Bitcoin Forum
April 03, 2020, 06:34:30 PM *
News: Latest Bitcoin Core release: 0.19.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 »  All
  Print  
Author Topic: Why Simple Machines forum & not anything else ?.  (Read 2207 times)
tonygal
Hero Member
*****
Offline Offline

Activity: 560
Merit: 504



View Profile
January 03, 2015, 10:52:04 AM
 #21

The forum got compromised even through avatars. I don't know how wise it will be to leave it exposed, the incentive to attack this is very high.
Does anyone have a link to the main thread where this 2013 security breach was discussed? I'd be interested in
what exactly happened back then.
It's not "just" for this forum, it could be a competitor to all the other forums. If they do it right, it could be quite a boon for bitcoin.
That's true. Will epochtalk be available for free? I guess not, given the >350k dev costs. So one should price licenses competitively and sell only for bitcoins..
1585938870
Hero Member
*
Offline Offline

Posts: 1585938870

View Profile Personal Message (Offline)

Ignore
1585938870
Reply with quote  #2

1585938870
Report to moderator
1585938870
Hero Member
*
Offline Offline

Posts: 1585938870

View Profile Personal Message (Offline)

Ignore
1585938870
Reply with quote  #2

1585938870
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
dogie
Legendary
*
Offline Offline

Activity: 1652
Merit: 1127


dogiecoin.com


View Profile WWW
January 03, 2015, 11:43:32 AM
 #22

The forum got compromised even through avatars. I don't know how wise it will be to leave it exposed, the incentive to attack this is very high.
Does anyone have a link to the main thread where this 2013 security breach was discussed? I'd be interested in
what exactly happened back then.
It's not "just" for this forum, it could be a competitor to all the other forums. If they do it right, it could be quite a boon for bitcoin.
That's true. Will epochtalk be available for free? I guess not, given the >350k dev costs. So one should price licenses competitively and sell only for bitcoins..

Not found the thread but found a video of apparently what the hack did:
https://www.youtube.com/watch?v=LKrOHAfMdxI

Madness
Hero Member
*****
Offline Offline

Activity: 644
Merit: 500


My goal is becaming a billionaire.


View Profile WWW
January 03, 2015, 11:50:19 AM
 #23

The forum got compromised even through avatars. I don't know how wise it will be to leave it exposed, the incentive to attack this is very high.
Does anyone have a link to the main thread where this 2013 security breach was discussed? I'd be interested in
what exactly happened back then.
It's not "just" for this forum, it could be a competitor to all the other forums. If they do it right, it could be quite a boon for bitcoin.
That's true. Will epochtalk be available for free? I guess not, given the >350k dev costs. So one should price licenses competitively and sell only for bitcoins..

Not found the thread but found a video of apparently what the hack did:
https://www.youtube.com/watch?v=LKrOHAfMdxI

What the hell lol , this is really happened on the website ? It looks a video montage to me Shocked  btw here is more informations about the hack , found this on the description of that video => http://www.reddit.com/r/Bitcoin/comments/1nmdq4/bitcointalk_hacked/
also more info here : http://cryptolife.net/bitcointalk-hacked/

from Theymos

Quote
UPDATE FROM THEYMOS:

It’s unfortunately worse than I thought. There’s a good chance that the attacker(s) could have executed arbitrary PHP code and therefore could have accessed the database, but I’m not sure yet how difficult this would be. I’m sending out a mass mailing to all Forum users about this.

Summary: The forum will be down for a while. Backups exist and are held by several people. At this time I feel that password hashes were probably not compromised, but I can’t say for sure. If you used the same password on bitcointalk.org as on other sites, you may want to change your passwords. Passwords are hashed using sha256crypt with 7500 rounds (very strong). The JavaScript that was injected into bitcointalk.org seems harmless.

Here’s what I know: The attacker injected some code into $modSettings['news'] (the news at the top of pages). Updating news is normally logged, but this action was not logged, so the update was probably done in some roundabout way, not by compromising an admin account or otherwise “legitimately” making the change. Probably, part of SMF related to news-updating or modSettings is flawed. Possibly, the attacker was somehow able to modify the modSettings cache in /tmp or the database directly.

