RUEHL (OP)
|
|
May 03, 2014, 08:49:16 PM Last edit: May 05, 2014, 03:14:35 PM by RUEHL |
|
https://plus.google.com/+BitcointrukkokHu/posts/UkRc4jrJAbnSaturday, May 3, 2014 Attack against LocalBitcoins infrastructure 3.5.2014LocalBitcoins received a very dangerous attack against the site infrastructure on Saturday 3.5.2014. For now All user data and Bitcoins are safe; The site will be down for a while as the system is being rebuilt DetailsLocalBitcoins hosting provided received a request to restart the LocalBitcoins.com website server and give access to the server console (root) on Sat May 3 13:32:27. LocalBitcoins team did not initiate this request. For now, it looks like the request was made using spoofed email addresses and other weakness in the hosting provider support system. - LocalBitcoins team was alerted about the abnormal activity when the hosting provider restarted the server.
The attacker gained a root access to the server for ~40 minutes before the attacker was kicked out and the server shutdown. - All data on the website server is encrypted. Manual actions are needed to make this data readable, so the attacker could not gain access to the data even when having a server console access.
It is very unlikely that the attacker gained access to any data; LocalBitcoins is still performing full investigation on the matter. - Bitcoins in hot wallet and cold wallet are safe, as LocalBitcoins runs its bitcoind and wallets on a separate server.
LocalBitcoins team has started to rebuild the website server on fresh hardware. - LocalBitcoins team will make further announcements when the investigation proceeds and the site becomes available again.
We expect to spend at least 24 hours on this. LocalBitcoins team apologizes the issues the downtime may cause to the users.
|
Donate BTC: 1FzpMgR34pJbEqtiMEujRiidoL7PgGPaUH
|
|
|
aceat64
|
|
May 03, 2014, 08:51:00 PM |
|
This is pretty standard social engineering, the hosting company screwed up big time. They gave someone root access with apparently no real validation.
|
|
|
|
MoneyGod
|
|
May 03, 2014, 10:01:57 PM |
|
Another bad news for bitcoiners because now peoples more worry about bitcoin trade
|
|
|
|
franky1
Legendary
Offline
Activity: 4396
Merit: 4761
|
|
May 03, 2014, 10:19:15 PM |
|
usually you find out the data centre is a "buy a domain and server in bitcoins".. thus it normally ends up as an inside job but twisted into being from a social engineering attempt, that way the customer is too busy calling the host incompetent and not able to have time to realise their the thief so here are some lessons 1. temptation - DO NOT use a data centre that knows and uses bitcoins themselves, the temptation to steal is higher if people know the data on their system has value to them. 2. pre-knowledge - the fact the the data centre knows about bitcoin also makes it easier for them to navigate your source code without taking long. 3. admin rights. if you own the domain YourDomain. then DO NOT register ceo@YourDomain.com or anything@yourdomain.com instead have the data centre only take requests and queries from a email that looks nothing like your domain. and does not appear on any search listings of your domain or the CEO's personal details. in short make a new address and get the data centre to verify you each time. 4. set up a passphrase that must be mentioned in all correspondence. 5. if your choosing a bitcoin payment datacentre that does not have admin security... dont use them. so stick to FIAT hosting or keep your servers inhouse if any of the tips above cant be done
|
I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER. Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
|
|
|
keithers
Legendary
Offline
Activity: 1456
Merit: 1001
This is the land of wolves now & you're not a wolf
|
|
May 03, 2014, 11:46:29 PM |
|
If only these hackers could put their talents to good use on something positive...
|
|
|
|
MarketNeutral
|
|
May 03, 2014, 11:48:19 PM |
|
usually you find out the data centre is a "buy a domain and server in bitcoins".. thus it normally ends up as an inside job but twisted into being from a social engineering attempt, that way the customer is too busy calling the host incompetent and not able to have time to realise their the thief so here are some lessons 1. temptation - DO NOT use a data centre that knows and uses bitcoins themselves, the temptation to steal is higher if people know the data on their system has value to them. 2. pre-knowledge - the fact the the data centre knows about bitcoin also makes it easier for them to navigate your source code without taking long. 3. admin rights. if you own the domain YourDomain. then DO NOT register ceo@YourDomain.com or anything@yourdomain.com instead have the data centre only take requests and queries from a email that looks nothing like your domain. and does not appear on any search listings of your domain or the CEO's personal details. in short make a new address and get the data centre to verify you each time. 4. set up a passphrase that must be mentioned in all correspondence. 5. if your choosing a bitcoin payment datacentre that does not have admin security... dont use them. so stick to FIAT hosting or keep your servers inhouse if any of the tips above cant be done Very good advice. Thank you.
|
|
|
|
BurtW
Legendary
Offline
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
|
|
May 03, 2014, 11:50:52 PM |
|
If only these hackers could put their talents to good use on something positive...
