Bitcoin Forum

Yesterday, user Sanya_sun (https://bitcointalk.org/index.php?action=profile;u=1042999) (now banned) was spamming phishing links to Bitcointalk.org spelled with double L ("taLLk"). Most of his posts have been deleted, but there's one left:
It's very nice to see the phishing link is now automatically replaced by a warning!
My request: please do the same with the phishing link mentioned in the topic title. Those links are often posted, probably because Google keeps showing them.

Oh my god, i almost opened that thread yesterday, too sleepy to do that, and come back to pc this morning hoping to read it, but i found this thread instead. Maybe, yesterday, i will click to that link because news about satoshi is interesting and intriguing but thanks i didnt. This phishing case should be moderated fastly by moderator or admin, and automation on replacing the link to [phishing] is a great way to deal with this case. Just need a lot of database of phishing link so it will run perfectly.

Thanks LoyceV, you saved my life.

It's great to see the domain is being replaced by the word "phishing" in links. This will help to protect Bitcoin Talk members. At first I thought it would be a good idea to replace all references to the domain, but on reflection, I think it would be better to leave the name intact in warning posts that don't contain an active link. This will help to protect lurkers and Google users who are not members of Bitcoin Talk. If we can make sure that these scams are not profitable, then hopefully we can reduce the number of them in the future.

I actually believed it, until I checked satoshis real profile and saw that he never was active

Good that she's now banned

The site is still working, despite the links to it are closed by now:
https://i.imgur.com/snCMRgB.png

Also, the scammer has won some dollars by creating this site, taking a look at the BTC address he/she posted on the fake site, the winnings are:

https://i.imgur.com/1h4THTl.png

Fortunately, it doesn't seem a phishing site but a static copy in where you can only find this false thread, but you cannot modify in any sense the site, you cannot log in, so your Bitcointalk identity is secure.
I've tried to make a google search regarding the topic and it is not positioned, gladly, in fact, this is really difficult to find if you don't know with precision the name of the fake site.
Nevertheless, this piece of shit, this crap, this scammer, has won something with it, and at the cost of 9 people here...

Thanks LoyceV, I've been aware about this Phishing site lately when I heard about this rumors that Members of Bitcointalk.org are being hacked and the possible reason is because they might be a victim of Phishing. Although this Sanya_sun is banned, we can't assure that there are no more Accounts/Members spreading this phishing link and trying to scam people around here.

Looks like double checking the link before clicking it is the best solution. But how if we didn't notice it. Links like this https://[phishing]/index.php.topic=5.msg28.php is much easier to find out if its phishing or not but how if the links is hidden in a text like this Phishing (https://www.google.com.ph/url?sa=t&source=web&rct=j&url=https://searchsecurity.techtarget.com/definition/phishing&ved=2ahUKEwiryq7rl4PbAhXIVbwKHUk6AbUQFjAQegQICBAB&usg=AOvVaw3d0ZTuvqVEgXnlLkjY4L6q) (The url provided is a link to Phishing's definition, just an example)
See? We must be double careful in clicking links. It's a relief that phishing sites automatically shows "phishing" so that it can warn people of Bitcointalk.org immediately.

Please beware of those phishing sites. Being cautious on the URL's will not take time and its for our own good. My suggestion is to add bitcointalk.org to our bookmarks so we can typographical error. This is were phishing sites takes advantage. Checking the secure section just beside the URL is also a great practice. Sanya_sun won't stop trying to hack other account using phishing sites so always be cautious guys.

They got the guts to copy the site entirely but any member who is familiar with the site and its members would see this is a fake one. Just by typing the phishing site you instantly get redirected to Satoshi's "post" which is a no-brainer, another thing is when you try to log-in it won't work as it will again redirect you to the post. I just hope that this site will shut off entirely you can even see that this phishing site copied some notable members here in the forum and that is including the theymos.

Edited: Thanks LoyceV I have removed my mistake.

This is incorrect: it's not allowed to give more than 50 merit per month to the same user. But you can give 50 merit again the next month.