Also, the attacker was able to upload a PHP script and some other files to the avatars directory.

Figuring out the specifics is probably beyond my skills, so 50 BTC to the first person who tells me how this was done. (You have to convince me that your flaw was the one actually used.) The forum won’t go back up until I know how this was done, so it could be down for a while.

BadBear
v2.0
Legendary
*
Offline Offline

Activity: 1652
Merit: 1025



View Profile WWW
January 03, 2015, 11:58:11 AM
 #24


What the hell lol , this is really happened on the website ? It looks a video montage to me Shocked  btw here is more informations about the hack , found this on the description of that video => http://www.reddit.com/r/Bitcoin/comments/1nmdq4/bitcointalk_hacked/
also more info here : http://cryptolife.net/bitcointalk-hacked/



Yes all else aside, it was pretty funny. Would pop up a dialog box with a progress meter that said it was converting your bitcoins to cosbycoins.  

1Kz25jm6pjNTaz8bFezEYUeBYfEtpjuKRG | PGP: B5797C4F

Tired of annoying signature ads? Ad block for signatures
tonygal
Hero Member
*****
Offline Offline

Activity: 560
Merit: 504



View Profile
January 03, 2015, 12:01:29 PM
 #25

Hmm, I don't have the impression this has been cleared up very well.
For example, is the username known who uploaded the malicious avatar?
Blazr
Hero Member
*****
Offline Offline

Activity: 882
Merit: 1004



View Profile
January 03, 2015, 12:02:54 PM
 #26

That's true. Will epochtalk be available for free? I guess not, given the >350k dev costs. So one should price licenses competitively and sell only for bitcoins..

The costs are expected to be closer to $1 million in the end, $350k has been spent to date.

The software will be entirely free and open source, released under the MIT license just like Bitcoin Core.

redsn0w
Legendary
*
Offline Offline

Activity: 1778
Merit: 1041


#Free market


View Profile
January 03, 2015, 12:03:49 PM
 #27

Hmm, I don't have the impression this has been cleared up very well.
For example, is the username known who uploaded the malicious avatar?

I think also if the username was known the "hacker" has used tor or a vpn/proxy.
tonygal
Hero Member
*****
Offline Offline

Activity: 560
Merit: 504



View Profile
January 03, 2015, 12:04:49 PM
 #28

Hmm, I don't have the impression this has been cleared up very well.
For example, is the username known who uploaded the malicious avatar?

I think also if the username was known the "hacker" has used tor or a vpn/proxy.

sure, sure.. Just for curiosity.  Grin
Madness
Hero Member
*****
Offline Offline

Activity: 644
Merit: 500


My goal is becaming a billionaire.


View Profile WWW
January 03, 2015, 12:17:29 PM
 #29

That's true. Will epochtalk be available for free? I guess not, given the >350k dev costs. So one should price licenses competitively and sell only for bitcoins..

The costs are expected to be closer to $1 million in the end, $350k has been spent to date.

The software will be entirely free and open source, released under the MIT license just like Bitcoin Core.

So you are telling me someone would pay 1$ million dollar just to develop a forum & at the end of the day that forum will be Free & Open source ? Like seriously ? do you really belieave that because I don't  Huh It just dosen't make any sense

Blazr
Hero Member
*****
Offline Offline

Activity: 882
Merit: 1004



View Profile
January 03, 2015, 01:16:37 PM
 #30

That's true. Will epochtalk be available for free? I guess not, given the >350k dev costs. So one should price licenses competitively and sell only for bitcoins..

The costs are expected to be closer to $1 million in the end, $350k has been spent to date.

The software will be entirely free and open source, released under the MIT license just like Bitcoin Core.

So you are telling me someone would pay 1$ million dollar just to develop a forum & at the end of the day that forum will be Free & Open source ? Like seriously ? do you really belieave that because I don't  Huh It just dosen't make any sense

Yes, read up on it. The funds were raised from donations to bitcointalk and profit from forum ads back when the Bitcoin price was a lot less. The forum never sold any BTC. Here is how much the forum holds now:

https://bitcointalk.org/index.php?topic=155000.0

And you do realize that some of the Bitcoin Core developers are paid >$100,000/yr salaries, yet the software is free. And the same can be said about the Linux kernel, Firefox web browser or any other large FOSS software project.

