Webpage Not Available

The renowned Bitcoin forum, BitcoinTalk, is not reachable. About six hours ago, BitcoinTalk.org suddenly stopped responding. Before any updates were posted, various schools of thought emerged as to what happened. The truth has been revealed, of course, but here were the speculations:

Was it… 

Taken Offline?

Earlier the bitcointalk twitter stated that they might be experiencing a DDOS attack

Is the GAW team behind this one? They have been known to DDOS coinfire after their provocative SEC investigation post.

Recently, a user by the name of WoodCollector was accused of running a scam of taking online jpeg vector images, running them through a laser engraver, engraving them on wood and claiming that the pieces are hand crafted, selling the for $14k a piece. Did he take some of his precious bitcoins and invest in a botnet ddos?

Hacked?

The forum is running a decently secure version of Simple Machines Forum (SMF) 1 with some custom code put into place to maximize security. Security breach bounties over the past few years have also helped to defend the forum’s backend.

It is possible, however, that an unknown attacker managed to accomplish the impossible – to penetrate the impenetrable – and work his or her way into the forum. From here, the attacker could have wrecked havoc.

One speculated vector of attack is a most popular SQL injection, where a user could sing up with such a name which would trigger a table drop from the SQL database. One such example would be:

Robert’); DROP TABLE bitcoin.smf_members;–

Here is a brief explanation of this attack by /u/physalisx:

Google SQL injection, it’s a method used in hacking databases.

Basically, an insecure program can create a database query that looks something like this

database_query = "INSERT INTO students VALUES (' + student_name + ',' + student_birthdate + [etc] + ');"

Where student_name and student_birthdate are variables the program uses. If now someone enters a student name like

Robert'); DROP TABLE students;--

the overall command that the application makes out of that ends up deleting the whole database table.

What we know

 So far all we know is that BitcoinTalk.org’s disks were corrupted, according to Twitter user @bitcointalk.

BitcoinTalk.org’s staff are working hard to resolve this issue. One issue that does seem to stick is the fact that bitointalk.org received over a million dollars of donations to support the forum, yet the forum software is archaic and now we also know that is is pretty vulnerable.

Update 1/22

The official bitcointalk twitter account @bitcointalk confirmed that the result of the downtime is a harddrive failure

 what is a 1+0 RAID array?

First of all, a RAID array is a nested set of normal RAID configurations, aka hybrid RAID. A normal RAID stands for redundant array of independent disks. It’s purpose is to essentially combine more than one hard drive into one logical unit whose job would be data storage. Popular forums, Big corporations, Government agencies, all use RAID configuration to store their data in order to protect it.

Bitcointalk.org is the most popular forum for the bitcoin community and had close to $1 million in donations sent to it. It comes to no surprise that it would run a nested RAID configuration.

It was specifically running the RAID 1+0 configuration which looks like this and requires a minimum of 4 drives

That looks pretty safe to me! However, could bitcointalk have done better? Here is an example of a RAID 50 array which requires a minimum of 6 drives

Of you think that is not enough check out RAID 60 which requires at least 8 drives, now we are talking!

If you liked this article, make sure to follow @btc_feed and subscribe to our newsletter!