Check Satoshi's first post (https://bitcointalk.org/index.php?topic=5.msg28#msg28) for yourself.

This site has to be closed permanently. I had some links in my guide and in my merit giveaway thread, leading to the .to domain.
Thanks to vlad230 (https://bitcointalk.org/index.php?topic=3108981.msg36567122#msg36567122) I got them cleaned up, but just wondering how did I end up with the phishing links in the first place?
I started writing my guide back in the autumn last year when I was a newbie so probably they were already circulating in the forum.

You probably got them on Google. I had a few of them in one of my posts when I was researching an user.

Loyce was the one that warned me. And I see that he didn't mention adding the fake website to your hosts file while it hasn't been blacklisted.

Thank you, you just gave me some thoughts.
Not only bitcointalk phishing urls, we have to do the same about mixers and etc.
But since it's impossible to ban all unwanted url, we have to make a list of accepted urls like: bitcointalk.org, bitblender.io, cointelegraph.com and etc websites.
If anyone decides to open ANN thread, there must be someone who will add their url in list.
Maybe it takes some work but crypto is the place where most scammers try their best with different methods to scam people (like mixer, mining, gambling script)...

What da, 9 people fooled at this phishing site by the scammer and giving some bitcoin hoping to doubled with and they think that is real Satoshi. I am too curious how scammer make this phishing site looks like real.

Well, thanks to LoyceV we all aware and warn of that phishing site that probably we are the next victim, much better just bookmark the site and then easily to click bookmark site of bitcointalk.org everytime you use.


So thanks to this they had to lock this phishing and nobody was fooled anymore.

A whitelist is very tricky: if one of them would turn into a scam, the forum could be blamed for whitelisting them.

Do you even know what that post is about?

Well, whitelist may sounds risky but look things differently. This whitelist mustn't claim which website is scam or not. I mean it will just collect original URLs of serviced offered on our website and only phishing will be prevented, it has to do nothing with website's trustworthiness.

And what's about user above you, no he doesn't know what that post is about, quoted here blindly  ;D

Let me explain you in a simple way what is this because it looks like you have no Idea.
This method allows you to block any links to this phishing domain locally on your own computer by editing one system file called "hosts". The function of the file is to map an IP address to a web site. Normally all the mapping is done automatically but in some cases you can do it manually.
In the above example the IP address /127.0.0.1/which is mapped to the phishing site is called a localhost /it is assigned to your computer by default/ and all the calls to the site are redirected to it, so they return en error.
This prevent you from opening phishing link from this domain.

Hope is more clear now.

I will bump this too, because I have fallen once for this .to site. Even though I knew about it but due to it appeared in Google search I open the linked and tried to login also with my correct username and password.
Yes there was captcha error but, I only realized after I tried to login.

If there is such phishing sites list, theymos please ad [bitcointalk].[to] to this list.

I was redirected on that domain last week too, I search some ico on google and it was redirected to that site but it is suspicious because
I am logout and I quickly check the domain and it was different so be attentive guys. Everyone need to see this Thread.
or install Cryptonite by MetaCert this is an extention on chrome it helps to avoid phishing sites.

how did they get a copy of the forum database because they have the same exact topics/users/posts

I wonder how the other phishing sites were changed to [phishing] for no time but this sh!t is still unhanded for so many months now.

As of now, the site has been shut off. The phishing site is offline

Still working here.

Here is an archive from right now: https://archive.is/8oHxX

Where is the "add [phishing] to [phishing] list" ?

If bitcointalk[.]to gets added to the phishing list, it will probably get filtered out and changed to something like "[phishing]".

Notice the title of the thread.

Honesty baffles me how a phishing site can outrank the real one on Google search.

Thanks mate, make sense now however I thought there is a public list of phishing sites. My bad.

I still ask why? The case with bitcointaLLk was resolved in matter of days, here we are talking about months, many months..

