|
vaisajne (OP)
|
 |
February 12, 2014, 06:20:19 AM |
|
It seems that the site is not responding. The following message appears, Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, support@localbitcoins.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.Have they brought the site down for any corrections ? |
|
|
|
|
designbuyers
|
 |
February 12, 2014, 06:53:11 AM |
|
It's fixed now, Site are Working fine.
|
|
|
|
|
dscotese
|
|
April 28, 2014, 03:31:07 AM |
|
I figured I'd re-open this thread since LBC is giving this same error again. While the localbitcoins.com server(s?) is down, you can watch their blogspot page since they might update us there while their main service is unavailable: http://localbitcoins.blogspot.com/Gee, I should check my browser's cache before posting these things! Hey Mozilla, why do you cache a 500 Internal Server Error page? The response code is 500; kind of pointless to cache it, don't you think? Or maybe it wasn't Mozilla? Someone did... |
|
|
|
|
|
Shogen
Legendary
 Offline
Activity: 966
Merit: 1001
|
|
April 28, 2014, 07:19:20 AM |
|
Looks like the site is back up now  |
|
|
|
hmeds
Newbie
Offline
Activity: 44
Merit: 0
|
|
April 28, 2014, 09:56:45 AM |
|
Done moving to Swiss-based servers, site is active.  |
|
|
|
|
|
dscotese
|
|
May 03, 2014, 06:31:26 PM |
|
One of my customers and I are both now unable to reach the localbitcoins website. There is no info about this on their blog either. |
|
|
|
Soros Shorts
Donator
Legendary
Offline
Activity: 1617
Merit: 1012
|
|
May 03, 2014, 07:24:04 PM |
|
One of my customers and I are both now unable to reach the localbitcoins website. There is no info about this on their blog either. Yes, down for me too. Right in the middle of a transaction too. |
|
|
|
|
|
Pony789
|
|
May 03, 2014, 08:28:53 PM |
|
One of my customers and I are both now unable to reach the localbitcoins website. There is no info about this on their blog either. The update has been put up in the blog now. Saturday, May 3, 2014
Attack against LocalBitcoins infrastructure 3.5.2014
LocalBitcoins received a very dangerous attack against the site infrastructure on Saturday 3.5.2014.
For now
All user data and Bitcoins are safe;
The site will be down for a while as the system is being rebuilt
Details
LocalBitcoins hosting provided received a request to restart the LocalBitcoins.com website server and give access to the server console (root) on Sat May 3 13:32:27. LocalBitcoins team did not initiate this request. For now, it looks like the request was made using spoofed email addresses and other weakness in the hosting provider support system.
LocalBitcoins team was alerted about the abnormal activity when the hosting provider restarted the server.
The attacker gained a root access to the server for ~40 minutes before the attacker was kicked out and the server shutdown.
All data on the website server is encrypted. Manual actions are needed to make this data readable, so the attacker could not gain access to the data even when having a server console access.
It is very unlikely that the attacker gained access to any data; LocalBitcoins is still performing full investigation on the matter.
Bitcoins in hot wallet and cold wallet are safe, as LocalBitcoins runs its bitcoind and wallets on a separate server.
LocalBitcoins team has started to rebuild the website server on fresh hardware.
LocalBitcoins team will make further announcements when the investigation proceeds and the site becomes available again. We expect to spend at least 24 hours on this. LocalBitcoins team apologizes the issues the downtime may cause to the users.
Posted by Andrei Zillo at 10:17 PM
|
|
|
|
|
dscotese
|
|
May 03, 2014, 09:21:37 PM |
|
A reasonable encryption strategy is to be able to decrypt with a password of at least 12 (more like 15 - 20) characters for access that lasts a few minutes, or a much longer password (40 characters or more) for access that lasts an hour or two. If we assume that the hacker grabbed a copy of enough information to be able to start an exhaustive search for the password, LBC knows how long we can expect his search to go on before he finds it.
If his search is ever successful, what data will be compromised?
Is there a list of BTC addresses that LBC can provide to miners, asking them to filter out transactions from them until further notice?
A protocol for that kind of lock would be nice. I would honor it if I were mining. Just a simple request "please lock this BTC addy until further notice," signed with the address would do. It could be broadcast in any transaction and thereby get to all miners.
Ahh, of course if it could be unlocked with a signature from the same address, it would be kind of useless. But suppose it had to be unlocked with a signature from the same address that locked it? So the attacker would need that external address' private key too.
|
|
|
|
Soros Shorts
Donator
Legendary
Offline
Activity: 1617
Merit: 1012
|
|
May 03, 2014, 09:50:56 PM |
|
A reasonable encryption strategy is to be able to decrypt with a password of at least 12 (more like 15 - 20) characters for access that lasts a few minutes, or a much longer password (40 characters or more) for access that lasts an hour or two. If we assume that the hacker grabbed a copy of enough information to be able to start an exhaustive search for the password, LBC knows how long we can expect his search to go on before he finds it.