The Bitcoin network and all its peripheral entities need to be tested while we are in beta. All this testing from worthy opponents only makes us stronger. So their talents are being put to good use.
|
Our family was terrorized by Homeland Security. Read all about it here: http://www.jmwagner.com/ and http://www.burtw.com/ Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
|
|
|
Bit_Happy
Legendary
Offline
Activity: 2114
Merit: 1040
A Great Time to Start Something!
|
|
May 04, 2014, 04:40:09 AM |
|
If only these hackers could put their talents to good use on something positive...
Still a good idea: Many criminals would be much better off if they would try an honest direction.
|
|
|
|
kittucrypt
Sr. Member
Offline
Activity: 300
Merit: 253
Ok Check!
|
|
May 04, 2014, 05:35:34 AM |
|
usually you find out the data centre is a "buy a domain and server in bitcoins".. thus it normally ends up as an inside job but twisted into being from a social engineering attempt, that way the customer is too busy calling the host incompetent and not able to have time to realise their the thief so here are some lessons 1. temptation - DO NOT use a data centre that knows and uses bitcoins themselves, the temptation to steal is higher if people know the data on their system has value to them. 2. pre-knowledge - the fact the the data centre knows about bitcoin also makes it easier for them to navigate your source code without taking long. 3. admin rights. if you own the domain YourDomain. then DO NOT register ceo@YourDomain.com or anything@yourdomain.com instead have the data centre only take requests and queries from a email that looks nothing like your domain. and does not appear on any search listings of your domain or the CEO's personal details. in short make a new address and get the data centre to verify you each time. 4. set up a passphrase that must be mentioned in all correspondence. 5. if your choosing a bitcoin payment datacentre that does not have admin security... dont use them. so stick to FIAT hosting or keep your servers inhouse if any of the tips above cant be done Thanks for this useful post. Very useful.
|
|
|
|
BitCoinDream
Legendary
Offline
Activity: 2394
Merit: 1216
The revolution will be digital
|
|
May 04, 2014, 11:17:38 AM |
|
usually you find out the data centre is a "buy a domain and server in bitcoins".. thus it normally ends up as an inside job but twisted into being from a social engineering attempt, that way the customer is too busy calling the host incompetent and not able to have time to realise their the thief so here are some lessons 1. temptation - DO NOT use a data centre that knows and uses bitcoins themselves, the temptation to steal is higher if people know the data on their system has value to them. 2. pre-knowledge - the fact the the data centre knows about bitcoin also makes it easier for them to navigate your source code without taking long. 3. admin rights. if you own the domain YourDomain. then DO NOT register ceo@YourDomain.com or anything@yourdomain.com instead have the data centre only take requests and queries from a email that looks nothing like your domain. and does not appear on any search listings of your domain or the CEO's personal details. in short make a new address and get the data centre to verify you each time. 4. set up a passphrase that must be mentioned in all correspondence. 5. if your choosing a bitcoin payment datacentre that does not have admin security... dont use them. so stick to FIAT hosting or keep your servers inhouse if any of the tips above cant be done Its secure to run on a cloud service like Amazon ...IMO
|
|
|
|
btbrae
|
|
May 04, 2014, 04:53:09 PM |
|
What hosting provider was it? Other customers should be warned, it sounds like they are beyond clueless.
|
|
|
|
Gyrsur
Legendary
Offline
Activity: 2856
Merit: 1520
Bitcoin Legal Tender Countries: 2 of 206
|
|
May 04, 2014, 04:55:38 PM |
|
*listen*
|
|
|
|
ViewSonic
Member
Offline
Activity: 116
Merit: 10
|
|
May 04, 2014, 06:29:43 PM |
|
is LocalBitcoins still safe for trading or it's time to look for another places?
|
|
|
|
MoneyGod
|
|
May 04, 2014, 09:31:48 PM |
|
is LocalBitcoins still safe for trading or it's time to look for another places?
