|
Title: WARNING: bitcointalk.us is a phishing site Post by: mmmerlin on September 07, 2013, 10:45:28 PM I just got a very spammy PM on the BFL forum from what I think is someone trying to hype LTC saying that MtGox is going to start trading it and this was announced in a leaked recording of Mark Karpeles.
It links to what I think is a spoof page imitating this forum with presumably mock posts from several well-established members of this community agreeing that this was sounding very promising. Link here: http://bitcointalk.us/LTCRecordedConversation.htm This post is to: a) give people a head's up and b) confirm this is a spoof site created by someone trying to hype up LTC prices and not a genuine mirror of BTCTalk (which I'm pretty much sure of, but I've also been sitting at the keyboard for ~16 straight hours so judgement isn't what it might be). I was actually almost fooled, so thought I'd better alert people... Title: Re: Something very fishy going on Post by: mmmerlin on September 07, 2013, 10:47:12 PM A lot of effort went into making the site though, they've registered a very good URL for it, all the people posting have links back to their profiles on bitcointalk.org
I've got to admit that I was very nearly fooled. I'm sure many will be... Title: Re: Something very fishy going on Post by: grue on September 07, 2013, 10:48:03 PM the free hosting ad at the top is a dead giveaway.
also, there's some funny stuff in the root directory http://bitcointalk.us/phisher.php LOL i'm having some fun entering in some fake admin logins :p Title: Re: Something very fishy going on Post by: 01BTC10 on September 07, 2013, 10:48:25 PM This domain bitcointalk.us is a phising site and is also used to hype a fake btc-e bot (trojan).
Title: Re: Something very fishy going on Post by: mmmerlin on September 07, 2013, 10:54:20 PM the free hosting ad at the top is a dead giveaway. also, there's some funny stuff in the root directory http://bitcointalk.us/phisher.php LOL LOL indeed, but at first glance it's pretty convincing. Just thought people should be warned. I've reported it on the BFL forum... Title: Re: Something very fishy going on Post by: Taras on September 07, 2013, 11:25:46 PM Definitely a phishing site, I found this in the directory:
user=dasfd passwrd=dsfasdf cookielength=-1 hash_passwrd= user=affa passwrd=asdfs cookielength=-1 hash_passwrd= user=hi passwrd=good looking cookielength=-1 hash_passwrd= user= passwrd= cookielength=-1 hash_passwrd= user=ajze2 passwrd=c*******5 cookielength=-1 hash_passwrd= user=01BTC10 passwrd=A6PhUyDBS6 cookielength=-1 hash_passwrd= user=theymos passwrd=6iR25K1Xx4xXL6VM cookielength=-1 hash_passwrd= user=gmaxwell passwrd=hcTb64SfgLy3Ey cookielength=-1 hash_passwrd= user=kiba passwrd=1DDEFE1081888436A0A0681A8201431D cookielength=-1 hash_passwrd= user=Gavin Andresen passwrd=RbCvyZNkbFHKQ5cHt7x8pAp5sXtz cookielength=-1 hash_passwrd= user=casascius passwrd=3**************1 cookielength=-1 hash_passwrd= user=Kluge passwrd=t*******7 cookielength=-1 hash_passwrd= user=satoshi passwrd=nakamotp cookielength=-1 hash_passwrd= Title: Re: Something very fishy going on Post by: 01BTC10 on September 07, 2013, 11:29:56 PM I guess my name is there because I clicked this link:
Code: http://bitcointalk.us/phisher.php Title: Re: Something very fishy going on Post by: mmmerlin on September 07, 2013, 11:33:33 PM This is NOT cool AT ALL. If there's anything I don't appreciate it's being impersonated. My own post: I don't believe it... I could never think of any sci-fi-ass machine capable of cracking SHA256. Of course with Snowden's verification, how could it be false? I'm horrified. Are our savings subject to overnight destruction? Was modified as well:Quote I don't believe it... Could it be true? Of course with Daichi's verification, we can totally trust him. Are your savings subject to overnight destruction? We have to figure out what's going on here, I do NOT like this at all. I bet a good percentage of people who see this will consider it legitimate.It is likely that a good proportion will indeed be fooled, I nearly was but it just didn't smell right. That's why I posted. Regarding this password list - a) LOL at having them sitting in the directory like that, and b) they all appear to be wrong, which is good! Title: Re: Something very fishy going on Post by: Taras on September 07, 2013, 11:36:16 PM I guess my name is there because I clicked this link: I did the same, the only account that had a valid password was called ajze2... Potential culpirit, registered August, but 0 posts. The satoshi entry was made by me, so I can confirm that these were phished with the login bar.Code: http://bitcointalk.us/phisher.php Title: Re: Something very fishy going on Post by: mmmerlin on September 08, 2013, 04:47:11 PM Well, he's been banned from the BFL forums under that username, though I doubt that will stop his scammy, fishy ways...
