Bitcoin Forum
October 19, 2018, 09:58:04 AM *
News: Make sure you are not using versions of Bitcoin Core other than 0.17.0 [Torrent], 0.16.3, 0.15.2, or 0.14.3. More info.
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 4 5 6 »  All
  Print  
Author Topic: About the recent attack  (Read 13467 times)
LittleD
Hero Member
*****
Offline Offline

Activity: 560
Merit: 500


StayFocus and LIVE


View Profile
October 07, 2013, 08:47:34 AM
 #21

thanks for the update!  Grin

Fallow me on Twitter  ~ Please donate for a cup of Coffee 1KtqBcK7dVPjFugCcCM7G2MGzTZaQH1FTQ Smiley
https://www.cryptsy.com/users/register?refid=11253 ~ StayFocus!
1539943084
Hero Member
*
Offline Offline

Posts: 1539943084

View Profile Personal Message (Offline)

Ignore
1539943084
Reply with quote  #2

1539943084
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1539943084
Hero Member
*
Offline Offline

Posts: 1539943084

View Profile Personal Message (Offline)

Ignore
1539943084
Reply with quote  #2

1539943084
Report to moderator
1539943084
Hero Member
*
Offline Offline

Posts: 1539943084

View Profile Personal Message (Offline)

Ignore
1539943084
Reply with quote  #2

1539943084
Report to moderator
jimmijames73
Hero Member
*****
Offline Offline

Activity: 504
Merit: 500


View Profile
October 07, 2013, 08:47:57 AM
 #22

Good to see the forum back  Smiley  Thanks theymos and others for getting it up and running again.

It might be worth while bolding the statement below in the original post as a lot of members could easily miss it:

The attacker may have modified posts, PMs, signatures, and registered Bitcoin addresses. It isn't practical for me to check all of these things for everyone, so you should double-check your own stuff and report any irregularities to me.
n00ber
Sr. Member
****
Offline Offline

Activity: 334
Merit: 250



View Profile
October 07, 2013, 09:33:24 AM
 #23

So this site has backdoor since 2011?
Jumpy
Full Member
***
Offline Offline

Activity: 182
Merit: 100



View Profile
October 07, 2013, 09:53:35 AM
 #24

Thanks for your vigilance Theymos. I'd also like to thank you for taking the site down quickly and leaving it offline until you could ensure security. Plenty of admins would have just gotten it back up as quickly as possible for the sake of revenue.

PM me if you want to advertise on this signature.
dragonkid
Member
**
Offline Offline

Activity: 84
Merit: 10



View Profile
October 07, 2013, 10:03:28 AM
 #25

Goodjob theymos.

are you fucking kidding me?

What do you mean.
Are you not happy to see forum back again?

well i hope that was a sarcastic "good job"

theymos, upgrade smf for the love of Christ.




I agreed with r3wt. From my understanding there was a security patch for the 2.0 but not 1.1.18 in 1st October. They stop patching 1.1.18. I think it is time to upgrade. Also I suggest you use either Nessus or OpenVAS to scan the forum to see if there are any other problem with the webserver configuration.

chipug
Full Member
***
Offline Offline

Activity: 165
Merit: 100


696B6111


View Profile
October 07, 2013, 10:09:32 AM
 #26

Theymos - Thank you for keeping the forum warm. If people complain, maybe they should go camping with another forum Wink
greyhawk
Hero Member
*****
Offline Offline

Activity: 924
Merit: 1000


View Profile
October 07, 2013, 10:20:28 AM
 #27

So this site has backdoor since 2011?

btceic
Sr. Member
****
Offline Offline

Activity: 392
Merit: 250


♫ A wave came crashing like a fist to the jaw ♫


View Profile WWW
October 07, 2013, 10:23:59 AM
 #28

Any idea what this is about?



http://www.reddit.com/r/Bitcoin/comments/1nw4py/something_awful_forums_admit_responsibility_for/


♫ This situation, which side are you on? Are you getting out? Are you dropping bombs? Have you heard of diplomatic resolve? ♫ How To Run A Cheap Full Bitcoin Node For $19 A Year ♫ If I knew where it was, I would take you there. There’s much more than this. ♫ Track Your Bitcoins Value
simonk83
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000


View Profile
October 07, 2013, 10:25:17 AM
 #29

If only all those thousands of dollars in donations had actually been put to purpose hey  Roll Eyes
b!z
Legendary
*
Offline Offline