But currently we have no too much places for this trade still this is best place for this work
|
|
|
|
BurtW
Legendary
Offline
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
|
|
May 04, 2014, 10:55:59 PM |
|
is LocalBitcoins still safe for trading or it's time to look for another places?
Nothing lost so much safer than Gox - although "safer than Gox" does not really say much now does it. Nothing lost so this was basically just a test of their security precautions - and they passed. They have done and I expect will continue to do a great job.
|
Our family was terrorized by Homeland Security. Read all about it here: http://www.jmwagner.com/ and http://www.burtw.com/ Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
|
|
|
RockHound
|
|
May 05, 2014, 01:32:49 AM Last edit: May 05, 2014, 01:52:31 AM by RockHound |
|
is LocalBitcoins still safe for trading or it's time to look for another places?
Nothing lost so much safer than Gox - although "safer than Gox" does not really say much now does it. Nothing lost so this was basically just a test of their security precautions - and they passed. They have done and I expect will continue to do a great job. Couldn't agree more - They're a great team! Have a side topic, figured mainly Localbitcoins users reading this, someone posted this: https://bitcointalk.org/index.php?topic=595801.0Got me thinking, whether we should routinely change addresses, or is it pretty secure so no worries? What do you guys do?
|
|
|
|
Bit_Happy
Legendary
Offline
Activity: 2114
Merit: 1040
A Great Time to Start Something!
|
|
May 05, 2014, 01:36:39 AM |
|
https://plus.google.com/+BitcointrukkokHu/posts/UkRc4jrJAbnSaturday, May 3, 2014 Attack against LocalBitcoins infrastructure 3.5.2014LocalBitcoins received a very dangerous attack against the site infrastructure on Saturday 3.5.2014. For now All user data and Bitcoins are safe; The site will be down for a while as the system is being rebuilt DetailsLocalBitcoins hosting provided received a request to restart the LocalBitcoins.com website server and give access to the server console (root) on Sat May 3 13:32:27. LocalBitcoins team did not initiate this request. For now, it looks like the request was made using spoofed email addresses and other weakness in the hosting provider support system. - LocalBitcoins team was alerted about the abnormal activity when the hosting provider restarted the server.
The attacker gained a root access to the server for ~40 minutes before the attacker was kicked out and the server shutdown. All data on the website s
erver is encrypted. Manual actions are needed to make this data readable, so the attacker could not gain access to the data even when having a server console access. It is very unlikely that the attacker gained access to any data; LocalBitcoins is still performing full investigation on the matter. - Bitcoins in hot wallet and cold wallet are safe, as LocalBitcoins runs its bitcoind and wallets on a separate server.
LocalBitcoins team has started to rebuild the website server on fresh hardware.
LocalBitcoins team will make further announcements when the investigation proceeds and the site becomes available again. We expect to spend at least 24 hours on this. LocalBitcoins team apologizes the issues the downtime may cause to the users. They were well prepared for an eventual attack. Their reputation is now even better than before.
|
|
|
|
acegilz
Full Member
Offline
Activity: 211
Merit: 100
1ACEGiLZnZoG7KUNkMwAT8tBuJ6jsrwj5Q
|
|
May 05, 2014, 02:29:19 AM |
|
do anybody know how is this done exactly? If its not to hard to do, I would like to protect my files on the server too.. thanks All data on the website server is encrypted. Manual actions are needed to make this data readable, so the attacker could not gain access to the data even when having a server console access.
|
|
|
|
RockHound
|
|
May 05, 2014, 03:02:47 AM |
|
do anybody know how is this done exactly? If its not to hard to do, I would like to protect my files on the server too.. thanks All data on the website server is encrypted. Manual actions are needed to make this data readable, so the attacker could not gain access to the data even when having a server console access. So the Hacker/Attacker having 40min server access had plenty of time to DL data, he just can't read it?
|
|
|
|
PangPang
|
|
May 05, 2014, 03:10:09 AM |
|
do anybody know how is this done exactly? If its not to hard to do, I would like to protect my files on the server too.. thanks All data on the website server is encrypted. Manual actions are needed to make this data readable, so the attacker could not gain access to the data even when having a server console access. So the Hacker/Attacker having 40min server access had plenty of time to DL data, he just can't read it? Without decryption, the data should look like just bullshit.
|
|
|
|
|