Bitcoin Forum
December 11, 2016, 06:09:19 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 [4] 5 6 7 8 9 10 11 12 13 »  All
  Print  
Author Topic: Info about the recent attack  (Read 48977 times)
ShadowOfHarbringer
Legendary
*
Offline Offline

Activity: 1470


Bringing Legendary Har® to you since 1952


View Profile
September 11, 2011, 11:19:10 AM
 #61

Where can i find more information on what exactly is in the way of upgrading to 2.somthing?

I need updated versions of these mods (some of them might already exist or be covered by the new core):
Custom Profile Field Mod
Edit_Display_Name_Permission
Ignore Boards
Prevent Adding Signature Images And Links
Ignore user

There are also two major custom modifications:
- Membergroup membership based on time online as well as posts
- Advanced CAPTCHAs

I'd also like to use the same theme we have now.

I'd really prefer to move to some other forum software rather than upgrade, though. SMF is not well-written.

Apparently.

Moving to PHPBB or vBulletin is a solution to only one of your problems.
Another one is that the forums are so heavily trolled & flooded with pointless/spam post that it has become difficult to actually discuss about something seriously here.

This forum lacks a Slashdot-like moderation system. Slashdot has probably the best moderation system in the world. It automatically filters out all spam & scam messages with high effectivness. Also, it severely decreases the level of trolling.

1481436559
Hero Member
*
Offline Offline

Posts: 1481436559

View Profile Personal Message (Offline)

Ignore
1481436559
Reply with quote  #2

1481436559
Report to moderator
1481436559
Hero Member
*
Offline Offline

Posts: 1481436559

View Profile Personal Message (Offline)

Ignore
1481436559
Reply with quote  #2

1481436559
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
JeffK
Sr. Member
****
Offline Offline

Activity: 350


I never hashed for this...


View Profile
September 11, 2011, 12:26:35 PM
 #62

Where can i find more information on what exactly is in the way of upgrading to 2.somthing?

I need updated versions of these mods (some of them might already exist or be covered by the new core):
Custom Profile Field Mod
Edit_Display_Name_Permission
Ignore Boards
Prevent Adding Signature Images And Links
Ignore user

There are also two major custom modifications:
- Membergroup membership based on time online as well as posts
- Advanced CAPTCHAs

I'd also like to use the same theme we have now.

I'd really prefer to move to some other forum software rather than upgrade, though. SMF is not well-written.

Apparently.

Moving to PHPBB or vBulletin is a solution to only one of your problems.
Another one is that the forums are so heavily trolled & flooded with pointless/spam post that it has become difficult to actually discuss about something seriously here.

This forum lacks a Slashdot-like moderation system. Slashdot has probably the best moderation system in the world. It automatically filters out all spam & scam messages with high effectivness. Also, it severely decreases the level of trolling.

Slashdot's moderation system, much like reddit's, only filters out non-groupthink.


I really have a hard time believing this was a 0-day, especially with the last version of the forum being so dated - it sounds like a CYA excuse.
mikeo
Full Member
***
Offline Offline

Activity: 185



View Profile
September 11, 2011, 12:30:50 PM
 #63

I'd like to see vBulletin used as well. I've read that it takes lower cpu load than most php free boards and it has some features I think would be nice here. Ubuntu forums and many other busy forums run on it. I know it costs some money but not that much.

Edit: I don't know if there is an import tool for vB. I'd hope so because losing past posts and all the info held in them is not really an option.
@theymos,

I own a copy of VBulletin that is not in use and would gladly donate it to you for use here if you want to pursue migrating.

If this post tickles your fancy or helped you make more bitcoin I'll gladly take a tip:
17DWhv9f5TkRDL6kyA45qiG34d4v1QiwqE
SoreGums
Member
**
Offline Offline

Activity: 116



View Profile
September 11, 2011, 12:31:38 PM
 #64

Create 4 random passwords which contains no special characters and are 10 characters long:
Code:
cat /dev/urandom| tr -dc 'a-zA-Z0-9' | fold -w 10| head -n 4
Create 4 random passwords which DO contains special characters and are 12 characters long:
Code:
$ cat /dev/urandom| tr -dc 'a-zA-Z0-9-_!@#$%^&*()_+{}|:<>?='|fold -w 12| head -n 4| grep -i '[!@#$%^&*()_+{}|:<>?=]'
that's pretty neat little script - cheers Wink

I'm going to stick to lastpass though...
bitstarter
Sr. Member
****
Offline Offline

Activity: 301


BitcoinStarter.com Support Account


View Profile WWW
September 11, 2011, 12:56:15 PM
 #65

Just glad to have it back Smiley

Bitcoin Crowd Funding! Bitcoinstarter.com
superpc
Jr. Member
*
Offline Offline

Activity: 57


View Profile
September 11, 2011, 01:07:48 PM
 #66

How could they let this happen?  The security of this forum is vital to your users.  This should have not happened today.  The admins need to upgrade the version of this forum's software(well, PHP) to SMF 2.0 or switch to PHPBB or VBulletin.

