Bitcoin Forum
December 10, 2016, 01:13:01 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 [3] 4 5 6 7 8 9 10 11 12 13 »  All
  Print  
Author Topic: Info about the recent attack  (Read 48946 times)
JonHind
Full Member
***
Offline Offline

Activity: 126


View Profile
September 11, 2011, 07:52:01 AM
 #41

Any admin hosting a site which deals with discussions of a financial nature who couldn't even be bothered to upgrade along the 1.1.xx path (yet alone switch to v.2) should hang their head in shame.

What are you talking about? This is the latest upgrade in the 1.1.xx path.
Sorry, I stand corrected. Weren't you running 1.1.13 until very recently? I still stand by the other points raised though.
Quote
I am not aware of any other vulnerabilities. If vulnerabilities exist, report them to me and I will take the forum down until they are fixed.
How to keep abreast of security vulnerabilities in SMF 1.1.14 - From there you should be able to click your way to discovering less known vulnerabilities. Also, a tip: Check your plugins for holes.

If you need any further help, I normally charge £200ph an hour for IT consultancy, though I've never worked on any site which has ever used SMF. PM me if you are interested and I will forward you my wallet info.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
wumpus
Hero Member
*****
Offline Offline

Activity: 798

No Maps for These Territories


View Profile
September 11, 2011, 07:52:16 AM
 #42

He is providing free hosting. He is not "taking over Bitcointalk". In that IRC excerpt I even say that Sirius will retain control of the DNS.
Please please please tell him to not host this forum on any server even close to a server for the trading site. I'd hate to see it used as an attack vector.

Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through FileBackup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
TiagoTiago
Hero Member
*****
Offline Offline

Activity: 616


Firstbits.com/1fg4i                :Ƀ


View Profile
September 11, 2011, 07:55:58 AM
 #43

Where can i find more information on what exactly is in the way of upgrading to 2.somthing?

(I dont always get new reply notifications, pls send a pm when you think it has happened)

Wanna gimme some BTC for any or no reason? 1FmvtS66LFh6ycrXDwKRQTexGJw4UWiqDX Smiley

The more you believe in Bitcoin, and the more you show you do to other people, the faster the real value will soar!

Do you like mmmBananas?!
theymos
Administrator
Legendary
*
Offline Offline

Activity: 2506


View Profile
September 11, 2011, 08:12:44 AM
 #44

Where can i find more information on what exactly is in the way of upgrading to 2.somthing?

I need updated versions of these mods (some of them might already exist or be covered by the new core):
Custom Profile Field Mod
Edit_Display_Name_Permission
Ignore Boards
Prevent Adding Signature Images And Links
Ignore user

There are also two major custom modifications:
- Membergroup membership based on time online as well as posts
- Advanced CAPTCHAs

I'd also like to use the same theme we have now.

I'd really prefer to move to some other forum software rather than upgrade, though. SMF is not well-written.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
pekv2
Hero Member
*****
Offline Offline

Activity: 770



View Profile
September 11, 2011, 08:13:25 AM
 #45

Valid question.

theymos, did they have access to our IP's connected to our user accounts by any chance?
knightmb
Sr. Member
****
Offline Offline

Activity: 308


Timekoin - Save Electricity, Don't Waste It!


View Profile WWW
September 11, 2011, 08:33:34 AM
 #46

Valid question.

theymos, did they have access to our IP's connected to our user accounts by any chance?
As admin, they would have access to all, including that.

pekv2
Hero Member
*****
Offline Offline

Activity: 770



View Profile
September 11, 2011, 08:39:54 AM
 #47

Valid question.

theymos, did they have access to our IP's connected to our user accounts by any chance?
As admin, they would have access to all, including that.

omy. Well, for the hell of it, I've taken the listed IP's in OP, did whois, got the IP ranges and popped them in my blockzones of my firewall.
kokjo
Legendary
*
Offline Offline

Activity: 1050

You are WRONG!


