't access the forum recently.
Also I suddenly receive spam email from somewhere (mostly german or something), anyone got the same problem?
|
|
|
|
thebitcoinquiz.com
|
|
May 26, 2015, 03:10:41 PM |
|
Just back after a long break and saw this, that explain why I can't access the forum recently.
Also I suddenly receive spam email from somewhere (mostly german or something), anyone got the same problem?
Was the email related to the forum or was it just someone trying to sell you some medicines or electronics? I just hope the email was not for phishing.
|
Stay hungry. Stay foolish.
|
|
|
Josef27
|
|
May 26, 2015, 03:26:35 PM |
|
Just back after a long break and saw this, that explain why I can't access the forum recently.
Also I suddenly receive spam email from somewhere (mostly german or something), anyone got the same problem?
Was the email related to the forum or was it just someone trying to sell you some medicines or electronics? I just hope the email was not for phishing. Not related to forum I think atm because I can't understand the language, also I already deleted the other but I saw one of them like referral or something and another one linked with url shortener (I dont want to click the link) also like one of them impersonating a bitcoin services or something related.
|
|
|
|
Keyser Soze
|
|
May 26, 2015, 05:07:58 PM |
|
Not sure if I missed it somewhere, but if the "secret question" field is blank, does this mean it is not set? I don't believe I ever set one in the past and want to make sure that is still the case.
|
|
|
|
alch1mista
Sr. Member
Offline
Activity: 455
Merit: 251
blockchain longa, vita brevis
|
|
May 26, 2015, 05:11:54 PM |
|
Not sure if I missed it somewhere, but if the "secret question" field is blank, does this mean it is not set? I don't believe I ever set one in the past and want to make sure that is still the case.
Same question here, please let us know.
|
Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say.
|
|
|
BadBear
v2.0
Legendary
Offline
Activity: 1652
Merit: 1128
|
|
May 26, 2015, 05:15:10 PM |
|
Yes, empty means there isn't one. Double check and make sure it's actually empty, and that there aren't any white spaces (cursor there, backspace and then delete).
|
|
|
|
redsn0w
Legendary
Offline
Activity: 1778
Merit: 1042
#Free market
|
|
May 26, 2015, 05:17:17 PM |
|
If our account still gets compromised, are you still able to revert permissions back with a PGP btc address to confirm user?
Yes. I also have a database snapshot from a little before the attack which I can use to verify people by email if necessary. I'm sorry, but has theymos actually confirmed his forum identity after the attack yet? And also, is it just me or is the forum currently loading slower than normal? Was running ok earlier but it's got a bit sluggish now, but that's to be expected as everyone tries logging on and resetting their passwords etc. Wouldn't surprise me if the forum will get ddosed as well. ddosbtc is fucking around with his annoying booter. Another hacked account , WTF ... welcome back Mt.Gox support !
|
|
|
|
MakingMoneyHoney
|
|
May 26, 2015, 05:24:59 PM |
|
It wasn't the forum's fault but the hosting. Theymos claims it was the hosting. That's what you meant to say. He openly states, in this very thread, that before any of the alleged social engineering took place, "... The attacker was able to acquire KVM access credentials for the server. The investigation into how this was possible is still ongoing, so I don't know everything ..." Not sure why everyone is acting like lax DC security is the issue, The hoster denied beeing attacked with SE. It is still not clear how attacker gained access and why. Where did you see this? People here are still under the impression it was Social Engineering....
|
|
|
|
AGD
Legendary
Offline
Activity: 2070
Merit: 1164
Keeper of the Private Key
|
|
May 26, 2015, 08:04:44 PM |
|
It wasn't the forum's fault but the hosting. Theymos claims it was the hosting. That's what you meant to say. He openly states, in this very thread, that before any of the alleged social engineering took place, "... The attacker was able to acquire KVM access credentials for the server. The investigation into how this was possible is still ongoing, so I don't know everything ..." Not sure why everyone is acting like lax DC security is the issue, The hoster denied beeing attacked with SE. It is still not clear how attacker gained access and why. Where did you see this? People here are still under the impression it was Social Engineering.... I don't remember where it was. It was one of the crypto news sites. They wrote, they have called NFOrce about the incident and they denied beeing attacked with SE.
|
|
|
|
favdesu
Legendary
Offline
Activity: 1764
Merit: 1000
|
|
May 26, 2015, 08:35:43 PM |
|
It wasn't the forum's fault but the hosting. Theymos claims it was the hosting. That's what you meant to say. He openly states, in this very thread, that before any of the alleged social engineering took place, "... The attacker was able to acquire KVM access credentials for the server. The investigation into how this was possible is still ongoing, so I don't know everything ..." Not sure why everyone is acting like lax DC security is the issue, The hoster denied beeing attacked with SE. It is still not clear how attacker gained access and why. Where did you see this? People here are still under the impression it was Social Engineering.... I don't remember where it was. It was one of the crypto news sites. They wrote, they have called NFOrce about the incident and they denied beeing attacked with SE. of course they would deny it. Social engineering is the worst PR for them, no one would trust them anymore
|
|
|
|
redsn0w
Legendary
Offline
Activity: 1778
Merit: 1042
#Free market
|
|
May 26, 2015, 08:40:11 PM |
|
It wasn't the forum's fault but the hosting. Theymos claims it was the hosting. That's what you meant to say. He openly states, in this very thread, that before any of the alleged social engineering took place, "... The attacker was able to acquire KVM access credentials for the server. The investigation into how this was possible is still ongoing, so I don't know everything ..." Not sure why everyone is acting like lax DC security is the issue, The hoster denied beeing attacked with SE. It is still not clear how attacker gained access and why. Where did you see this? People here are still under the impression it was Social Engineering.... I don't remember where it was. It was one of the crypto news sites. They wrote, they have called NFOrce about the incident and they denied beeing attacked with SE. of course they would deny it. Social engineering is the worst PR for them, no one would trust them anymore Exactly, I have started to think ....that with a simple thing you can ruin all the security that you have created. A soc. eng. attack is a simple concept but it is not simple to do, it brought me back to my mind the story of 'kevin mitnick".
|
|
|
|
teddy5145
|
|
May 26, 2015, 08:51:32 PM |
|
Thank you for keeping this site safe Maybe you could invest in some kind better security in the future? just in case something like this happening again and im still trying to figure out what's the motive of the attacker to attack this site If they get an email/password combo figured out, they could have passed them self off as a well respected member and done deals where they get money and run. Or, just use the email/password to log into a bank account, or exchange account and withdraw the money. One of the main things is to use a unique password for each site. Lastpass.com is good for that, if anyone hasn't heard of them. Luckily my btctalk password is different from my bank and paypal account. When creating my password i used text randomizer and then save it onto my notepad and backed it up on gdrive Very safe i must say
|
|
|
|
Scamalert
|
|
May 26, 2015, 09:23:58 PM |
|
Passwords are hashed with 7500 rounds of sha256crypt. This is pretty good, but certainly not beyond attack. Note that even though SHA-256 is used here, sha256crypt is different enough from Bitcoin's SHA-256d PoW algorithm that Bitcoin mining ASICs almost certainly cannot be modified to crack forum passwords.
How much does the password need to be changed, whould it be enough to change a letter or two. Or would it be better to make a brand new long and complicated password. Reason I ask is that it take some time to memories a long complicated password, if only added or removing something will the learning time for the new password decrease.
|
|
|
|
|