makomk
Hero Member
*****
Offline Offline

Activity: 686


View Profile
September 11, 2011, 01:10:32 PM
 #67

I really have a hard time believing this was a 0-day, especially with the last version of the forum being so dated - it sounds like a CYA excuse.
If it was a security vulnerability in the forum software, and it wasn't caused by one of the mods they installed, it pretty much has to be. There are no relevant public vulnerabilities for SMF 1.1.14 or 1.1.13. (Though having looked closer, I'm not sure if it is a vulnerability at all... decidedly dodgy code at the very least though.)

Quad XC6SLX150 Board: 860 MHash/s or so.
SIGS ABOUT BUTTERFLY LABS ARE PAID ADS
dvide
Jr. Member
*
Offline Offline

Activity: 59



View Profile
September 11, 2011, 01:39:29 PM
 #68

I just tried changing my password and it says my current password is wrong.
So I cannot change to a new one now.

Is it likely that passwords were changed on many/most accounts or did you wipe out old ones at some point?

BTW if the hacker still has some fingers in here then forcing us to enter our password for changing would expose the password. So hopefully some script wasn't modified to send passwords to him when an attempt was made to change it...

(Not a big problem for me as all my passwords are different and random 25 char strings)
I'm also having this problem. Funny thing is, if I use incognito mode to get a new session I can log in using my old password, but it's not accepting it for changing my password.
antares
Hero Member
*****
Offline Offline

Activity: 518


View Profile
September 11, 2011, 01:44:52 PM
 #69

Simple Question, besides it's beyond that other things that have been said in this thread.
This one is @theymos directly:
Would it have been so damn hard to take the forum down and insert a little static HTML page, indicating to users that the site was offline and being worked on?

actions like simply taking the forum offline hurt the confidence of people in bitcoin.
ctoon6
Sr. Member
****
Offline Offline

Activity: 350



View Profile
September 11, 2011, 01:52:38 PM
 #70

is my password safe if i used a 64char hexadecimal?

kokjo
Legendary
*
Offline Offline

Activity: 1050

You are WRONG!


View Profile
September 11, 2011, 01:54:38 PM
 #71

is my password safe if i used a 64char hexadecimal?
do the math yourself.

serrouisly you guys, learn about password strength, and hashing algo's.

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
dvide
Jr. Member
*
Offline Offline

Activity: 59



View Profile
September 11, 2011, 01:55:35 PM
 #72

I just tried changing my password and it says my current password is wrong.
So I cannot change to a new one now.

Is it likely that passwords were changed on many/most accounts or did you wipe out old ones at some point?

BTW if the hacker still has some fingers in here then forcing us to enter our password for changing would expose the password. So hopefully some script wasn't modified to send passwords to him when an attempt was made to change it...

(Not a big problem for me as all my passwords are different and random 25 char strings)
I'm also having this problem. Funny thing is, if I use incognito mode to get a new session I can log in using my old password, but it's not accepting it for changing my password.
Ok something is definitely broken. I just used the forgot password function to reset my password, because it wasn't working from within my account, but then I could not log in at all using either my new password or my old one. Both passwords were 25 characters with special characters and spaces. I used the forgot password again to reset it to a 16 char password without special characters or spaces, and then I was able to login.

So something WRT to either length, special characters or spaces has a problem. Also none of the passwords I tried used a space at either the start or the end, so it's not trimming the string that is my problem.
Gabi
Legendary
*
Offline Offline

Activity: 1050


View Profile
September 11, 2011, 01:56:28 PM
 #73

Basically in the whole forum we keep discussing about security and guess that? The forum itself get HACKED  Roll Eyes

Basically everything keep getting hacked despite all our security discussion and almost always due to ridicolous negligences (yay the bug in the forum was in the thing that modify tags for donators, a thing added some week ago and guess what? hackable!)

Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1302


Bitcoin: An Idea Worth Spending


View Profile
September 11, 2011, 01:57:16 PM
 #74

I'm done with this bullshit. Every month my password is leaked by fail bitcoin sites and their shit security.

Yes, I use different passwords for each site. I don't give a flying fuck.

This is unacceptable,
bye

Keep in mind, the annualized inflation rate of bitcoin is ~37.6% at the moment.  If the price holds steady it means that there is enough new demand to keep up with this pace of inflation.  To me, it seems quite natural that the variance in demand relative to the rate of inflation in such a small market is bound to create substantial volatility in both directions.  People should be more surprised that the price stuck at around $14 or $15 for so long.  

