Oct 5 [11:06 PST] <theymos> I'm working on setting up the new server now.Oct 5

1. Oct 5 [11:06 PST] <theymos> I'm working on setting up the new server now.
2. Oct 5 [11:13 PST] <theymos> I'm not 100% sure what the attack was, but I feel that it should be safe to put up the forum with pretty much everything except posting disabled. Then I'll enable things after they've been checked more carefully, or the attack vector is convincingly found.
3. Oct 5 [11:13 PST] <theymos> I've decided that the nginx + avatar upload thing was probably not the attack vector.
4. Oct 5 [20:51 PST] <theymos> There's a small fire on the electrical pole outside of my house. The fire dept. is looking at it now. It's possible that I might lose power for a while. If so, the forum's return will be delayed.
5.  
6. Oct 6 [10:57 PST] <theymos> bcb: I'm working on the forum.
7. Oct 6 [10:58 PST] <bcb> theymos, is the fire out?
8. Oct 6 [10:58 PST] <theymos> Yes.
9. Oct 6 [10:59 PST] <Ontolog> theymos: did you wind up handing out that 50 BTC to anyone yet?
10. Oct 6 [11:02 PST] <theymos> No. I ended up finding the exploit myself.
11. Oct 6 [11:10 PST] <bcb> theymos, will you publish the exploit?
12. Oct 6 [11:10 PST] <theymos> Yes.
13. Oct 6 [11:33 PST] <theymos> bcb: Yes, unfortunately that seems accurate. While auditing all of the code, I found two backdoors hidden in obscure places that could have been used to perform this attack.
14. Oct 6 [11:35 PST] <theymos> Long ago I disabled that particular SMF feature allowing admins to modify arbitrary files, but I guess it was after the backdoors were reinserted.
15. Oct 6 [11:36 PST] <theymos> None of the admins from then are admins now except for me. I wonder who let their password be weak, though...
16. Oct 6 [11:38 PST] <TuxBlackEdo> theymos, will the forum be back up today?
17. Oct 6 [11:39 PST] <theymos> BTW, I'm not actually sure whether that bug was ever fixed in upstream SMF... When I was auditing the code, I noticed that the forum has code there that SMF does not.
18. Oct 6 [11:40 PST] <theymos> TuxBlackEdo: Most likely. The server is mostly set up. I'm currently disabling/fixing certain dangerous things in the SMF code. Then I need to go through the database to make sure that no backdoors were inserted there. Then just a little more server configuration is needed. bitcointalk.org is already pointing to the new IP.
19. Oct 6 [11:41 PST] <rotavator> why a new ip?
20. Oct 6 [11:42 PST] <theymos> For speed and security, a new server was set up.
21. Oct 6 [11:42 PST] <theymos> Also, warren has set it up with multiple VMs, so it'll be easy to set up a testing server.
22. Oct 6 [11:43 PST] <iddo> will bitcointalk still be hosted by mtgox ?
23. Oct 6 [11:44 PST] <theymos> The forum hasn't been hosted by MtGox for about a year.
24. Oct 6 [11:45 PST] <theymos> I'd like to make the forum's code public, but the SMF 1.x license prohibits this. I'll see about upgrading to 2.x in the near future, or at least getting a special exception from SMF.
25.  
26. Oct 6 [13:33 PST] <gmaxwell> theymos: drop a key with 50 BTC in published path on the webserver for your initial launch.
27. Oct 6 [13:34 PST] <theymos> Then someone will probably grab it and not tell me their method...
28. Oct 6 [13:34 PST] <gmaxwell> theymos: better or worse than not knowing? I'm saying this already assuming you really believe it to be secure.
29. Oct 6 [13:35 PST] <theymos> OK, maybe I'll do something like that.
30.  
31. Oct 6 [14:25 PST] <nottm28_> theymos: is it worth us waiting up tonight or are we looking tomorrow now?
32. Oct 6 [14:25 PST] <theymos> Should be up in 1-2 hours.