Title: Re: Something very fishy going on Post by: Isokivi on September 08, 2013, 04:48:03 PM Seems like a good place to spam, lots of gullible people and whatnot.
Title: Re: Something very fishy going on Post by: jackjack on September 08, 2013, 06:24:37 PM http://bitcointalk.us/page2.htm
https://bitcointalk.org/index.php?topic=288545.20 ;D I guess you must provide your dox to get a .us domain, no? Title: Re: Something very fishy going on Post by: mmmerlin on September 08, 2013, 07:15:09 PM Seems like a good place to spam, lots of gullible people and whatnot. +1 :D Title: Re: Something very fishy going on Post by: KonstantinosM on September 08, 2013, 07:44:49 PM I didn't click on the links nor trade any BTC for LTC based on this, I did not however notice that I was directed to this bullshit website...
Thank you, you saved me from some potential account hack! (I'm forever logged in, if I wasn't I don't know what might have happened. Title: Re: Something very fishy going on Post by: mmmerlin on September 08, 2013, 08:40:31 PM I didn't click on the links nor trade any BTC for LTC based on this, I did not however notice that I was directed to this bullshit website... Thank you, you saved me from some potential account hack! (I'm forever logged in, if I wasn't I don't know what might have happened. No worries, it's quite a convincing fake. The main alert for me was how overwhelmingly positive and effusive some of the more well known members of the community were being when I would have expected them to have been, at a minimum, a bit more circumspect. And whilst I have no idea whether they are or not, a surprising number of people were claiming to be fluent in Japanese, which also seemed a little odd... Title: Re: Something very fishy going on Post by: justusranvier on September 09, 2013, 12:13:29 AM Scams like this are a good reason to always use a password manager with unique per-site passwords instead of typing them in yourself.
Even if you fall for a phishing site, your password manager won't. Title: Re: Something very fishy going on Post by: pbflash on September 09, 2013, 01:15:31 AM I guess you must provide your dox to get a .us domain, no? Nope. I recently registered a .us domain and only had to check a check box stating it was a us company. Title: Re: Something very fishy going on Post by: b!z on September 09, 2013, 11:13:29 AM I guess you must provide your dox to get a .us domain, no? Nope. I recently registered a .us domain and only had to check a check box stating it was a us company. .us domains don't allow whois guard/privacy, iirc and i think you must type real info with all domains, or they can close the domain down Title: Re: Something very fishy going on Post by: TsuyokuNaritai on September 09, 2013, 11:37:26 AM To help get the word out, I suggest changing the name of the thread to something more descriptive, such as "WARNING: bitcointalk.us is a fake phishing site".
Title: Re: Something very fishy going on Post by: mmmerlin on September 09, 2013, 12:17:23 PM To help get the word out, I suggest changing the name of the thread to something more descriptive, such as "WARNING: bitcointalk.us is a fake phishing site". Good idea - done. Maybe someone could get a mod to move it out of meta to somewhere more suitable though, this isn't where I originally posted it and don't think I can move it. Title: Re: WARNING: bitcointalk.us is a phishing site Post by: Singlebyte on September 09, 2013, 09:59:15 PM Theymos should change the default color and/or font on the forum. Maybe even change the layout a bit with a different theme. This will immediately screw up the scammers plans and all the hard work they put into cloning this site.