Madness
Hero Member
*****
Offline Offline

Activity: 644
Merit: 500


My goal is becaming a billionaire.


View Profile WWW
January 03, 2015, 01:48:34 PM
 #31

That's true. Will epochtalk be available for free? I guess not, given the >350k dev costs. So one should price licenses competitively and sell only for bitcoins..

The costs are expected to be closer to $1 million in the end, $350k has been spent to date.

The software will be entirely free and open source, released under the MIT license just like Bitcoin Core.

So you are telling me someone would pay 1$ million dollar just to develop a forum & at the end of the day that forum will be Free & Open source ? Like seriously ? do you really belieave that because I don't  Huh It just dosen't make any sense

Yes, read up on it. The funds were raised from donations to bitcointalk and profit from forum ads back when the Bitcoin price was a lot less. The forum never sold any BTC. Here is how much the forum holds now:

https://bitcointalk.org/index.php?topic=155000.0

And you do realize that some of the Bitcoin Core developers are paid >$100,000/yr salaries, yet the software is free. And the same can be said about the Linux kernel, Firefox web browser or any other large FOSS software project.


Dafuq only Theymos him self donated like 1.2m (with the current price of BTC) that's so huge Shocked
and to be honest with you , no I didn't knew that . I personally think that only few people donate to free projects like these (Firefox,Ubuntu etc ... ) idk .. I can seem to belieave that people could donate such amounts of money . but i can't say I was thinking about Developpers of those wallets yeah ... nice to hear that they got paid after all Smiley

Blazr
Hero Member
*****
Offline Offline

Activity: 882
Merit: 1004



View Profile
January 03, 2015, 01:58:20 PM
 #32

That's true. Will epochtalk be available for free? I guess not, given the >350k dev costs. So one should price licenses competitively and sell only for bitcoins..

The costs are expected to be closer to $1 million in the end, $350k has been spent to date.

The software will be entirely free and open source, released under the MIT license just like Bitcoin Core.

So you are telling me someone would pay 1$ million dollar just to develop a forum & at the end of the day that forum will be Free & Open source ? Like seriously ? do you really belieave that because I don't  Huh It just dosen't make any sense

Yes, read up on it. The funds were raised from donations to bitcointalk and profit from forum ads back when the Bitcoin price was a lot less. The forum never sold any BTC. Here is how much the forum holds now:

https://bitcointalk.org/index.php?topic=155000.0

And you do realize that some of the Bitcoin Core developers are paid >$100,000/yr salaries, yet the software is free. And the same can be said about the Linux kernel, Firefox web browser or any other large FOSS software project.


Dafuq only Theymos him self donated like 1.2m (with the current price of BTC) that's so huge Shocked
and to be honest with you , no I didn't knew that . I personally think that only few people donate to free projects like these (Firefox,Ubuntu etc ... ) idk .. I can seem to belieave that people could donate such amounts of money . but i can't say I was thinking about Developpers of those wallets yeah ... nice to hear that they got paid after all Smiley

He didn't donate anything, thats the money the forum currently has and whos holding it. There is a list of some donators here
https://bitcointalk.org/donate.html

Madness
Hero Member
*****
Offline Offline

Activity: 644
Merit: 500


My goal is becaming a billionaire.


View Profile WWW
January 03, 2015, 02:02:59 PM
 #33

Quote

He didn't donate anything, thats the money the forum currently has and whos holding it. There is a list of some donators here
https://bitcointalk.org/donate.html

Woops right , didn't read it correctly . They are holding them I see , but why it's splitted to different people and I don't know anyone of them at least not Administrators or Moderators/Staff members Shocked

MultipliedCombo
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250



View Profile WWW
January 03, 2015, 05:19:46 PM
 #34

Quote

He didn't donate anything, thats the money the forum currently has and whos holding it. There is a list of some donators here
https://bitcointalk.org/donate.html

Woops right , didn't read it correctly . They are holding them I see , but why it's splitted to different people and I don't know anyone of them at least not Administrators or Moderators/Staff members Shocked

It's split amongst different people for security, I suppose. If one guy gets hacked, all the funds won't be lost as there are others who hold funds as well (the chances of one of them getting hacked should be pretty slim though, as they're being entrusted with quite a lot of Bitcoins).

