About the recent server compromise

[favdesu]

have a strong feeling they inserted a backdoor somewhere or a keylogger.

something that would keep them getting access to the forum and retrieve data

do you even know how a keylogger works?

anyways, host was compromised due to social engineering, so theymos did nothing wrong. In fact, the amateurs at NForce gave the attacker access (good job!)

[Buttknuckle]

Geeze, well thanks Theymos for being awesome, if not discovered so quickly this could have been much worse.  After seeing that chart, time to go change a few passwords (eek!)

[(oYo)]

The site has become incredibly slow since the compromise and I'm getting a lot of "502 Bad Gateway" notifications.

[hedgy73]

The site has become incredibly slow since the compromise and I'm getting a lot of "502 Bad Gateway" notifications.

Same here .

[Zeroxal]

The site has become incredibly slow since the compromise and I'm getting a lot of "502 Bad Gateway" notifications.

Not actually see errors here. And the site works fine and fluent, however sometimes when I do actions(PM,Posts) it laggs so much that it usually takes about 30 seconds to post something

[hilariousetc]

The site has become incredibly slow since the compromise and I'm getting a lot of "502 Bad Gateway" notifications.

Not actually see errors here. And the site works fine and fluent, however sometimes when I do actions(PM,Posts) it laggs so much that it usually takes about 30 seconds to post something

The forum was very laggy earlier on but it's been working ok since. I'm sure it'll be up and down every now and again until the forum gets back on its feet.

[ACCTseller]

The site has become incredibly slow since the compromise and I'm getting a lot of "502 Bad Gateway" notifications.

Not actually see errors here. And the site works fine and fluent, however sometimes when I do actions(PM,Posts) it laggs so much that it usually takes about 30 seconds to post something

The forum was very laggy earlier on but it's been working ok since. I'm sure it'll be up and down every now and again until the forum gets back on its feet.

I think the period when it was laggy/slow was a peak usage time for the forum. I would be interested to see if the forum experiences similar performance issues around the same time tonight.

[Josef27]

Just back after a long break and saw this, that explain why I can't access the forum recently.

Also I suddenly receive spam email from somewhere (mostly german or something), anyone got the same problem?

[thebitcoinquiz.com]

Just back after a long break and saw this, that explain why I can't access the forum recently.

Also I suddenly receive spam email from somewhere (mostly german or something), anyone got the same problem?

Was the email related to the forum or was it just someone trying to sell you some medicines or electronics?
I just hope the email was not for phishing.

[Josef27]

Just back after a long break and saw this, that explain why I can't access the forum recently.

Also I suddenly receive spam email from somewhere (mostly german or something), anyone got the same problem?

Was the email related to the forum or was it just someone trying to sell you some medicines or electronics?
I just hope the email was not for phishing.

Not related to forum I think atm because I can't understand the language, also I already deleted the other but I saw one of them like referral or something and another one linked with url shortener (I dont want to click the link) also like one of them impersonating a bitcoin services or something related.

[Keyser Soze]

Not sure if I missed it somewhere, but if the "secret question" field is blank, does this mean it is not set? I don't believe I ever set one in the past and want to make sure that is still the case.

[alch1mista]

Not sure if I missed it somewhere, but if the "secret question" field is blank, does this mean it is not set? I don't believe I ever set one in the past and want to make sure that is still the case.

Same question here, please let us know.

[BadBear]

Yes, empty means there isn't one. Double check and make sure it's actually empty, and that there aren't any white spaces (cursor there, backspace and then delete). 

[redsn0w]

If our account still gets compromised, are you still able to revert permissions back with a PGP btc address to confirm user?

Yes. I also have a database snapshot from a little before the attack which I can use to verify people by email if necessary.

I'm sorry, but has theymos actually confirmed his forum identity after the attack yet?  And also, is it just me or is the forum currently loading slower than normal?

Was running ok earlier but it's got a bit sluggish now, but that's to be expected as everyone tries logging on and resetting their passwords etc. Wouldn't surprise me if the forum will get ddosed as well.

ddosbtc is fucking around with his annoying booter.

