Bitcoin Forum

Other => Meta => Topic started by: EdenHazard on January 04, 2019, 06:21:21 PM



Title: Bitcointalk mass hacking... Look at seclog now!
Post by: EdenHazard on January 04, 2019, 06:21:21 PM
A lot of accounts comeback from the dead recently just look at the seclog! (https://bitcointalk.org/seclog.php)

My account was hacked for few secs daaamn yeah they changed my password , luckily there's notification to my email and quickly i changed the bctalk account password and secured everything back!

Few moments later I figure out what the heck is happening with my account as far as I know I am using very unique password , then i randomly look at the seclog page ... the result is crazy!

I see a lot of dead accounts woke up now! Yeah now it's happening!

Can anybody explain this situation?


Title: Re: Bitcointalk mass hacking... Look at seclog now!
Post by: mdayonliner on January 04, 2019, 06:30:37 PM
There are 5,895 accounts woke up in last 30 days. The dead accounts waking up always do not mean that they were hacked. Legit user can login to their accounts after long time. I am not sure how long you need to be inactive to have this woke up log for your account.


Title: Re: Bitcointalk mass hacking... Look at seclog now!
Post by: vlom on January 04, 2019, 06:35:38 PM
this mass comeback is really strange.
maybe somebody found an old dump with PWs and all the old are used now.

somebody should find a similarity between all the accounts.
date of registration?
last login before the comeback?

thanks to the colour:

augustocroppo - woke up
https://bitcointalk.org/index.php?action=profile;u=50315

Narydu - woke up
https://bitcointalk.org/index.php?action=profile;u=21434



Title: Re: Bitcointalk mass hacking... Look at seclog now!
Post by: Jet Cash on January 04, 2019, 06:39:01 PM
Cancel all their sMerits. :)


Title: Re: Bitcointalk mass hacking... Look at seclog now!
Post by: khaled0111 on January 04, 2019, 06:45:36 PM
this mass comeback is really strange.
maybe somebody found an old dump with PWs and all the old are used now.

Even if someone has a copy of the forum's database, it will be useless since paswords are saved after many rounds of sha256 hashing unless the hacker used brute force to find weak passwords.


Title: Re: Bitcointalk mass hacking... Look at seclog now!
Post by: vlom on January 04, 2019, 06:49:20 PM
thats true.
or the database of an account-seller got lost.....  :o


Title: Re: Bitcointalk mass hacking... Look at seclog now!
Post by: EdenHazard on January 04, 2019, 06:50:07 PM
There are 5,895 accounts woke up in last 30 days. The dead accounts waking up always do not mean that they were hacked. Legit user can login to their accounts after long time. I am not sure how long you need to be inactive to have this woke up log for your account.

Not sure I can call it legit, mate .

this mass comeback is really strange.
maybe somebody found an old dump with PWs and all the old are used now.

somebody should find a similarity between all the accounts.
date of registration?
last login before the comeback?
That's what I mean , strange and insane!
I just want to warn everybody here to be more careful with this unusual activity.

I just can't understand how my unique password got hacked , it must be a phising or something but I do aware about that. Or a Keylogger which I do aware about it too.


Title: Re: Bitcointalk mass hacking... Look at seclog now!
Post by: theymos on January 04, 2019, 06:52:53 PM
The rate is not unusual. I added an extra stat to that page.


Title: Re: Bitcointalk mass hacking... Look at seclog now!
Post by: petestheman on January 04, 2019, 07:25:20 PM
The rate is not unusual. I added an extra stat to that page.
OK

But what did you add and how is it connected to the woke-up of all this old accounts?


Title: Re: Bitcointalk mass hacking... Look at seclog now!
Post by: theymos on January 04, 2019, 07:30:42 PM
But what did you add and how is it connected to the woke-up of all this old accounts?

No, I mean that I just now added this stat to the page in order to illustrate that the rate is not unusual:
Quote
296 users/day in the last month, 520 users/day in the last year.

People often see the big wall of seclog events and freak out, but it's a noisy log covering 30 days, and a high number of events is normal. OP's issue is not part of any wider trend.


Title: Re: Bitcointalk mass hacking... Look at seclog now!
Post by: YOSHIE on January 04, 2019, 07:40:16 PM

I see a lot of dead accounts woke up now! Yeah now it's happening!

Can anybody explain this situation?

In the human mind, is good and there is bad, right now people don't have work, they can only make trouble and nonsense, so it's not surprising to find something like this, maybe you can see zombies waking up from their nests ,
Example:
1. zom (https://bitcointalk.org/index.php?action=profile;u=2058191) Position: Brand new
2. zombie (https://bitcointalk.org/index.php?action=profile;u=52174) Position: Newbie
3. zomb (https://bitcointalk.org/index.php?action=profile;u=134578) Position: Newbie
4. zo (https://bitcointalk.org/index.php?action=profile;u=965405) Position: Newbie
5. z (https://bitcointalk.org/index.php?action=profile;u=762) Position: Newbie


1. una (https://bitcointalk.org/index.php?action=profile;u=35350) Position: Newbie
2. uni (https://bitcointalk.org/index.php?action=profile;u=1017425) Position: Brand new
3. une (https://bitcointalk.org/index.php?action=profile;u=1020913) Position: Brand new
4. uno (https://bitcointalk.org/index.php?action=profile;u=217627) Position: Brand new
5. unsa (https://bitcointalk.org/index.php?action=profile;u=125066) Position: Newbie
6. unc (https://bitcointalk.org/index.php?action=profile;u=2445646) Position: Brand new
7. unv (https://bitcointalk.org/index.php?action=profile;u=306471) Position: Newbie
8. unz (https://bitcointalk.org/index.php?action=profile;u=1149896) Position: Brand new
9. unm (https://bitcointalk.org/index.php?action=profile;u=88081) Position: Newbie
10. unQ (https://bitcointalk.org/index.php?action=profile;u=537682) Position: Brand new

For that there is no need to wonder what people are doing, maybe in 1 day all over the world it can make the same thousands of accounts, by irresponsible person.


