Bitcoin Forum
June 16, 2024, 03:15:18 PM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: LocalBitCoins.Com Site Down?  (Read 3977 times)
vaisajne (OP)
Full Member
***
Offline Offline

Activity: 224
Merit: 100



View Profile
February 12, 2014, 06:20:19 AM
 #1

It seems that the site is not responding. The following message appears,

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, support@localbitcoins.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.


Have they brought the site down for any corrections ?

designbuyers
Sr. Member
****
Offline Offline

Activity: 325
Merit: 253



View Profile WWW
February 12, 2014, 06:53:11 AM
 #2

It's fixed now, Site are Working fine.

dscotese
Sr. Member
****
Offline Offline

Activity: 444
Merit: 250


I prefer evolution to revolution.


View Profile WWW
April 28, 2014, 03:31:07 AM
 #3

I figured I'd re-open this thread since LBC is giving this same error again.

While the localbitcoins.com server(s?) is down, you can watch their blogspot page since they might update us there while their main service is unavailable: http://localbitcoins.blogspot.com/

Gee, I should check my browser's cache before posting these things!

Hey Mozilla, why do you cache a 500 Internal Server Error page?  The response code is 500; kind of pointless to cache it, don't you think?  Or maybe it wasn't Mozilla?  Someone did...

I like to provide some work at no charge to prove my valueAvoid supporting terrorism!
Satoshi Nakamoto: "He ought to find it more profitable to play by the rules."
RockHound
Full Member
***
Offline Offline

Activity: 224
Merit: 100


View Profile
April 28, 2014, 03:36:08 AM
 #4

Twitter Updates here:

https://twitter.com/LocalBitcoins

Looks like they are moving to Swiss-based servers, should be back up in a day or so.
Shogen
Legendary
*
Offline Offline

Activity: 966
Merit: 1001



View Profile
April 28, 2014, 07:19:20 AM
 #5

Twitter Updates here:

https://twitter.com/LocalBitcoins

Looks like they are moving to Swiss-based servers, should be back up in a day or so.

Looks like the site is back up now Smiley

hmeds
Newbie
*
Offline Offline

Activity: 44
Merit: 0


View Profile
April 28, 2014, 09:56:45 AM
 #6

Done moving to Swiss-based servers, site is active. Cheesy
dscotese
Sr. Member
****
Offline Offline

Activity: 444
Merit: 250


I prefer evolution to revolution.


View Profile WWW
May 03, 2014, 06:31:26 PM
 #7

One of my customers and I are both now unable to reach the localbitcoins website.  There is no info about this on their blog either.

I like to provide some work at no charge to prove my valueAvoid supporting terrorism!
Satoshi Nakamoto: "He ought to find it more profitable to play by the rules."
Soros Shorts
Donator
Legendary
*
Offline Offline

Activity: 1617
Merit: 1012



View Profile
May 03, 2014, 07:24:04 PM
 #8

One of my customers and I are both now unable to reach the localbitcoins website.  There is no info about this on their blog either.
Yes, down for me too. Right in the middle of a transaction too.
Pony789
Hero Member
*****
Offline Offline

Activity: 882
Merit: 1000



View Profile
May 03, 2014, 08:28:53 PM
 #9

One of my customers and I are both now unable to reach the localbitcoins website.  There is no info about this on their blog either.

The update has been put up in the blog now.
Quote
Saturday, May 3, 2014
Attack against LocalBitcoins infrastructure 3.5.2014
LocalBitcoins received a very dangerous attack against the site infrastructure on Saturday 3.5.2014.
For now

    All user data and Bitcoins are safe;
    The site will be down for a while as the system is being rebuilt

Details
LocalBitcoins hosting provided received a request to restart the LocalBitcoins.com website server and give access to the server console (root) on Sat May 3 13:32:27. LocalBitcoins team did not initiate this request. For now, it looks like the request was made using spoofed email addresses and other weakness in the hosting provider support system.

    LocalBitcoins team was alerted about the abnormal activity when the hosting provider restarted the server.
    The attacker gained a root access to the server for ~40 minutes before the attacker was kicked out and the server shutdown.
    All data on the website server is encrypted. Manual actions are needed to make this data readable, so the attacker could not gain access to the data even when having a server console access.

It is very unlikely that the attacker gained access to any data;  LocalBitcoins is still performing full investigation on the matter.

    Bitcoins in hot wallet and cold wallet are safe, as LocalBitcoins runs its bitcoind and wallets on a separate server.
    LocalBitcoins team has started to rebuild the website server on fresh hardware.

LocalBitcoins team will make further announcements when the investigation proceeds and the site becomes available again.  We expect to spend at least 24 hours on this. LocalBitcoins team apologizes the issues the downtime may cause to the users.



Posted by Andrei Zillo at 10:17 PM

dscotese
Sr. Member
****
Offline Offline

Activity: 444
Merit: 250


I prefer evolution to revolution.


View Profile WWW
May 03, 2014, 09:21:37 PM
 #10

A reasonable encryption strategy is to be able to decrypt with a password of at least 12 (more like 15 - 20) characters for access that lasts a few minutes, or a much longer password (40 characters or more) for access that lasts an hour or two.  If we assume that the hacker grabbed a copy of enough information to be able to start an exhaustive search for the password, LBC knows how long we can expect his search to go on before he finds it.

If his search is ever successful, what data will be compromised?

Is there a list of BTC addresses that LBC can provide to miners, asking them to filter out transactions from them until further notice?

A protocol for that kind of lock would be nice. I would honor it if I were mining. Just a simple request "please lock this BTC addy until further notice," signed with the address would do. It could be broadcast in any transaction and thereby get to all miners.

