|
LittleD
|
 |
October 07, 2013, 08:47:34 AM |
|
thanks for the update!  |
|
|
|
|
|
|
|
|
|
|
You can see the statistics of your reports to moderators on the "Report to moderator" pages.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
n00ber
|
|
October 07, 2013, 09:33:24 AM |
|
So this site has backdoor since 2011?
|
|
|
|
|
Jumpy
|
|
October 07, 2013, 09:53:35 AM |
|
Thanks for your vigilance Theymos. I'd also like to thank you for taking the site down quickly and leaving it offline until you could ensure security. Plenty of admins would have just gotten it back up as quickly as possible for the sake of revenue.
|
PM me if you want to advertise on this signature.
|
|
|
dragonkid
Member
 Offline
Activity: 84
Merit: 10
|
|
October 07, 2013, 10:03:28 AM |
|
Goodjob theymos.
are you fucking kidding me? What do you mean. Are you not happy to see forum back again? well i hope that was a sarcastic "good job" theymos, upgrade smf for the love of Christ. I agreed with r3wt. From my understanding there was a security patch for the 2.0 but not 1.1.18 in 1st October. They stop patching 1.1.18. I think it is time to upgrade. Also I suggest you use either Nessus or OpenVAS to scan the forum to see if there are any other problem with the webserver configuration. |
|
|
|
chipug
Full Member
Offline
Activity: 165
Merit: 100
696B6111
|
|
October 07, 2013, 10:09:32 AM |
|
Theymos - Thank you for keeping the forum warm. If people complain, maybe they should go camping with another forum  |
|
|
|
|
|
greyhawk
|
|
October 07, 2013, 10:20:28 AM |
|
So this site has backdoor since 2011?
 |
|
|
|
|
|
btceic
|
|
October 07, 2013, 10:23:59 AM |
|
|
|
|
|
|
simonk83
|
|
October 07, 2013, 10:25:17 AM |
|
If only all those thousands of dollars in donations had actually been put to purpose hey  |
|
|
|
|
b!z
Legendary
Offline
Activity: 1582
Merit: 1010
|
|
October 07, 2013, 10:34:43 AM |
|
Thank you for the information, theymos. I'm glad the forum is back.
|
|
|
|
|
aigeezer
Legendary
Offline
Activity: 1450
Merit: 1013
Cryptanalyst castrated by his government, 1952
|
|
October 07, 2013, 12:10:35 PM |
|
Great to see the site back up. While it was down there was a lot of media mischief to the effect that "BTC is dead and will never recover". (I won't dignify the FUD with sample links). With that in mind, for "next time", I'd suggest putting up a brb splash page of some kind during an outage. This time people could go to reddit if they knew how, but otherwise were left in the dark to be spun by the FUDsters.
Also, given the nature of some of the spin out there, is there an informed "official" position on the (lack of?) correlation between the forum attack and the SR takedown? Is there an "official" position on the absence of a major BTC price crash during the dark period?
|
|
|
|
|
stylesuxx
Newbie
Offline
Activity: 14
Merit: 0
|
|
October 07, 2013, 12:34:34 PM |
|
Attackers never really get anything out of their efforts in the end.
Mhhh,... the only ones to know what they got are the attackers, I guess. To say that they did not get anything is just speculation. |
|
|
|
|
phelix
Legendary
Offline
Activity: 1708
Merit: 1019
|
|
October 07, 2013, 12:43:10 PM |
|
Bounties for reporting future vulnerabilities would be nice.
It is somewhat scary that admins can modify forum code from within the forum itself if I understand correctly.
|
|
|
|
|
|
surebet
|
|
October 07, 2013, 12:43:27 PM |
|
I guess it means you guys shouldn't only screen cap the gibbis thread. In case anyone missed it, here's a backup of the assets of the hack. http://crymore.com/btc/I guess I should mention that I didn't do it. |
|
|
|
|
Fiyasko
Legendary
Offline
Activity: 1428
Merit: 1001
Okey Dokey Lokey
|
|
October 07, 2013, 12:49:46 PM |
|
In the reddit thread...  Theymos says it was someone from SA, How does he know that? If he KNOWS who it was, why not tell us all? Aside from that little peice of wonder, IM HAPPY THE FORUMS ARE BACK!  |
|
|
|
|
surebet
|
|
October 07, 2013, 12:54:16 PM |
|
In the reddit thread... Theymos says it was someone from SA, How does he know that? If he KNOWS who it was, why not tell us all? Because all the "zOMG FBI ARE WATCHING!!!" threads amuse him? |
|
|
|
|
theymos (OP)
Administrator
Legendary
Offline
Activity: 5166
Merit: 12865
|
|
October 07, 2013, 01:08:29 PM |
|
It is somewhat scary that admins can modify forum code from within the forum itself if I understand correctly.
That's how Satoshi set it up (maybe the SMF default), but I fixed it a while ago. |
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
|
surebet
|
|
October 07, 2013, 02:08:54 PM |
|
Cloudflare was identified on our end as well.
|
|
|
|
|
|
zeeshanblc
|
|
October 07, 2013, 02:48:45 PM |
|
Thanks Admin, Glad to see this forum is back again.
|
|
|
|
|
deslok
Sr. Member
Offline
Activity: 462
Merit: 250
It's all about the game, and how you play it
|
|
October 07, 2013, 03:33:21 PM |
|
The forum is now on a new server inside of a virtual machine with many extra security precautions which will hopefully provide some security in depth in case there are more exploits or backdoors. Also, I have disabled much SMF functionality to provide less attack surface. In particular, non-default themes are disabled for now.
You mean you've taken this opportunity to force ads on all of us(which are disabled by the actual SMF default theme) by defaulting to your custom theme. |
"If we don't hang together, by Heavens we shall hang separately." - Benjamin Franklin
If you found that funny or something i said useful i always appreciate spare change
1PczDQHfEj3dJgp6wN3CXPft1bGB23TzTM
|
|
|
|
greyhawk
|
|
October 07, 2013, 03:37:24 PM |
|
The forum is now on a new server inside of a virtual machine with many extra security precautions which will hopefully provide some security in depth in case there are more exploits or backdoors. Also, I have disabled much SMF functionality to provide less attack surface. In particular, non-default themes are disabled for now.
You mean you've taken this opportunity to force ads on all of us(which are disabled by the actual SMF default theme) by defaulting to your custom theme. You need to see the ads. The forums need money to upgrade their security. |
|
|
|
|
|