View Profile
September 11, 2011, 08:46:24 AM
 #48

you did say that he paid, right?

are you able to trace his payment back to an account on some of the exchanges?

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
mizerydearia
Hero Member
*****
Offline Offline

Activity: 574



View Profile
September 11, 2011, 08:49:14 AM
 #49

I cannot recall where I read it, but I think theymos (was it someone else?) mentioned that only a few bitcoin community members were contacted by email regarding volunteers for hosting the forum.  Is it possible to shed some light on the people that were contacted so the community knows who were the only people that had opportunity to volunteer to host the forum?
theymos
Administrator
Legendary
*
Offline Offline

Activity: 2506


View Profile
September 11, 2011, 09:01:10 AM
 #50

you did say that he paid, right?

are you able to trace his payment back to an account on some of the exchanges?

He paid to 1JadERuRgxMgrNcpCPmG35wbYkb7d6jZkw.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
im3w1l
Sr. Member
****
Offline Offline

Activity: 280


View Profile
September 11, 2011, 09:05:28 AM
 #51

you can go hunter2 my hunter2-ing hunter2!
Are-you-a-wizard?
Member
**
Offline Offline

Activity: 98



View Profile
September 11, 2011, 09:06:24 AM
 #52

I'm done with this bullshit. Every month my password is leaked by fail bitcoin sites and their shit security.

Yes, I use different passwords for each site. I don't give a flying fuck.

This is unacceptable,
bye
kokjo
Legendary
*
Offline Offline

Activity: 1050

You are WRONG!


View Profile
September 11, 2011, 09:10:13 AM
 #53

you did say that he paid, right?

are you able to trace his payment back to an account on some of the exchanges?

He paid to 1JadERuRgxMgrNcpCPmG35wbYkb7d6jZkw.
then can you have some of the exchanges to check, who cashed out to that address.
or trace it back to when the coins last come in contact with an exchange.

make a list of involved addresses, and then check them.

you could get an account/address(real world) of the attacker.

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
makomk
Hero Member
*****
Offline Offline

Activity: 686


View Profile
September 11, 2011, 09:54:38 AM
 #54

How to keep abreast of security vulnerabilities in SMF 1.1.14 - From there you should be able to click your way to discovering less known vulnerabilities. Also, a tip: Check your plugins for holes.
Ah, so you can't actually point to any then? I even Googled for this specific vulnerability when I noticed theymos's post about it - nada.

(It looks like SMF 2.0 probably doesn't have this vulnerability due to a much-needed restructuring of how they handle the database, but I'm not sure I'd trust it to be secure; whoever rewrote SMF should've spotted there was something fishy about the existing code if they were security-conscious.)

Quad XC6SLX150 Board: 860 MHash/s or so.
SIGS ABOUT BUTTERFLY LABS ARE PAID ADS
haploid23
Legendary
*
Offline Offline

Activity: 812



View Profile WWW
September 11, 2011, 09:54:49 AM
 #55

my password has 11 characters total: 1 symbol, 8 letters, and 2 numbers. what are the chances it gets broken into after it's hashed?

ovidiusoft
Sr. Member
****
Offline Offline

Activity: 252


View Profile
September 11, 2011, 10:08:52 AM
 #56

my password has 11 characters total: 1 symbol, 8 letters, and 2 numbers. what are the chances it gets broken into after it's hashed?

After hashing, very little. But:

Quote
The attacker was capable of running arbitrary PHP code, and he could have therefore copied all password hashes and read all personal messages. He also could have done all of the things that admins can normally do, such as editing/deleting/moving posts.

You should assume that if you entered your password while logging in after sept 3rd, it was intercepted while still in plaintext. Change it.
EskimoBob
Legendary
*
Offline Offline

Activity: 910


Quality Printing Services by Federal Reserve Bank


View Profile
September 11, 2011, 10:15:18 AM
 #57

DO NOT USE WEBSITES TO GENERATE YOUR PASSWORDS

There is a good chance that your new and shiny password is stored for later attacks!

