Bitcoin Forum
November 14, 2019, 06:46:51 PM *
News: Help collect the most notable posts made over the last 10 years.
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: CloudFlare has been hacked. FALSE ALARM  (Read 605 times)
ScottWilson
Newbie
*
Offline Offline

Activity: 25
Merit: 0


View Profile
April 02, 2014, 04:49:31 AM
Last edit: April 02, 2014, 05:09:56 AM by ScottWilson
 #1

Ok, false alarm. I just got a bunch of delayed payout notifications, and they match amounts that I had sent to my address on the blockchain. Someone must have restarted a dead smtp server and a bunch of old mail got sent out. It's looking like some sites using CloudFlare are rewriting all IP addresses for incoming traffic also. So you'll never see your own IP address if you have login notifications enabled.

Sorry if this freaked anyone out.
 



Here is the IP address that just logged in as me to an EMC2 pool:

http://dazzlepod.com/ip/173.245.55.67/  Clearly owned by cloudflare. Cloudflare is a service used by lots of altcoin mining and exchanges to protect against DDoS.

Here is a screenshot of the notification they logged in as me.

http://imgur.com/4R1w7pv

CloudFlare owns that IP address. So either CloudFlare has been hacked, or CloudFlare is logging into services they protect to steal coins.

There's no other explanation.
1573757211
Hero Member
*
Offline Offline

Posts: 1573757211

View Profile Personal Message (Offline)

Ignore
1573757211
Reply with quote  #2

1573757211
Report to moderator
1573757211
Hero Member
*
Offline Offline

Posts: 1573757211

View Profile Personal Message (Offline)

Ignore
1573757211
Reply with quote  #2

1573757211
Report to moderator
1573757211
Hero Member
*
Offline Offline

Posts: 1573757211

View Profile Personal Message (Offline)

Ignore
1573757211
Reply with quote  #2

1573757211
Report to moderator
The Bitcoin Forum is turning 10 years old! Join the community in sharing and exploring the notable posts made over the years.
1573757211
Hero Member
*
Offline Offline

Posts: 1573757211

View Profile Personal Message (Offline)

Ignore
1573757211
Reply with quote  #2

1573757211
Report to moderator
jjdub7
Hero Member
*****
Offline Offline

Activity: 784
Merit: 500



View Profile
April 02, 2014, 05:00:58 AM
 #2

Just saw this.  Pulled my account to cold storage on my private-keyed accounts.


.BITENNY.
Simplify your future

    ▄███i      ████████████████
 ▄██████[      ███████████████████
▄███████[      ████████████████████
████████       █████████████████████
████████       █████████████████████
████████[      █████████████████████
████████[                 █████████
███████[                   ████████
████████[                   ████████
████████                    ████████
████████                    ████████
███████.                   ████████
████████                  ,████████
█████████                 ▄████████
████████████.            ▄██████████
███████████████████████████████████
 █████████████████████████████████
  ▀█████████████████████████████▀`
      ▀██████████████████████▀





Leveraging technology and innovation
to simplify financial asset management and
the payment industry
.WHITEPAPER.
────────────────────────────
....LINKEDIN....



..JOIN NOW..
ScottWilson
Newbie
*
Offline Offline

Activity: 25
Merit: 0


View Profile
April 02, 2014, 05:04:27 AM
 #3

Everybody hold up. I might be wrong. I'm noticing things that aren't adding up. I logged in to see if the password had been changed, and if they changed the payment address, and neither had. Then I checked the IP address the login was assigned. Give me a few. It sent me a login notification with another CloudFlare IP when I logged in. I'm getting a feeling this might have been seriously delayed smtp mail. Like someone just restarted sendmail and a bunch of old mail got sent out.
gweedo
Legendary
*
Offline Offline

Activity: 1274
Merit: 1000


View Profile
April 02, 2014, 05:05:51 AM
 #4

This is exactly why I would never use cloudfare, there are better ways to handle DDOSes.
jjdub7
Hero Member
*****
Offline Offline

Activity: 784
Merit: 500



View Profile
April 02, 2014, 06:21:45 PM
 #5


Here is a screenshot of the notification they logged in as me.

http://imgur.com/4R1w7pv

CloudFlare owns that IP address. So either CloudFlare has been hacked, or CloudFlare is logging into services they protect to steal coins.

There's no other explanation.

Might be a false alarm, but that doesn't explain this, unless CloudFlare is issuing these shitty certificates, which means that somebody within CloudFlare could potentially exploit related vulnerabilities.


.BITENNY.
Simplify your future

    ▄███i      ████████████████
 ▄██████[      ███████████████████
▄███████[      ████████████████████
████████       █████████████████████
████████       █████████████████████
████████[      █████████████████████
████████[                 █████████
███████[                   ████████
████████[                   ████████
████████                    ████████
████████                    ████████
███████.                   ████████
████████                  ,████████
█████████                 ▄████████
████████████.            ▄██████████
███████████████████████████████████
 █████████████████████████████████
  ▀█████████████████████████████▀`
      ▀██████████████████████▀





Leveraging technology and innovation
to simplify financial asset management and
the payment industry
.WHITEPAPER.
────────────────────────────
....LINKEDIN....



..JOIN NOW..
Velkro
Legendary
*
Offline Offline

Activity: 1974
Merit: 1011


<3 Vanity Addresses :)


View Profile
April 02, 2014, 06:49:35 PM
 #6

false alarm is another kind of alarm to consider
i mean, u never know

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!