Post
Topic
Board Meta
Re: Security bounties
by
Security Engineer
on 29/08/2019, 23:17:33 UTC
Hello theymos.

I quote here two post regarding BitcoinTalk's security and I hope you will do what I recommended.

@theymos If I'm you I would remove Google reCaptcha before a DoS hits your main server! The sitekey my boy, the sitekey... I also did some research around the SSL certificates you got from Sectigo... Later I will contact you when I decided what to do with all this.

You don't want to keep that Google reCaptcha there mainly not only because I was able to indentify your server behind cloud but you don't need that at all! Before the cloud it was useful but now you can use just one captcha... better for you.

Quick tips for mitigation: Remove Google reCaptcha and implement Argo Tunnel

administrator of this forum without any knowledge of programming. I have read his post from the very first one and nothing indicates he had any knowledge of programming.
Bitcointalk are Big forum have over 2.6 Million member need knowledge of management. And not necesarry know about programing.
Manager can recruit people who have knowledge about it.
That is correct DroomieChikito!  Wink

If @theymos do what I recommended to him here: https://bitcointalk.org/index.php?topic=5179950.msg52306296#msg52306296 and in PM than he never again would need to even think about that something bad happens to the server(s) of BitcoinTalk. In the current state BitcoinTalk is vulnerable. If he does what I recommended it will mitigate all types of attacks once and forever.

This topic will loose it relevance immediately: https://bitcointalk.org/index.php?topic=309785.msg3326091#msg3326091 meaning that no more bounty. Some regarding the forum and email can be still ongoing but he would need to rewrite the entire post.

Cheers!



I can't reply to your PM theymos Cheesy I'm to new here...  Roll Eyes
I got your PGP key. I will send you what you asked. Right now I'm busy with something else. I can assure you soon you will get the response in PM or in an encrypted email.