It wouldn't really matter if they're a staff member or not, they're highly trusted by theymos.

Superhitech
Legendary
*
Offline Offline

Activity: 1050
Merit: 1000


View Profile WWW
January 03, 2015, 06:00:23 PM
 #35

The forum got compromised even through avatars. I don't know how wise it will be to leave it exposed, the incentive to attack this is very high.
Does anyone have a link to the main thread where this 2013 security breach was discussed? I'd be interested in
what exactly happened back then.
It's not "just" for this forum, it could be a competitor to all the other forums. If they do it right, it could be quite a boon for bitcoin.
That's true. Will epochtalk be available for free? I guess not, given the >350k dev costs. So one should price licenses competitively and sell only for bitcoins..

Not found the thread but found a video of apparently what the hack did:
https://www.youtube.com/watch?v=LKrOHAfMdxI

That hacker must have a sense of humor, lol.


What the hell lol , this is really happened on the website ? It looks a video montage to me Shocked  btw here is more informations about the hack , found this on the description of that video => http://www.reddit.com/r/Bitcoin/comments/1nmdq4/bitcointalk_hacked/
also more info here : http://cryptolife.net/bitcointalk-hacked/



Yes all else aside, it was pretty funny. Would pop up a dialog box with a progress meter that said it was converting your bitcoins to cosbycoins. 


Maybe that could be implemented as an April fools joke? Anyways, did you guys catch the hacker, or at least know who he is?

Anyways, I found this picture, it is one of the things the hacker did.

MultipliedCombo
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250



View Profile WWW
January 05, 2015, 10:16:37 AM
 #36


Maybe that could be implemented as an April fools joke? Anyways, did you guys catch the hacker, or at least know who he is?

Anyways, I found this picture, it is one of the things the hacker did.



Wait, that actually happened? I thought it was just something in the video that was just put there for humorous reasons (like a montage parody or something).

Parazyd
Hero Member
*****
Offline Offline

Activity: 602
Merit: 500


Space Lord


View Profile WWW
January 05, 2015, 10:20:27 AM
 #37

^^ That happened, and CosbyCoin happened Grin
theymos
Administrator
Legendary
*
Offline Offline

Activity: 3710
Merit: 7703


View Profile
January 05, 2015, 09:24:21 PM
 #38

Maybe that could be implemented as an April fools joke? Anyways, did you guys catch the hacker, or at least know who he is?

I do know who he is, but he didn't cause any permanent damage or steal any user info, so I decided not to go after him. It was just a funny joke.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
Madness
Hero Member
*****
Offline Offline

Activity: 644
Merit: 500


My goal is becaming a billionaire.


View Profile WWW
January 11, 2015, 07:13:42 PM
 #39

Maybe that could be implemented as an April fools joke? Anyways, did you guys catch the hacker, or at least know who he is?

I do know who he is, but he didn't cause any permanent damage or steal any user info, so I decided not to go after him. It was just a funny joke.

I wasen't here that time when the forums got hacked and don't know how much the damage that was caused to be honest ...
But you are one nice guy Theymos , really Grin If I were you I would hunt him down  Angry still what you did is cool , that's why we love you  Embarrassed
#Respect for da boss

Superhitech
Legendary
*
Offline Offline

Activity: 1050
Merit: 1000


View Profile WWW
January 11, 2015, 07:24:21 PM
 #40


Maybe that could be implemented as an April fools joke? Anyways, did you guys catch the hacker, or at least know who he is?

Anyways, I found this picture, it is one of the things the hacker did.



Wait, that actually happened? I thought it was just something in the video that was just put there for humorous reasons (like a montage parody or something).

Yeah that's what actually happened, when users logged in they saw that all over their screen. I wan't here when the forums got hacked, but I found some articles about it.

Maybe that could be implemented as an April fools joke? Anyways, did you guys catch the hacker, or at least know who he is?

I do know who he is, but he didn't cause any permanent damage or steal any user info, so I decided not to go after him. It was just a funny joke.

Oh I see. Wow, that's nice of you. I would be pretty mad if I ran a forum and it got hacked.
Pages: « 1 [2] 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!