opentoe (OP)
Legendary
Offline
Activity: 1274
Merit: 1000
Personal text my ass....
|
|
May 25, 2015, 04:03:00 PM |
|
Last time I checked this forum had millions in BTC\USD in donations, but still hackers are hacking away at such old software and hacking in almost as easily as signing in with a password. Since I've been here, this is the 4th time this has happened. Can I ask, when the forum operators notice a hack is going on why don't you just turn the server or VPS off for a while? Nothing deters a planned attack then nothing to attack. But instead you leave the place up and running to all our passwords once again can get compromised.
Really, what are you doing with all that donation money? You can run 20 forums with all the bitcoin you have.
|
|
|
|
|
|
|
|
|
"Your bitcoin is secured in a way that is physically impossible for others to access, no matter for what reason, no matter how good the excuse, no matter a majority of miners, no matter what." -- Greg Maxwell
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
bigcrypto
Newbie
Offline
Activity: 16
Merit: 0
|
|
May 25, 2015, 04:06:11 PM |
|
They said during year, but who knows if that will happen finally
|
|
|
|
opentoe (OP)
Legendary
Offline
Activity: 1274
Merit: 1000
Personal text my ass....
|
|
May 25, 2015, 04:08:11 PM |
|
They said during year, but who knows if that will happen finally
They have been saying that for years now. I have a strong feeling all those donation are paying for a couple user's really nice lifestyle.
|
|
|
|
achow101_alt
|
|
May 25, 2015, 04:17:08 PM |
|
Last time I checked this forum had millions in BTC\USD in donations, but still hackers are hacking away at such old software and hacking in almost as easily as signing in with a password. Since I've been here, this is the 4th time this has happened.
This attack as nothing to do with old software, but rather the people at the company running the data center because this is a social engineering attack, not a technical one. Can I ask, when the forum operators notice a hack is going on why don't you just turn the server or VPS off for a while? Nothing deters a planned attack then nothing to attack. But instead you leave the place up and running to all our passwords once again can get compromised.
Theymos, the administrator, did in fact turn off the server, the forum was shutdown when he noticed the attack to prevent the attacker from gaining too much information. Then the forum had 3 days of downtime as theymos got another hosting provider, reinstalled everything, and restored all the data. You should check out Theymos's thread about the compromise here: https://bitcointalk.org/index.php?topic=1067985.msg11445725#msg11445725
|
|
|
|
Xialla
Legendary
Offline
Activity: 1036
Merit: 1000
/dev/null
|
|
May 25, 2015, 04:27:49 PM |
|
wtf? this forum is running on VPS on some public accessible hypervisor? it is not DMZ cluster in T4 DC? aha.))
|
|
|
|
SaltySpitoon
Legendary
Offline
Activity: 2590
Merit: 2154
Welcome to the SaltySpitoon, how Tough are ya?
|
|
May 25, 2015, 04:29:35 PM |
|
Last time I checked this forum had millions in BTC\USD in donations, but still hackers are hacking away at such old software and hacking in almost as easily as signing in with a password. Since I've been here, this is the 4th time this has happened. Can I ask, when the forum operators notice a hack is going on why don't you just turn the server or VPS off for a while? Nothing deters a planned attack then nothing to attack. But instead you leave the place up and running to all our passwords once again can get compromised.
Really, what are you doing with all that donation money? You can run 20 forums with all the bitcoin you have.
It's done when it's done. There is a lot of work left to do on the new forum, but it's progressing. There really isn't an eta, it's ready when it's ready. Not that it matters, but I believe the recent hack bypassed the forums security features by directly attacking the hosting provider. The forum hasn't been hacked since October of 2013 if I recall, given what we are working with and the technical info the bitcoin community has (which works against us in this case)it's track record isn't too bad. I don't think removing Bitcointalk for what could be a while is the best idea.
|
|
|
|
koelen3
Legendary
Offline
Activity: 1022
Merit: 1007
Sooner or later, a man who wears two faces forgets
|
|
May 25, 2015, 06:03:01 PM |
|
It was really boring without the forum , 3 days were hardly managed as i really like reading here . The forum have had many attack attempts since past some months. I really hope it will be better with the new software.
|
|
|
|
Quickseller
Copper Member
Legendary
Offline
Activity: 2870
Merit: 2300
|
|
May 25, 2015, 06:37:52 PM |
|
I don't think using the new forum software would have stopped this hack/attack.
I think this is one additional reason to show that theymos needs to be 100% sure about the security of the new forum software before implementing it as there will be many people who will attempt to exploit any security holes in it.
|
|
|
|
Slark
Legendary
Offline
Activity: 1862
Merit: 1004
|
|
May 25, 2015, 06:50:46 PM |
|
I don't think using the new forum software would have stopped this hack/attack.
I think this is one additional reason to show that theymos needs to be 100% sure about the security of the new forum software before implementing it as there will be many people who will attempt to exploit any security holes in it.
To be honest everything can be hacked. Even the bigger networks, services can be penetrated by hackers. People need to understand this. But I understand what is the problem here. Users are disappointed/angry that despite having multi million dollar budget we still have old forum software, that is the problem. No ETA or any news regarding this upgrade and recent compromise of bitcointalk did not really help either.
|
|
|
|
iopq
|
|
May 25, 2015, 08:26:47 PM |
|
From what I got from his post, the forum software was not compromised, but his log-in credentials to the server. Having different forum software would not help in any way for this particular attack.
|
|
|
|
redsn0w
Legendary
Offline
Activity: 1778
Merit: 1042
#Free market
|
|
May 25, 2015, 08:57:13 PM |
|
I don't think using the new forum software would have stopped this hack/attack.
I think this is one additional reason to show that theymos needs to be 100% sure about the security of the new forum software before implementing it as there will be many people who will attempt to exploit any security holes in it.
To be honest everything can be hacked. Even the bigger networks, services can be penetrated by hackers. People need to understand this. But I understand what is the problem here. Users are disappointed/angry that despite having multi million dollar budget we still have old forum software, that is the problem. No ETA or any news regarding this upgrade and recent compromise of bitcointalk did not really help either. I think these type of attack (or general) will increase when the new forum software will be 'released' fully functional.. because I think it will come with a lot of bug . Again: you can build a strong security but if an employes will reset the pwd ... then you are really fuc**d.
|
|
|
|
|