Ahh, of course if it could be unlocked with a signature from the same address, it would be kind of useless.  But suppose it had to be unlocked with a signature from the same address that locked it?  So the attacker would need that external address' private key too.

I like to provide some work at no charge to prove my valueAvoid supporting terrorism!
Satoshi Nakamoto: "He ought to find it more profitable to play by the rules."
Soros Shorts
Donator
Legendary
*
Offline Offline

Activity: 1617
Merit: 1012



View Profile
May 03, 2014, 09:50:56 PM
 #11

A reasonable encryption strategy is to be able to decrypt with a password of at least 12 (more like 15 - 20) characters for access that lasts a few minutes, or a much longer password (40 characters or more) for access that lasts an hour or two.  If we assume that the hacker grabbed a copy of enough information to be able to start an exhaustive search for the password, LBC knows how long we can expect his search to go on before he finds it.

If his search is ever successful, what data will be compromised?

Is there a list of BTC addresses that LBC can provide to miners, asking them to filter out transactions from them until further notice?

A protocol for that kind of lock would be nice. I would honor it if I were mining. Just a simple request "please lock this BTC addy until further notice," signed with the address would do. It could be broadcast in any transaction and thereby get to all miners.

Ahh, of course if it could be unlocked with a signature from the same address, it would be kind of useless.  But suppose it had to be unlocked with a signature from the same address that locked it?  So the attacker would need that external address' private key too.
Hopefully they used a tiered architecture and kept most of their important data on different servers than the web server. They did say they kept their wallets on a different server, so I would hope that they kept their transactional systems and databases on a separate non-internet facing server as well. The web server is usually the first point of that is attacked, so you shouldn't be keeping anything there except the web programs to render and display the web pages and maybe some transient data.
leopard2
Legendary
*
Offline Offline

Activity: 1372
Merit: 1014



View Profile
May 04, 2014, 01:46:39 AM
 #12

So worst case the attacker can get ahold of user name, password, btc address, email.

So what?

He cannot get the coins (no private keys) and it is very likely that there will be a password change at first login. Those with 2FA, don't have to worry at all - your phone is not compromised :-)

Just alot of hassle. Unless they are lying and all coins are gone ...  Undecided

Truth is the new hatespeech.
johnyj
Legendary
*
Offline Offline

Activity: 1988
Merit: 1012


Beyond Imagination


View Profile
May 17, 2014, 04:58:01 PM
 #13

Down again Huh

merakicoin
Newbie
*
Offline Offline

Activity: 56
Merit: 0


View Profile
May 17, 2014, 05:18:21 PM
Last edit: May 17, 2014, 05:33:20 PM by merakicoin
 #14

Down again Huh

yeah lame sauce.

Quote
12:59 < tomfoolery> edgar hylje_ moo-_- jeremias nikolaus any ideas when it will be back online?
13:00 < tomfoolery> edgar hylje_ moo-_- jeremias nikolaus imo regardless of time of day or day of the week there should be very fast responses when the server goes offline

At the time I said that it had been down for ~1 hour and 15 minutes(roughly 00:45UTC).
scottemick
Newbie
*
Offline Offline

Activity: 12
Merit: 0


View Profile
May 18, 2014, 03:24:31 AM
 #15

It is down again now for 12 hours.
Sad
The lack of news from @localbitcoins and @kangasbros is unsettling.

Scott
hugoc
Newbie
*
Offline Offline

Activity: 21
Merit: 0


View Profile
May 18, 2014, 03:38:43 AM
 #16

i cannot access LocalBitCoins Huh
RockHound
Full Member
***
Offline Offline

Activity: 224
Merit: 100


View Profile
May 18, 2014, 05:48:58 AM
 #17

https://twitter.com/LocalBitcoins

http://localbitcoins.blogspot.co.uk/2014/05/unexcepted-downtime.html

Hope nothing too serious, LBC usually pretty fast with updates/fixes
RockHound
Full Member
***
Offline Offline

Activity: 224
Merit: 100


View Profile
May 18, 2014, 01:59:18 PM
 #18

Posted on Localbitcoins website:



Crap. The site is unavailable.

Looks like there is a network problem at our hosting provider. We are sorry for problem; LocalBitcoins team is working hard to get the site back up.

    The issue begin on the Saturday night 17.5.2014 CET.
    This is not a security issue, but hardware and network problem. We haven't received a response from the hosting provider yet.
    We are in the progress to get the site up.
    All trades and Bitcoins are safe, however we have problems to get the site to connect to Internet.
    Please follow us on Twitter for the latest updates.
    This is a temporary page and will be replaced by the real site as soon as the problem is fixed.

bryant.coleman
Legendary
*
Offline Offline

Activity: 3696
Merit: 1217


View Profile
May 18, 2014, 05:12:44 PM
 #19

This is their latest tweet: Trying to get service back up. Can't provide ETA yet. All btc is safe, all data is safe, this is not a security breach but a server problem.. The important question is, can we trust them?
dscotese
Sr. Member
****
Offline Offline

Activity: 444
Merit: 250


I prefer evolution to revolution.


View Profile WWW
May 18, 2014, 05:25:44 PM
 #20

This is their latest tweet: Trying to get service back up. Can't provide ETA yet. All btc is safe, all data is safe, this is not a security breach but a server problem.. The important question is, can we trust them?
Everyone in a position to worry about that question has already answered it (in the affirmative).

While I do trust the Kangas brothers, they also have employees and local authorities, not to mention hackers and other criminals to worry about.  All those risk factors are greatly mitigated by transparency, and even more greatly mitigated by diversifying your bitcoin holdings across several wallet providers (including yourself).

I like to provide some work at no charge to prove my valueAvoid supporting terrorism!
Satoshi Nakamoto: "He ought to find it more profitable to play by the rules."
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!