Today is the first time I hear .to is a phishing site, and this is one of the reasons, it always pops up in Google, I always thought it was just a backup copy of the forum or a mobile version. I was wondering why I get logged out each time.

I hope you never tried to log in there. Maybe now is the time to change your password just in case.

iasenko was right, if ever that you've logged-in in that site, you should change your password immediately. There are lot of Phishing sites out there waiting for victims, this ".to" domain of Bitcointalk is not alone. You should be very careful about clicking links and always check if you are in the right link. Bookmarking Bitcointalk.org will somehow save your account.
I have discussed ".to" phishing site before. Here's the link https://bitcointalk.org/index.php?topic=4476010.msg40187218#msg40187218
Try to visit it if you have sometime.

I must admit that I'm also guilty of having linked that phishing site in the forum last February but LoyceV quickly PM me and I edited my post.


I checked the backlinks of that phishing link and most of them are garbage. The owner has bad intentions of having this site copied this community, so I have no doubtsthat he/she/they knows black-hat methods on how to get into Google's page 1 and outrank us.

I think I can keep bumping this until the title reads "add [phishing] to [phishing] list" ;)

I'm pretty sure that theymos has seen this, what can be the reason that it's not added yet to the list with phishing sites?

I don't think that domain is making an active effort to trick people into giving any kind of personal information. If you have evidence this site is trying to obtain some personal information via deception, you should post said evidence.

Bitcointalk.to appears to be a mirror of some sort, similar to the many other mirrors that are out there. Mirrors are useful in that they give people behind things like the GFW additional ways to access the forum, and its free flow of information.

An interesting fact, as cheater hunter sometimes I need to copy paste one eth address on google bar search and often I find the eth address from a research as bitcointalk.to while the bitcointalk.org is not even shown on the results of google.
If you copy the .to link and you change the .to with .org, the page it esixt on our forum.

Why google shows .to researches but not the .org ones?

+1

Just the fact that the captcha doesn't work in the login page kinda "proves" that phishing isn't the main focus of the website. In fact, maybe they don't even record logins (just don't try to login, maybe they do).

Also, wasn't the forum changing every mention to https://bitcointalk.to to https://bitcointalk.org ? What changed?

I lost my junior member account to those ass munchers.  I locked it so they can't use it.  But I can't get it back because I don't have a key staked - never posted a key in bounty or sig or nothing.  Fucking fuck those hacker fucks until their eye balls are bleeding jiz.

Is it possible for bitcointalk.org to purchase the domain to avoid getting phished? Or it will costs a fortune if you will buy another domain just for this reason?

The owner needs to agree on selling it. If - and only if - he wants to sell it, he can ask for any price he wants (even unrealistic prices).

It's already wordfiltered, just in a different way than sites that are 100% clear phishing.


That'd be subsidizing bad behavior.

I don't know if it did in the past, but it doesn't change the link now.

That would give a great incentive to scammers to register many more phishing sites.

I can't figure out how it's filtered. See the link quoted above.

Maybe they're just trying to leech traffic for whatever reason. Their plan might be to sell it at some point or monetise it (is there any ads on that site?). I clicked on a mirror a while back and it had a pop up advert so that's one way they might choose to monetise mirroring this board.


This would be akin to paying ransoms. If you pay one then once people realise you cough up for such things others would then start doing it (or the same party does it again in the hope you'll keep paying them). If you purchased this domain, then people will just start using others like bitcointalk.ch, bitcointalk.jp and so on and then you have to keep buying them or buy all the possible similar domains you can as a preemptive measure and it just never ends.  It would be much easier to just try police them as they pop up by filtering them out etc. Not perfect by any means but better than playing cat and mouse with unscrupulous individuals who are looking to extort you.

I’m sure most mirrors sell ads or otherwise monetize their site.

This is also true for nearly every other website on the internet.

There are probably too many mirrors and potential domains with similar spellings to bitcointalk for it to make sense to buy them. It would probably make sense to register unused domains though, especially considering how much money the forum is swimming in.