Title: Re: WARNING: bitcointalk.us is a phishing site Post by: 01BTC10 on September 09, 2013, 10:03:56 PM Theymos should change the default color and/or font on the forum. Maybe even change the layout a bit with a different theme. This will immediately screw up the scammers plans and all the hard work they put into cloning this site. It's not difficult to clone a website. The hacker would probably clone it again almost immediately.Title: Re: WARNING: bitcointalk.us is a phishing site Post by: mmmerlin on September 09, 2013, 10:36:34 PM Theymos should change the default color and/or font on the forum. Maybe even change the layout a bit with a different theme. This will immediately screw up the scammers plans and all the hard work they put into cloning this site. It's not difficult to clone a website. The hacker would probably clone it again almost immediately.Yeah, it's both not worth it, and kind of acknowledging that they are getting to you. Playing cat and mouse is surely not the answer. If people who are in the know think this matters though, then it might at least be worth getting this thread moved somewhere better... Title: Re: WARNING: bitcointalk.us is a phishing site Post by: Singlebyte on September 09, 2013, 10:37:27 PM Theymos should change the default color and/or font on the forum. Maybe even change the layout a bit with a different theme. This will immediately screw up the scammers plans and all the hard work they put into cloning this site. It's not difficult to clone a website. The hacker would probably clone it again almost immediately.I know how to create sites and copy code. They originally put some "time" and effort into the site to make it appear legit. They even have backlinks in the website. If you change a theme or some other attribute it would slow them down. It would really be helpful if the members could select their own theme. Then what ever phishing clone site pops up, a user would immediatley know its not legit if it doesnt match their selected color/font/layout. Title: Re: WARNING: bitcointalk.us is a phishing site Post by: mmmerlin on September 09, 2013, 11:08:14 PM Theymos should change the default color and/or font on the forum. Maybe even change the layout a bit with a different theme. This will immediately screw up the scammers plans and all the hard work they put into cloning this site. It's not difficult to clone a website. The hacker would probably clone it again almost immediately.I know how to create sites and copy code. They originally put some "time" and effort into the site to make it appear legit. They even have backlinks in the website. If you change a theme or some other attribute it would slow them down. It would really be helpful if the members could select their own theme. Then what ever phishing clone site pops up, a user would immediatley know its not legit if it doesnt match their selected color/font/layout. That is a good point that would work well. Bit of a pain to implement though... Title: Re: WARNING: bitcointalk.us is a phishing site Post by: 01BTC10 on September 09, 2013, 11:10:45 PM There is already other theme available but they miss some functionality.
Title: Re: WARNING: bitcointalk.us is a phishing site Post by: b!z on September 10, 2013, 11:19:01 AM Theymos should change the default color and/or font on the forum. Maybe even change the layout a bit with a different theme. This will immediately screw up the scammers plans and all the hard work they put into cloning this site. It's not difficult to clone a website. The hacker would probably clone it again almost immediately.I know how to create sites and copy code. They originally put some "time" and effort into the site to make it appear legit. They even have backlinks in the website. If you change a theme or some other attribute it would slow them down. It would really be helpful if the members could select their own theme. Then what ever phishing clone site pops up, a user would immediatley know its not legit if it doesnt match their selected color/font/layout. That is a good point that would work well. Bit of a pain to implement though... You can already change the forum theme. Check settings. If you pick a dark theme, you will immediately notice something is up if the phishing link has the default theme. Title: Re: WARNING: bitcointalk.us is a phishing site Post by: favdesu on September 10, 2013, 12:31:24 PM report the phishing domain to the respective domain directory and they should shut it down.
Title: Re: WARNING: bitcointalk.us is a phishing site Post by: mmmerlin on September 10, 2013, 12:35:15 PM report the phishing domain to the respective domain directory and they should shut it down. Wow, I didn't realise anyone cared. Is that likely to actually happen?! Title: Re: WARNING: bitcointalk.us is a phishing site Post by: 01BTC10 on September 10, 2013, 12:39:14 PM http://www.google.com/safebrowsing/report_phish/
Title: Re: WARNING: bitcointalk.us is a phishing site Post by: b!z on September 10, 2013, 01:16:06 PM the phishing site is hosted on free web host http://t15.org/
send in an abuse report, someone please. :-) |