Another hacked account  , WTF ... welcome back Mt.Gox support !

[MakingMoneyHoney]

It wasn't the forum's fault but the hosting.

Theymos claims it was the hosting. That's what you meant to say.
He openly states, in this very thread, that before any of the alleged social engineering took place,
"... The attacker was able to acquire KVM access credentials for the server. The investigation into how this was possible is still ongoing, so I don't know everything ..."

Not sure why everyone is acting like lax DC security is the issue,

The hoster denied beeing attacked with SE. It is still not clear how attacker gained access and why.

Where did you see this? People here are still under the impression it was Social Engineering....

[AGD]

It wasn't the forum's fault but the hosting.

Theymos claims it was the hosting. That's what you meant to say.
He openly states, in this very thread, that before any of the alleged social engineering took place,
"... The attacker was able to acquire KVM access credentials for the server. The investigation into how this was possible is still ongoing, so I don't know everything ..."

Not sure why everyone is acting like lax DC security is the issue,

The hoster denied beeing attacked with SE. It is still not clear how attacker gained access and why.

Where did you see this? People here are still under the impression it was Social Engineering....

I don't remember where it was. It was one of the crypto news sites. They wrote, they have called NFOrce about the incident and they denied beeing attacked with SE.

[favdesu]

It wasn't the forum's fault but the hosting.

Theymos claims it was the hosting. That's what you meant to say.
He openly states, in this very thread, that before any of the alleged social engineering took place,
"... The attacker was able to acquire KVM access credentials for the server. The investigation into how this was possible is still ongoing, so I don't know everything ..."

Not sure why everyone is acting like lax DC security is the issue,

The hoster denied beeing attacked with SE. It is still not clear how attacker gained access and why.

Where did you see this? People here are still under the impression it was Social Engineering....

I don't remember where it was. It was one of the crypto news sites. They wrote, they have called NFOrce about the incident and they denied beeing attacked with SE.

of course they would deny it. Social engineering is the worst PR for them, no one would trust them anymore

[redsn0w]

It wasn't the forum's fault but the hosting.

Theymos claims it was the hosting. That's what you meant to say.
He openly states, in this very thread, that before any of the alleged social engineering took place,
"... The attacker was able to acquire KVM access credentials for the server. The investigation into how this was possible is still ongoing, so I don't know everything ..."

Not sure why everyone is acting like lax DC security is the issue,

The hoster denied beeing attacked with SE. It is still not clear how attacker gained access and why.

Where did you see this? People here are still under the impression it was Social Engineering....

I don't remember where it was. It was one of the crypto news sites. They wrote, they have called NFOrce about the incident and they denied beeing attacked with SE.

of course they would deny it. Social engineering is the worst PR for them, no one would trust them anymore

Exactly, I have started to think ....that with a simple thing you can ruin all the security that you have created. A soc. eng. attack is a simple concept but it is not simple to do, it brought me back to my mind the story of 'kevin mitnick".

[teddy5145]

Thank you for keeping this site safe  
Maybe you could invest in some kind better security in the future? just in case something like this happening again
and im still trying to figure out what's the motive of the attacker to attack this site  

If they get an email/password combo figured out, they could have passed them self off as a well respected member and done deals where they get money and run. Or, just use the email/password to log into a bank account, or exchange account and withdraw the money. One of the main things is to use a unique password for each site. Lastpass.com is good for that, if anyone hasn't heard of them.

Luckily my btctalk password is different from my bank and paypal account.
When creating my password i used text randomizer and then save it onto my notepad and backed it up on gdrive
Very safe i must say 

[Scamalert]

Passwords are hashed with 7500 rounds of sha256crypt. This is pretty good, but certainly not beyond attack. Note that even though SHA-256 is used here, sha256crypt is different enough from Bitcoin's SHA-256d PoW algorithm that Bitcoin mining ASICs almost certainly cannot be modified to crack forum passwords.

How much does the password need to be changed, whould it be enough to change a letter or two.
Or would it be better to make a brand new long and complicated password.
Reason I ask is that it take some time to memories a long complicated password,
if only added or removing something will the learning time for the new password decrease.