Bitcoin Forum

There was at least one case of a successfull phishing through a faked bitcointalk.org URL. See: https://bitcointalk.org/index.php?topic=1389494.new#new and https://bitcointalk.org/index.php?topic=1386622.new#new

The URL that the phisher owns was bitcointaIk.org. The L was replaced with the big i.

Is there an automatic replacement feature that is able to exchange such words automatically because of a proven scam word? So that it automatically routes to the real domain here? Maybe even showing a 404 page that shows a red alert that the user might have wanted to visit a phishing page? At least when bitcointalk's url was being tried to fake.

At least in the preview of my post the url is not replaced. So I think it might be worth to consider to raise the security on the forum.

of course that can be done, but like always when it comes to usefull stuff, we will see this maybe in the new forum software ::)

Well, that might take another year... or two. :P

But I think this forum is not lost completely. Small things are implemented regularly, like newbie warnings in posts and such.

I believe such a change here would be minor because I'm pretty sure the forum software already has a function to replace words.

Well this should be easy to implement, the forum already does this with certain domains such as ones that end in .tk

But as whywefight said, you should request this for the new forum, I think it will be live in two or three months so i dont think we should waste any time implementing anything new here

Really? Interesting... didn't hear of this. I wonder what all the accounts will be worth then that account traders collected on the old forum. :D

Yeah certain links are replaced by [suspicious link removed] or something similar. Its mainly used for those link shorteners that are against the rules AFAIK. I dont see a problem to add *bitcointaIk* to that list.

That's good to hear too though my previous answer was more directed at your second paragraph. I'm sure there are a lot of account traders holding a stash of many bitcointalk accounts. I wonder if they will be worth something anymore in the new forum.

Besides that, it would be pretty fast to add this link then. Actually I'm surprised that that domain was not snatched before. It is a very old blackhat trick to replace these 2 letters.

Oh, yeah I missed that. I dont think it will change much as all posts and ranks will be migrated to the new forum AFAIK.


It should be, but maybe theymos didnt see this thread yet.

Not the solution you asked for Seb, but we have some (kind of) solution now:
Green hover color for bitcointalk.org links (https://bitcointalk.org/index.php?topic=1432118.0).

---

Now we only have to teach everyone to look out for the green color...

I also added that phishing site to the suspicious links blacklist.

www.bitcointaIk.org thanks you :)

shouldnt this be replaced then?

The suspicious links blacklist only affects newbies.

Interesting. Hope it helps to stop such things a bit in the future. Though I guess even senior members could be catched by such a masked link. At least I would await that they get a heads up when "bitcointalk" asks to login again. :)

I'm not quite sure whether this is too great of an idea. In some recent cases it has been Full Members and other groups sending the links from hacked accounts. While the green hover colour does help, it may not be seen by mobile users causing them to perhaps be vulnerable.
Perhaps there should be a seperate blacklist which is forum wide for URLs such as this, and affects all user-groups.

It makes sense when experienced users can see the blocked url... though it would be better to take out the link setting and change it to a simple text and add some text behind like [Suspicious link] or so.

The problem is that with the trend of selling accounts, rank is no longer correspondent to how experienced the user is. This is proven by the amount of Senior-Hero members that don't understand something simple such as the Activity system.

If you have an unedited post from before you were hacked containing a Bitcoin address, you can follow the instructions posted here (https://bitcointalk.org/index.php?topic=497545.0). If you do this, don't expect a response very quickly.

If you do not have such a post, you should start posting from a new account. You aren't going to get your old one back.

minifrij



Exactly... sometimes it looks like users on here tell their mom and their uncle about how to earn big money on a forum. They might even earn more than they could earn working in their country fulltime. Or at least it's a great addition.

---

Lectori



You are lucky they only did that. And it's a pity that this same url still is in bad use. I had a lot of conversation with the scammer that owns that website from the time where a user lost 260$ because of him stealing the account and then starting a trade... stealing funds that way. So you are lucky he only changed pass.

Thanks for your reply.

I never posted a message which an address to my bitcoin wallet. But can't an admin see which email adres was originally used to create my losmilos account? It was losmilos@hotmail.com. Isn't that sufficient to get my account back? 

After they got my Bitcointalk account, I also received a phishing mail to verify my account at Hotmail and one to verify my Poloniex account. But those were very poor phishing sites using a hacked website. I'm very glad to use different passwords for all my logins, otherwise my Poloniex account would have been emptied too...

Never heard of an account reinstated only because of a previous email address.

Account could have changed ownership maybe and the new user changed the email. And did not know or care about getting a signature as proof of a non hacked account.

Most probably the account was sold already. Should be seen in seclog.

I understand. I'm not a regular poster, so I do not care much about the loss of my account. But on the internet I often use the nick Losmilos and it will be strange to see someone posting using my nick... Until now they haven't used my account for posting and I don't think they will. I think they just wanted to get to my Poloniex account.

Why would someone buy my account? It's cheaper to create one.

Thanks for tipping me on the seclog. I can see they changed my password on march the 31st.

Is there a way I can get my hacked account "Losmilos"back?

Thx in advance!