If his search is ever successful, what data will be compromised?
Is there a list of BTC addresses that LBC can provide to miners, asking them to filter out transactions from them until further notice?
A protocol for that kind of lock would be nice. I would honor it if I were mining. Just a simple request "please lock this BTC addy until further notice," signed with the address would do. It could be broadcast in any transaction and thereby get to all miners.
Ahh, of course if it could be unlocked with a signature from the same address, it would be kind of useless. But suppose it had to be unlocked with a signature from the same address that locked it? So the attacker would need that external address' private key too.
Hopefully they used a tiered architecture and kept most of their important data on different servers than the web server. They did say they kept their wallets on a different server, so I would hope that they kept their transactional systems and databases on a separate non-internet facing server as well. The web server is usually the first point of that is attacked, so you shouldn't be keeping anything there except the web programs to render and display the web pages and maybe some transient data. |
|
|
|
|
leopard2
Legendary
Offline
Activity: 1372
Merit: 1014
|
|
May 04, 2014, 01:46:39 AM |
|
So worst case the attacker can get ahold of user name, password, btc address, email. So what? He cannot get the coins (no private keys) and it is very likely that there will be a password change at first login. Those with 2FA, don't have to worry at all - your phone is not compromised :-) Just alot of hassle. Unless they are lying and all coins are gone ...  |
Truth is the new hatespeech.
|
|
|
johnyj
Legendary
Offline
Activity: 1988
Merit: 1012
Beyond Imagination
|
|
May 17, 2014, 04:58:01 PM |
|
Down again  |
|
|
|
merakicoin
Newbie
Offline
Activity: 56
Merit: 0
|
|
May 17, 2014, 05:18:21 PM
Last edit: May 17, 2014, 05:33:20 PM by merakicoin |
|
Down again yeah lame sauce. 12:59 < tomfoolery> edgar hylje_ moo-_- jeremias nikolaus any ideas when it will be back online?
13:00 < tomfoolery> edgar hylje_ moo-_- jeremias nikolaus imo regardless of time of day or day of the week there should be very fast responses when the server goes offline
At the time I said that it had been down for ~1 hour and 15 minutes(roughly 00:45UTC). |
|
|
|
|
scottemick
Newbie
Offline
Activity: 12
Merit: 0
|
|
May 18, 2014, 03:24:31 AM |
|
It is down again now for 12 hours.  The lack of news from @localbitcoins and @kangasbros is unsettling. Scott |
|
|
|
|
hugoc
Newbie
Offline
Activity: 21
Merit: 0
|
|
May 18, 2014, 03:38:43 AM |
|
i cannot access LocalBitCoins |
|
|
|
|
|
|
|
RockHound
|
|
May 18, 2014, 01:59:18 PM |
|
Posted on Localbitcoins website:
Crap. The site is unavailable.
Looks like there is a network problem at our hosting provider. We are sorry for problem; LocalBitcoins team is working hard to get the site back up.
The issue begin on the Saturday night 17.5.2014 CET.
This is not a security issue, but hardware and network problem. We haven't received a response from the hosting provider yet.
We are in the progress to get the site up.
All trades and Bitcoins are safe, however we have problems to get the site to connect to Internet.
Please follow us on Twitter for the latest updates.
This is a temporary page and will be replaced by the real site as soon as the problem is fixed.
|
|
|
|
|
bryant.coleman
Legendary
Offline
Activity: 3696
Merit: 1217
|
|
May 18, 2014, 05:12:44 PM |
|
This is their latest tweet: Trying to get service back up. Can't provide ETA yet. All btc is safe, all data is safe, this is not a security breach but a server problem.. The important question is, can we trust them?
|
|
|
|
|
|
dscotese
|
|
May 18, 2014, 05:25:44 PM |
|
This is their latest tweet: Trying to get service back up. Can't provide ETA yet. All btc is safe, all data is safe, this is not a security breach but a server problem.. The important question is, can we trust them?
Everyone in a position to worry about that question has already answered it (in the affirmative). While I do trust the Kangas brothers, they also have employees and local authorities, not to mention hackers and other criminals to worry about. All those risk factors are greatly mitigated by transparency, and even more greatly mitigated by diversifying your bitcoin holdings across several wallet providers (including yourself). |
|
|
|
|