The absolute number of miners has nothing to do with it...the question is simply to what degree the net demand is increasing in relation to the supply.  A miner that sells all of their generated bitcoins are reducing net demand (just like anyone else selling bitcoins) while a miner that holds all of their generated bitcoins and increasing net demand (just like anyone else buying bitcoins).

The breaches, the hacks, and the fading media attention are probably all contributing to a lull in demand at the moment.

Somebody buy this man a beer.

Smart Money Drives the Financial Markets?
Let's hear what Tom Williams has to say about all this: http://www.youtube.com/watch?v=6jwEwlZnSFY

Tom and Gavin being interviewed: http://www.youtube.com/watch?v=wYowjdORSNQ

LZ
Staff
Legendary
*
Offline Offline

Activity: 1456


Satoshi everywhere!


View Profile WWW
September 11, 2011, 01:58:37 PM
 #75

can you migrate the forum to VBulletin ?
vBulletin is a commercial forum software. SMF is really open source and free.

"Never invest unless you can afford to lose your entire investment." © S3052
ctoon6
Sr. Member
****
Offline Offline

Activity: 350



View Profile
September 11, 2011, 02:01:16 PM
 #76

is my password safe if i used a 64char hexadecimal?
do the math yourself.

serrouisly you guys, learn about password strength, and hashing algo's.

it was a joke, obviously my password is good for at least 100 years for current day technology, mostly due to its sheer length.

although i think i may use base64 anyway just to be on the safe side.

Tuxavant
Hero Member
*****
Offline Offline

Activity: 756


Bitcoin Mayor of Las Vegas


View Profile WWW
September 11, 2011, 02:01:44 PM
 #77

Create 4 random passwords which contains no special characters and are 10 characters long:
Code:
cat /dev/urandom| tr -dc 'a-zA-Z0-9' | fold -w 10| head -n 4
Create 4 random passwords which DO contains special characters and are 12 characters long:
Code:
$ cat /dev/urandom| tr -dc 'a-zA-Z0-9-_!@#$%^&*()_+{}|:<>?='|fold -w 12| head -n 4| grep -i '[!@#$%^&*()_+{}|:<>?=]'
that's pretty neat little script - cheers Wink

I'm going to stick to lastpass though...

Then there's always 'pwgen'

Can someone explain to me how/why lastpass.com is better than your browser's password store? I use pwgen to generate seriously crazy passwords for each individual site and let my browser remember the passwords. Nobody has access to my computer except me, and even when they do, it's through their own account.

Generation Bitcoin | G+ | FB | Bitcoins In Vegas | CoinBus.com | TOR Exit Operator 1MVTPATVCKBMfALRHJsXpHfKJu7GyL7nAc
wknight
Legendary
*
Offline Offline

Activity: 889


Bitcoin calls me an Orphan


View Profile WWW
September 11, 2011, 02:02:42 PM
 #78

Great to have the forums back. Plain and simple!

Mining Both Bitcoin and Litecoin.
BkkCoins
Hero Member
*****
Offline Offline

Activity: 784


firstbits:1MinerQ


View Profile WWW
September 11, 2011, 02:16:45 PM
 #79

can you migrate the forum to VBulletin ?
vBulletin is a commercial forum software. SMF is really open source and free.
Yes, it is commercial and from I've read, worth it. I don't believe Canonical would use it for the Ubuntu forums if there was an open source package that was as good. It's also used by WebHostingTalk, one of the biggest web host forums.

The question is whether content can be brought over.

BkkCoins
Hero Member
*****
Offline Offline

Activity: 784


firstbits:1MinerQ


View Profile WWW
September 11, 2011, 02:17:54 PM
 #80

I just tried changing my password and it says my current password is wrong.
So I cannot change to a new one now.

Is it likely that passwords were changed on many/most accounts or did you wipe out old ones at some point?

BTW if the hacker still has some fingers in here then forcing us to enter our password for changing would expose the password. So hopefully some script wasn't modified to send passwords to him when an attempt was made to change it...

(Not a big problem for me as all my passwords are different and random 25 char strings)
I'm also having this problem. Funny thing is, if I use incognito mode to get a new session I can log in using my old password, but it's not accepting it for changing my password.
Ok something is definitely broken. I just used the forgot password function to reset my password, because it wasn't working from within my account, but then I could not log in at all using either my new password or my old one. Both passwords were 25 characters with special characters and spaces. I used the forgot password again to reset it to a 16 char password without special characters or spaces, and then I was able to login.

So something WRT to either length, special characters or spaces has a problem. Also none of the passwords I tried used a space at either the start or the end, so it's not trimming the string that is my problem.

It's starting to sound like the password change code uses different validity criteria than the login code.

Pages: « 1 2 3 [4] 5 6 7 8 9 10 11 12 13 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!