Create 4 random passwords which contains no special characters and are 10 characters long:
Code:
cat /dev/urandom| tr -dc 'a-zA-Z0-9' | fold -w 10| head -n 4



Create 4 random passwords which DO contains special characters and are 12 characters long:
Code:
$ cat /dev/urandom| tr -dc 'a-zA-Z0-9-_!@#$%^&*()_+{}|:<>?='|fold -w 12| head -n 4| grep -i '[!@#$%^&*()_+{}|:<>?=]'



While reading what I wrote, use the most friendliest and relaxing voice in your head.
BTW, Things in BTC bubble universes are getting ugly....
fadisaaida
Member
**
Offline Offline

Activity: 103


View Profile
September 11, 2011, 10:18:25 AM
 #58

The vulnerabilities in 1.1.14 have been known for a LONG time. You can hardly call what SA did a 0-day exploit. While 1.1.14 might still be 'supported', it is full of security holes. The admins of this site have been aware of these vulnerabilities for a while, as quite a few people (myself included) have pointed out the dangers of using 1.1.14.

Seriously i spent 5 minutes trying to see where did you point it out before ? am i blind ?

Lisk.
    Develop Decentralized Applications & Sidechains in JavaScript with Lisk!
    Website | Blog | BTT Thread | Chat - Be part of the decentralized application movement!
deepceleron
Legendary
*
Offline Offline

Activity: 1470



View Profile WWW
September 11, 2011, 10:20:19 AM
 #59

He paid to 1JadERuRgxMgrNcpCPmG35wbYkb7d6jZkw.
That address was funded with exactly 10BTC with this transaction on 9-3.
We see that wallet that funded the 10BTC sent a remainder back to itself at address 1GzKzdZ7KxXboxz6ehJFqJ9vv6EFdvuBYm. Those remainder coins get sent around for a while with wallet-aggregating payments, and then they are sent to a new address with all the other little coins on 9-4 to 1FLipaPNU3FHWJz6NFetzTN6xBsjvRXKhS. Current balance? 4500BTC. That kinda looks like an exchange savings account too, so they could have gone into an exchange.

I followed a few of the coins into the sending wallet all the way back to them being mined and sent from a pool account (if the haxor was the one who mined them, the pool address owner could reveal the account), and googled some of the addresses, and they haven't been posted prominently as 'donation' addresses or such. A more extensive dump than my manual exploring could get a picture of all the addresses in the wallet and what else they've been doing, and if any of the addresses have leaked out on the internet to be matched to an identity, or have coins that have gone through an exchange.

kokjo
Legendary
*
Offline Offline

Activity: 1050

You are WRONG!


View Profile
September 11, 2011, 10:35:35 AM
 #60

He paid to 1JadERuRgxMgrNcpCPmG35wbYkb7d6jZkw.
That address was funded with exactly 10BTC with this transaction on 9-3.
We see that wallet that funded the 10BTC sent a remainder back to itself at address 1GzKzdZ7KxXboxz6ehJFqJ9vv6EFdvuBYm. Those remainder coins get sent around for a while with wallet-aggregating payments, and then they are sent to a new address with all the other little coins on 9-4 to 1FLipaPNU3FHWJz6NFetzTN6xBsjvRXKhS. Current balance? 4500BTC.

I followed a few of the coins into the sending wallet all the way back to them being mined and sent from a pool account (if the haxor was the one who mined them, the pool address owner could reveal the account), and googled some of the addresses, and they haven't been posted prominently as 'donation' addresses or such. A more extensive dump than my manual exploring could get a picture of all the addresses in the wallet and what else they've been doing, and if any of the addresses have leaked out on the internet to be matched to an identity, or have coins that have gone through an exchange.
ithink that its most likely that the coins came direcly from an exchange. i dont know why, but the acount balances are odd, and the timing between the transactions is fast(indicating some kind of online wallet, at least in my mind)

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
Pages: « 1 2 [3] 4 5 6 7 8 9 10 11 12 13 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!