Activity: 1582
Merit: 1006



View Profile
October 07, 2013, 10:34:43 AM
 #30

Thank you for the information, theymos. I'm glad the forum is back.
aigeezer
Legendary
*
Offline Offline

Activity: 1435
Merit: 1010


Cryptanalyst castrated by his government, 1952


View Profile
October 07, 2013, 12:10:35 PM
 #31

Great to see the site back up. While it was down there was a lot of media mischief to the effect that "BTC is dead and will never recover". (I won't dignify the FUD with sample links). With that in mind, for "next time", I'd suggest putting up a brb splash page of some kind during an outage. This time people could go to reddit if they knew how, but otherwise were left in the dark to be spun by the FUDsters.

Also, given the nature of some of the spin out there, is there an informed "official" position on the (lack of?) correlation between the forum attack and the SR takedown? Is there an "official" position on the absence of a major BTC price crash during the dark period?



stylesuxx
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile
October 07, 2013, 12:34:34 PM
 #32

Attackers never really get anything out of their efforts in the end.
Mhhh,... the only ones to know what they got are the attackers, I guess.
To say that they did not get anything is just speculation.
phelix
Legendary
*
Offline Offline

Activity: 1708
Merit: 1000


nmc:id/phelix


View Profile
October 07, 2013, 12:43:10 PM
 #33


Bounties for reporting future vulnerabilities would be nice.

It is somewhat scary that admins can modify forum code from within the forum itself if I understand correctly.



blockchained.com ■ bitcointalk top posts
surebet
Hero Member
*****
Offline Offline

Activity: 485
Merit: 500



View Profile
October 07, 2013, 12:43:27 PM
 #34


I guess it means you guys shouldn't only screen cap the gibbis thread.

In case anyone missed it, here's a backup of the assets of the hack.

http://crymore.com/btc/

I guess I should mention that I didn't do it.
Fiyasko
Legendary
*
Offline Offline

Activity: 1428
Merit: 1000


Okey Dokey Lokey


View Profile
October 07, 2013, 12:49:46 PM
 #35

In the reddit thread...

Theymos says it was someone from SA, How does he know that? If he KNOWS who it was, why not tell us all?

Aside from that little peice of wonder, IM HAPPY THE FORUMS ARE BACK! Grin

http://bitcoin-otc.com/viewratingdetail.php?nick=DingoRabiit&sign=ANY&type=RECV <-My Ratings
https://bitcointalk.org/index.php?topic=857670.0 GAWminers and associated things are not to be trusted, Especially the "mineral" exchange
surebet
Hero Member
*****
Offline Offline

Activity: 485
Merit: 500



View Profile
October 07, 2013, 12:54:16 PM
 #36

In the reddit thread...

Theymos says it was someone from SA, How does he know that? If he KNOWS who it was, why not tell us all?

Because all the "zOMG FBI ARE WATCHING!!!" threads amuse him?
theymos
Administrator
Legendary
*
Offline Offline

Activity: 3178
Merit: 3826


View Profile
October 07, 2013, 01:08:29 PM
 #37

It is somewhat scary that admins can modify forum code from within the forum itself if I understand correctly.

That's how Satoshi set it up (maybe the SMF default), but I fixed it a while ago.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
surebet
Hero Member
*****
Offline Offline

Activity: 485
Merit: 500



View Profile
October 07, 2013, 02:08:54 PM
 #38

Cloudflare was identified on our end as well.
zeeshanblc
Sr. Member
****
Offline Offline

Activity: 392
Merit: 250



View Profile
October 07, 2013, 02:48:45 PM
 #39

Thanks Admin, Glad to see this forum is back again.
deslok
Sr. Member
****
Offline Offline

Activity: 462
Merit: 250


It's all about the game, and how you play it


View Profile
October 07, 2013, 03:33:21 PM
 #40


The forum is now on a new server inside of a virtual machine with many extra security precautions which will hopefully provide some security in depth in case there are more exploits or backdoors. Also, I have disabled much SMF functionality to provide less attack surface. In particular, non-default themes are disabled for now.



You mean you've taken this opportunity to force ads on all of us(which are disabled by the actual SMF default theme) by defaulting to your custom theme.

"If we don't hang together, by Heavens we shall hang separately." - Benjamin Franklin

If you found that funny or something i said useful i always appreciate spare change
1PczDQHfEj3dJgp6wN3CXPft1bGB23TzTM
Pages: « 1 [2] 3 4 5 6 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!