About the recent server compromise

[mmortal03]

So, since the forums have been back up, Topic Notifications of new replies have not been getting e-mailed out.

[1715235308]

1715235308

[1715235308]

1715235308

[1715235308]

1715235308

[theymos]

So, since the forums have been back up, Topic Notifications of new replies have not been getting e-mailed out.

They are getting mailed out, your mail provider is just rejecting them. Maybe I will get a new IP address in the future to stop this from happening, but IMO this is a problem on hotmail's end.

Code:

May 28 17:42:22 B184CA91EB5: to=<...>,
relay=mx1.hotmail.com[65.55.37.72]:25, delay=0.55,
delays=0.16/0/0.28/0.1, dsn=5.0.0, status=bounced (host
mx1.hotmail.com[65.55.37.72] said: 550 OU-002 (COL004-MC1F36)
Unfortunately, messages from 198.251.81.170 weren't sent. Please
contact your Internet service provider since part of their network
is on our block list. You can also refer your provider to
http://mail.live.com/mail/troubleshooting.aspx#errors. (in reply to
MAIL FROM command))

[chrisvl]

So, since the forums have been back up, Topic Notifications of new replies have not been getting e-mailed out.

They are getting mailed out, your mail provider is just rejecting them. Maybe I will get a new IP address in the future to stop this from happening, but IMO this is a problem on hotmail's end.

Code:

May 28 17:42:22 B184CA91EB5: to=<...>,
relay=mx1.hotmail.com[65.55.37.72]:25, delay=0.55,
delays=0.16/0/0.28/0.1, dsn=5.0.0, status=bounced (host
mx1.hotmail.com[65.55.37.72] said: 550 OU-002 (COL004-MC1F36)
Unfortunately, messages from 198.251.81.170 weren't sent. Please
contact your Internet service provider since part of their network
is on our block list. You can also refer your provider to
http://mail.live.com/mail/troubleshooting.aspx#errors. (in reply to
MAIL FROM command))

why reject them ??

[Welsh]

why reject them ??

Probably due to the fact that the site has sent out thousands of mails within a short period of time, due to the recent compromise.

[freedomno1]

why reject them ??

Probably due to the fact that the site has sent out thousands of mails within a short period of time, due to the recent compromise.

That would make sense it must have triggered some spam filter and ended up on hotmails block list
Guess it might fix itself sooner or later

[mmortal03]

So, since the forums have been back up, Topic Notifications of new replies have not been getting e-mailed out.

They are getting mailed out, your mail provider is just rejecting them. Maybe I will get a new IP address in the future to stop this from happening, but IMO this is a problem on hotmail's end.

Code:

May 28 17:42:22 B184CA91EB5: to=<...>,
relay=mx1.hotmail.com[65.55.37.72]:25, delay=0.55,
delays=0.16/0/0.28/0.1, dsn=5.0.0, status=bounced (host
mx1.hotmail.com[65.55.37.72] said: 550 OU-002 (COL004-MC1F36)
Unfortunately, messages from 198.251.81.170 weren't sent. Please
contact your Internet service provider since part of their network
is on our block list. You can also refer your provider to
http://mail.live.com/mail/troubleshooting.aspx#errors. (in reply to
MAIL FROM command))

Interesting. Besides this issue with Hotmail, I also have no ability to sign up on bugs.python.org or counterpartytalk.org because the confirmation e-mails are never received. The bugs.python.org e-mails have been blocked for *years*, according to similar complaints I've found online. How obnoxious on Microsoft's part.

[diffused30]

How do I get hotmail to accept the mail from bitcointalk?

[Muhammed Zakir]

How do I get hotmail to accept the mail from bitcointalk?

Whitelist Bitcointalk email addresses.

[sgk]

How do I get hotmail to accept the mail from bitcointalk?

I am not using Hotmail, but are you receiving forum emails in 'Junk' folder or you're not receiving them at all?

If you're receiving them in Junk, it should be very easy to just mark them as 'Not Junk'.
If you're not receiving them altogether, you should find out if Hotmail allows 'white-listing' specific domains or email addresses, like MZ suggested above.

[bcearl]

Why did you not even send a warning mail to all addresses? Thousands of casual forum users don't even know about this incident and their password hashes stolen.

[Borisz]

Why did you not even send a warning mail to all addresses? Thousands of casual forum users don't even know about this incident and their password hashes stolen.

There was an email on the 24th of May, 2015.

[bcearl]

There was an email on the 24th of May, 2015.

I certainly did not get it, and I asked a few people from whom nobody got it either.

[jmurjeff]

How do I get hotmail to accept the mail from bitcointalk?

I am not using Hotmail, but are you receiving forum emails in 'Junk' folder or you're not receiving them at all?