Is this yours?
Code:
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQMuBExwwKsRCADZL8C3DWzSohJv6qcrZ2r0jdhY/BhUKzs8utbpa+wbPrBztNCN
9Gxu+6PUiFVuEhpdXpCKGy2sf+CyzOTdGYJtlIykH6jdEW/PLyW5a23SKZEHvI4S
RNWZCPF9kqujRHb++mrf6t6ehiMUkFcn0aQOYMMrk/pVrdx3LmmUSgsvOvCRRWS3
vo1uNJdlnqOA7pc6sgOs7bZI32zVk4p+1QVgZ6gKAOx2ga8IBILs3KMzt72WFdF1
1W0k92T/xQ+FHf0O9nMdeN/qKRBSZn1CMoJgaG23Kj8O3K3AwEgijBD60ByvIHOL
7WjFJ8IVA/obhn/Xoa1ZD91rDYvH/18kldVXAQDTdgjwDHNd4AItspbLTMvtovK8
RxWvNiHy7nE6j/BmlQgAl02c0soZXL2VhGw0gX+gIUZY3jD2pWQSFqdUb+dXNqVI
ISjINPqD35xm7Hll4B5CSlsjz5j+gJc8xrfWw1YAjK6SJxhQcevI+wbXBqfX3pYj
MYeOgszkSHAcs5EsW03EdYQ9SlrFk+5+4hsUBp86hEb3xaqkj3a2X3cO1J3erZ2R
ScFayjr7aTCuSmdguCsslSSyn/xW+N7f0s/C4JPgnVznfw1/BpNm7gFTfKidGmlx
ib4JtrxlwuYwNRbEFsynFHA+hjHa+NyJBHdf+MUyTQ/bzpiEhxL9QXKRDBTAGVMx
f44qR07JtFfZjogEXSWt1NP2fJhMsqWyFHJq7n7Kegf+NMPvIOiVJiAKjEQ5j2+6
X+DbBcjRgKr0vNdYeP7dnGK47LPRfX3EE+dTQerawlWunPoHBRkRmDShjxxwlV1F
eTf+buj5yFCBPNCAxKsnXi1EN78iPNkTbnWgKutTDup/fKY+1MZbK/FiymMvHes0
77n0HvzVrQIRaqmk6/jPC6o8f7IuZzpmYFnyUha2v0kdX0VcJATV/AzcIIVFJc5X
YLdcpRxW7qxIvOAJqpHvxl7Gdj7oYBwvnbnU/2Hl3HWh9Lo4AjfD+KpfT/F+iMiK
A4k5geMKtdJk+BLVZYos4qCAZX6VXraTDP2lVWXYzWGP9HKuos19H4V/y/LgJGFe
pbQnTWljaGFlbCBNYXJxdWFyZHQgPG1pY2hhZWxfbStwZ3BAbW0uc3Q+iIAEExEI
ACgCGwMCHgECF4AFAkxww8QLCwkNCAwHCwoDBAIGFQgKCQsDBRYDAgEAAAoJEMZV
VpPatZHnOagBALomn7hramaFsh4W/UfP7dUIXE9BMzgGzHM5rxIkmkSHAP0SAFRV
PBjl2xMYWJWIFnzVMX6odojMv6hneChqjhCTCLQbdGhleW1vcyA8dGhleW1vcytw
Z3BAbW0uc3Q+iIAEExEIACgCGwMCHgECF4AFAkxww8QLCwkNCAwHCwoDBAIGFQgK
CQsDBRYDAgEAAAoJEMZVVpPatZHn4isBAKTwaR9MGR6lKAdS74C+8fgDalbEf4uh
6/mAVFhQYp+GAP9quUjlRyr/po10gTEKStoXOAZ9sRhrb3TlxDRf8C1BWrkCDQRW
DgiMEAgAvWIlg2CjBwhtmMgy+RoS6/HeevH0Qnz3PntfWsTqZuw4kNcu/Xk6HCmY
clN/Lqy8nn/FTaplKTAJS14J20F16nCv5fpzJKB/5i8HLpNz16xpSSPErn1whsKV
/wFCheQ/oFGcJFZvcmauB6iJ3XBvJbAQqF7+mH2ijAHVnwb7V7ANlWyqjbYxPoyb
ro69HUoRojh5MTNv/xGLIajjNH8Ckp9J2XUCWtavj4xJEIoWB3i3C/A0NVQuPGS5
1MqvhWaRvbVlrdhqAuNN1culvZpSLu1y+2vLiyLolLn70viuyH/ouoV/NRo4yFpP
yA1PXDxk+51petVxXPXbVdqvun9Y0wADBQgAmKTl1iwmUr5ncMIc13Bkj5nzF+w8
11OPZ3P98J7Cos0cIXpqLf8FgDr0xU2oPoq33i59xK0SIrj1TqjiSWC4S5YkJNEm
/hgyb+UOk2D2Xm0SKr+2BDMSREEsLhYO1vSi1O0ND1g2QgoQNQ91aMVZ92IX4V8h
++/8smxxcjLkCRc9YrzsRLeuP3PE489n8MzdYbui7vU+RJhKL7mlKKWDKxko3sVH
kmy3CBjjyp04KNAGJwpQzY8G3XmK9eRSypc71ST0ziJxFk5+DPEM8IPZGbHvCS0k
a2yf8Gp5oaCDkSKxNoAnMKcM7fTkFuekAvRKBGB/u+71anvpRCxKslc1gYh+BBgR
CAAmAhsMFiEEXms/O6lhGTxcm0Q1xlVWk9q1kecFAl1bRX0FCQzw13EACgkQxlVW
k9q1kedNhgD+Pp0ZBMuN9VUtzuIsS9gp0DiMmehOdCV99SifqH0phWEBAISGZ6Zl
bY8GhzbuuorCW/UUPHDODxiuBvHI9+/qFjDx
=39Rd
-----END PGP PUBLIC KEY BLOCK-----