Author Topic: "Authentication Required" message on our forum !!! DONT'T GIVE YOUR PASSWORD !!  (Read 3576 times)

0 Members and 1 Guest are viewing this topic.

Offline ticklebiscuit

  • Full Member
  • ***
  • Posts: 97
    • View Profile
I have removed the attacking user account.

Admins - I shouldn't be the one first to respond to this kind of thing.

+100%

Offline liondani

  • Hero Member
  • *****
  • Posts: 3737
  • Inch by inch, play by play
    • View Profile
    • My detailed info
  • BitShares: liondani
  • GitHub: liondani
The suspicious member sent a private message to several members here... check the screen shot if you are included...
Hope nobody gave him more information's about your habits...

I think we where his potential priority targets...Thoughts?




Offline sudo

  • Hero Member
  • *****
  • Posts: 2255
    • View Profile
  • BitShares: ags
when can  bts's keyid login  function avaible& forum support it?

Offline donkeypong

  • Hero Member
  • *****
  • Posts: 2329
    • View Profile
I have removed the attacking user account.

Admins - I shouldn't be the one first to respond to this kind of thing.

I was looking at this at like 7AM.

Hook me up with some admin status BM-- I have had admin status on peercointalk for a long time (although I haven't been going there much lately).

Me, too, please. It's always daytime somewhere, where one of us is on the forum. If a number of us are vigilant, we can knock it out before it bothers too many users. 

merockstar

  • Guest
I have removed the attacking user account.

Admins - I shouldn't be the one first to respond to this kind of thing.

I was looking at this at like 7AM.

Hook me up with some admin status BM-- I have had admin status on peercointalk for a long time (although I haven't been going there much lately).

Offline luckybit

  • Hero Member
  • *****
  • Posts: 2921
    • View Profile
  • BitShares: Luckybit
POSSIBLE FISHING! (?)
Anybody that has already gave the password should change passwords for other applications/sites/wallets if they are identical !!!

What the hell do bitsapphire security wise on the forum? Is it acceptable to happen???
I want them to make a statement ASAP !!!!  FIX SECURITY leaks on the forum !!!!

When I try to see my messages I see this!!!   Don't give your personal details (username/password)


It gets worse. As the market cap rises there will be much more targeted spear phishing. This is why as the market cap increases you also wan't a diverse group of owners. Centralized ownership with a high market cap is a liability in some ways.

https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads

Offline liondani

  • Hero Member
  • *****
  • Posts: 3737
  • Inch by inch, play by play
    • View Profile
    • My detailed info
  • BitShares: liondani
  • GitHub: liondani

Offline liondani

  • Hero Member
  • *****
  • Posts: 3737
  • Inch by inch, play by play
    • View Profile
    • My detailed info
  • BitShares: liondani
  • GitHub: liondani
On it at the moment. It seems that user wmap exploited an smf bug to upload PHP scripts as photos. This is most likely as a result of us upgrading to a dedicated server with our hosting provider, and hence making it possible to execute non-smf related scripts.

We are working on resolving this issue asap.

Meanwhile, If anybody gets a similar prompt please notify us.
could we be at risk even if we haven't gave our info? Is it like a virus loaded on memory or only a phishing attempt?

Sent from my ALCATEL ONE TOUCH 997D

Offline feedthemcake

  • Full Member
  • ***
  • Posts: 158
    • View Profile
I have removed the attacking user account.

Admins - I shouldn't be the one first to respond to this kind of thing.

 +5% +5% +5%

Offline bitsapphire

On it at the moment. It seems that user wmap exploited an smf bug to upload PHP scripts as photos. This is most likely as a result of us upgrading to a dedicated server with our hosting provider, and hence making it possible to execute non-smf related scripts.

We are working on resolving this issue asap.

Meanwhile, If anybody gets a similar prompt please notify us.
Register and get your personal Moonstone Wallet Beta here: https://moonstone.io/login-register.html

Offline fluxer555

  • Hero Member
  • *****
  • Posts: 749
    • View Profile
bytemaster,

Infected accounts are displaying the exploit in their signatures. For example, member 'Akado':

https://bitsharestalk.org/index.php?topic=11056.0

This exploit should be taken care of, no '.php' files should be allowed between [ img ] tags

Offline bytemaster

I have removed the attacking user account.

Admins - I shouldn't be the one first to respond to this kind of thing. 
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline donkeypong

  • Hero Member
  • *****
  • Posts: 2329
    • View Profile
I keep getting it. I just click cancel and things work OK.

Offline liondani

  • Hero Member
  • *****
  • Posts: 3737
  • Inch by inch, play by play
    • View Profile
    • My detailed info
  • BitShares: liondani
  • GitHub: liondani
POSSIBLE FISHING! (?)
Anybody that has already gave the password should change passwords for other applications/sites/wallets if they are identical !!!

What the hell do bitsapphire security wise on the forum? Is it acceptable to happen???
I want them to make a statement ASAP !!!!  FIX SECURITY leaks on the forum !!!!

When I try to see my messages I see this!!!   Don't give your personal details (username/password)
« Last Edit: November 09, 2014, 03:22:27 pm by liondani »