If you're receiving them in Junk, it should be very easy to just mark them as 'Not Junk'.
If you're not receiving them altogether, you should find out if Hotmail allows 'white-listing' specific domains or email addresses, like MZ suggested above.

I don't need it anymore. I had to create a new account because  I could not recover my password and that is why I needed to know how to receive mail. But theymos helped me out by sending mail to my hotmail account. I have not received a single mail from this site. I think they blocked the bitcointalk.org domain. I am going to switch to gmail because I can receive mail from this site.

[hilariousandco]

There was an email on the 24th of May, 2015.

I certainly did not get it, and I asked a few people from whom nobody got it either.

Some service providers block certain IPs the forum uses to send emails so that may be why.

[DiamondCardz]

There was an email on the 24th of May, 2015.

I certainly did not get it, and I asked a few people from whom nobody got it either.

Some service providers block certain IPs the forum uses to send emails so that may be why.

Perhaps. I certainly got it (as someone who doesn't use hotmail as an email provider, not disclosing my email provider though) and there is a warning at the top of the forum telling you to change your passwords, so I don't see what else could or should be done to keep people "safe".

[Borisz]

There was an email on the 24th of May, 2015.

I certainly did not get it, and I asked a few people from whom nobody got it either.

It came from the standard email address where I normally receive messages from, regarding new PMs and such. I suggest you either check if you receive emails at all from the forum (settings etc.) or change the email address. It's good to stay up-to-date in such situations.

Although, indeed there was a message in the forum header as well.

[sgk]

There was an email on the 24th of May, 2015.

I certainly did not get it, and I asked a few people from whom nobody got it either.

It might be an issue with certain email providers, because most of the users received the email fine. I also received it with no problem.

Here's the full text of the email:

Code:

from:	noreply@bitcointalk.org
to:	xxxxxxxxxxxxx
date:	25 May 2015 at 20:41
subject:	Bitcoin Forum: Password change required
mailed-by:	bitcointalk.org


-----BEGIN PGP SIGNED MESSAGE----
Hash: SHA256

You are receiving this message because your email address is associated
with an account on bitcointalk.org. I regret to have to inform you that
some information about your account was obtained by an attacker who
successfully compromised the bitcointalk.org server. The following
information about your account was likely leaked:
 - Email address
 - Password hash
 - Last-used IP address and registration IP address
 - Secret question and a basic (not brute-force-resistant) hash of your
 secret answer
 - Various settings

You should immediately change your forum password and delete or change
your secret question. To do this, log into the forum, click "profile",
and then go to "account related settings".

If you used the same password on bitcointalk.org as on other sites, then
you should also immediately change your password on those other sites.
Also, if you had a secret question set, then you should assume that the
attacker now knows the answer to your secret question.

Your password was salted and hashed using sha256crypt with 7500 rounds.
This will slow down anyone trying to recover your password, but it will
not completely prevent it unless your password was extremely strong.

While nothing can ever be ruled out in these sorts of situations, I do
not believe that the attacker was able to collect any forum personal
messages.

I apologize for the inconvenience and for any trouble that this may cause.
-----BEGIN PGP SIGNATURE-----

iF4EAREIAAYFAlVhiGIACgkQxlVWk9q1keeUmgEAhGi8pTghxISo1feeXkUMhW3a
uKxLeOOkTQR5Zh7aGKoBAMEvYsGEBGt3hzInIh+k43XJjGYywSiPAal1KI7Arfs0
=bvuI
-----END PGP SIGNATURE-----

[bcearl]

Thanks for the info. I confirmed at least two people who did not receive any such e-mail. One is a Google Mail address (@gmail.com), the other one has a big German university's e-mail address. The mails are not in the spam folders either.

Just saying. Get a decent way to send them, theymos, and send all of them again. You cannot just set up a random server with a random IP address and send mails. It's not the 80's any more. Due to spam epidemic, major mail providers will reject those mails.

[itod]

Just saying. Get a decent way to send them, theymos, and send all of them again. You cannot just set up a random server with a random IP address and send mails. It's not the 80's any more. Due to spam epidemic, major mail providers will reject those mails.

Wait, you are suggesting because few guys' spam filters blocked the circular mail theymos should spam us all with that mail again?!? That makes no sense. Have you ever, I mean ever, seen same circular mail re-sent to you just in case somebody may miss it? No serious entity does that, so should not Bitcointalk either.

[theymos]

Just saying. Get a decent way to send them, theymos, and send all of them again. You cannot just set up a random server with a random IP address and send mails. It's not the 80's any more. Due to spam epidemic, major mail providers will reject those mails.

The mail certainly came from bitcointalk.org due to the forum's SPF policy, and users have been receiving legitimate mail from bitcointalk.org for years, so any mail provider that bounces forum mail is outright broken IMO. It's ridiculous that 500,000 users can receive consistent legitimate mail from the forum for years, but then when I want to send them all one mail some of the big providers freak out.