Author [EN] [ZH] [ES] [PT] [IT] [DE] [FR] [NL] [TR] [SR] [AR] [RU] [EN] [ZH] [ES] [PT] [IT] [DE] [FR] [NL] [TR] [SR] [AR] [RU] [EN] [ZH] [ES] [PT] [IT] [DE] [FR] [NL] [TR] [SR] [AR] [RU] Topic: "Authentication Required" message on our forum !!! DONT'T GIVE YOUR PASSWORD !!  (Read 524 times)

Offline liondani


POSSIBLE FISHING! (?)
Anybody that has already gave the password should change passwords for other applications/sites/wallets if they are identical !!!

What the hell do bitsapphire security wise on the forum? Is it acceptable to happen???
I want them to make a statement ASAP !!!!  FIX SECURITY leaks on the forum !!!!

When I try to see my messages I see this!!!   Don't give your personal details (username/password)
« Last Edit: November 09, 2014, 03:22:27 PM by liondani »
  https://bitshares.OPENLEDGER.info/?r=GREECE  | You are in Control | BUY | SELL | SHORT | SWAP | LOAN | TRADE |  

Offline donkeypong

  • Hero Member
  • *****
  • Posts: 2331
    • View Profile
I keep getting it. I just click cancel and things work OK.

Offline bytemaster

I have removed the attacking user account.

Admins - I shouldn't be the one first to respond to this kind of thing. 
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline fluxer555

  • Hero Member
  • *****
  • Posts: 601
    • View Profile
bytemaster,

Infected accounts are displaying the exploit in their signatures. For example, member 'Akado':

https://bitsharestalk.org/index.php?topic=11056.0

This exploit should be taken care of, no '.php' files should be allowed between [ img ] tags
BTS: flux-tips

Offline bitsapphire

On it at the moment. It seems that user wmap exploited an smf bug to upload PHP scripts as photos. This is most likely as a result of us upgrading to a dedicated server with our hosting provider, and hence making it possible to execute non-smf related scripts.

We are working on resolving this issue asap.

Meanwhile, If anybody gets a similar prompt please notify us.
Test Moonstone Wallet here https://app.moonstone.io/register

Offline feedthemcake

  • Full Member
  • ***
  • Posts: 156
    • View Profile
I have removed the attacking user account.

Admins - I shouldn't be the one first to respond to this kind of thing.

 +5% +5% +5%

Offline liondani

On it at the moment. It seems that user wmap exploited an smf bug to upload PHP scripts as photos. This is most likely as a result of us upgrading to a dedicated server with our hosting provider, and hence making it possible to execute non-smf related scripts.

We are working on resolving this issue asap.

Meanwhile, If anybody gets a similar prompt please notify us.
could we be at risk even if we haven't gave our info? Is it like a virus loaded on memory or only a phishing attempt?

Sent from my ALCATEL ONE TOUCH 997D
  https://bitshares.OPENLEDGER.info/?r=GREECE  | You are in Control | BUY | SELL | SHORT | SWAP | LOAN | TRADE |  

Offline liondani

official bitssaphire statement here:
https://bitsharestalk.org/index.php?topic=11163.0

Sent from my ALCATEL ONE TOUCH 997D

  https://bitshares.OPENLEDGER.info/?r=GREECE  | You are in Control | BUY | SELL | SHORT | SWAP | LOAN | TRADE |  

Offline luckybit

POSSIBLE FISHING! (?)
Anybody that has already gave the password should change passwords for other applications/sites/wallets if they are identical !!!

What the hell do bitsapphire security wise on the forum? Is it acceptable to happen???
I want them to make a statement ASAP !!!!  FIX SECURITY leaks on the forum !!!!

When I try to see my messages I see this!!!   Don't give your personal details (username/password)


It gets worse. As the market cap rises there will be much more targeted spear phishing. This is why as the market cap increases you also wan't a diverse group of owners. Centralized ownership with a high market cap is a liability in some ways.

https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads

merockstar

  • Guest
I have removed the attacking user account.

Admins - I shouldn't be the one first to respond to this kind of thing.

I was looking at this at like 7AM.

Hook me up with some admin status BM-- I have had admin status on peercointalk for a long time (although I haven't been going there much lately).

Offline donkeypong

  • Hero Member
  • *****
  • Posts: 2331
    • View Profile
I have removed the attacking user account.

Admins - I shouldn't be the one first to respond to this kind of thing.

I was looking at this at like 7AM.

Hook me up with some admin status BM-- I have had admin status on peercointalk for a long time (although I haven't been going there much lately).

Me, too, please. It's always daytime somewhere, where one of us is on the forum. If a number of us are vigilant, we can knock it out before it bothers too many users. 

Offline sudo

  • Hero Member
  • *****
  • Posts: 2189
    • View Profile
  • BTS: ags
when can  bts's keyid login  function avaible& forum support it?
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads

Offline liondani

The suspicious member sent a private message to several members here... check the screen shot if you are included...
Hope nobody gave him more information's about your habits...

I think we where his potential priority targets...Thoughts?



  https://bitshares.OPENLEDGER.info/?r=GREECE  | You are in Control | BUY | SELL | SHORT | SWAP | LOAN | TRADE |  

Offline ticklebiscuit

  • Full Member
  • ***
  • Posts: 97
    • View Profile
I have removed the attacking user account.

Admins - I shouldn't be the one first to respond to this kind of thing.

+100%

 

Google+