Title: Re: Bitcointalk mass hacking... Look at seclog now!
Post by: petestheman on January 04, 2019, 07:46:25 PM
No, I mean that I just now added this stat to the page in order to illustrate that the rate is not unusual:
Quote
296 users/day in the last month, 520 users/day in the last year.
Great. It looks more informative now :)

People often see the big wall of seclog events and freak out, but it's a noisy log covering 30 days, and a high number of events is normal. OP's issue is not part of any wider trend.
Yes, it looks like a big list, but still 5900 woke-up accounts should be too much in just a monthly period I thought. It means every day average 200 accounts wake-up ::)



Edit:

I am not sure how long you need to be inactive to have this woke up log for your account.

It pops up if you login after a 6 months time:
It shows up if a user has logged in with their last login time being at least 6 months ago.


Title: Re: Bitcointalk mass hacking... Look at seclog now!
Post by: Upgrade00 on January 04, 2019, 07:56:41 PM
It would raise more suspicion if there were lots of  high ranking accounts involved, but there are many newbie and brand new accounts which were woken up, and this would not be a target for hackers.

It's good you had your email notification and took quick measures to recover and secure your account.
Also sign a message linked to your account, if you are yet to.


Title: Re: Bitcointalk mass hacking... Look at seclog now!
Post by: LTU_btc on January 04, 2019, 09:18:49 PM
In the human mind, is good and there is bad, right now people don't have work, they can only make trouble and nonsense, so it's not surprising to find something like this, maybe you can see zombies waking up from their nests ,
Example:
1. zom (https://bitcointalk.org/index.php?action=profile;u=2058191) Position: Brand new
<snip>
10. unQ (https://bitcointalk.org/index.php?action=profile;u=537682) Position: Brand new

For that there is no need to wonder what people are doing, maybe in 1 day all over the world it can make the same thousands of accounts, by irresponsible person.
Interesting, I also noticed that huge part of accounts which wake up is Brand New, but there are also many Newbie accounts with few posts made. There is also few Jr. Member who ranked up with 1 Merit and few higher ranked accounts, but maybe they aren't related to majority of accounts that wake up. I don't think that these Brand New and Newbie accounts that wake up are hacked, because I don't see many reasons to hack such accounts because they are worthless. I would predict that's just one of botnets which belongs to spamming services


Title: Re: Bitcointalk mass hacking... Look at seclog now!
Post by: theymos on January 04, 2019, 10:06:39 PM
I further modified seclog.php so that by default newbies & brand-new members are hidden unless they are whitelisted, copper member, etc.


Title: Re: Bitcointalk mass hacking... Look at seclog now!
Post by: bitart on January 04, 2019, 10:26:19 PM
I further modified seclog.php so that by default newbies & brand-new members are hidden unless they are whitelisted, copper member, etc.
Whitelisted means you click on the Show All link at the beginning of the Seclog, or this is something new for newbies and brand new members?


Title: Re: Bitcointalk mass hacking... Look at seclog now!
Post by: jackg on January 04, 2019, 10:59:35 PM
I further modified seclog.php so that by default newbies & brand-new members are hidden unless they are whitelisted, copper member, etc.
Whitelisted means you click on the Show All link at the beginning of the Seclog, or this is something new for newbies and brand new members?

I think whitelisted is where an account has special permissions. I think it means like if default trust or the old scammer tag get hacked.




@theymos, what's the remedy of defeating zombies if they have been possessed by an unwanted force?


Title: Re: Bitcointalk mass hacking... Look at seclog now!
Post by: xtraelv on January 05, 2019, 02:28:34 AM
Maybe an account farmer woke up some old accounts after having some of their accounts nuked.

Perhaps they are the sockpuppet shills of a new ICO.


Title: Re: Bitcointalk mass hacking... Look at seclog now!
Post by: lobcmt2 on January 05, 2019, 03:13:31 AM
Got the required inactive period to have a Woke-up status after being active again. It is a six-month period.
It pops up if you login after a 6 months time:
It shows up if a user has logged in with their last login time being at least 6 months ago.


By the way, I visited the seclog, that provides only one page [that likely provides data of the last one or two days].
I have a curious question:
"Are there steps to see full data in the seclog page or at least several options like the last week/ last month/ last quarter, and so on ?"

Thank you.


Title: Re: Bitcointalk mass hacking... Look at seclog now!
Post by: TryNinja on January 05, 2019, 03:28:39 AM
"Are there steps to see full data in the seclog page or at least several options like the last week/ last month/ last quarter, and so on ?"
Nope. But you can use BPIP.org (http://BPIP.org) to check if a specific user has been mentioned in the seclog since the website is constantly scrapping that page and saving the info.


Title: Re: Bitcointalk mass hacking... Look at seclog now!
Post by: bL4nkcode on January 05, 2019, 03:36:10 AM
"Are there steps to see full data in the seclog page or at least several options like the last week/ last month/ last quarter, and so on ?"
Maybe if theymos implement sorting functions there, but I guess it will affect the forum's speed as it will load such immense data from server.


My account was hacked for few secs daaamn yeah they changed my password , luckily there's notification to my email and quickly i changed the bctalk account password and secured everything back!

Few moments later I figure out what the heck is happening with my account as far as I know I am using very unique password , then i randomly look at the seclog page ... the result is crazy!
There's nothing to do about it, woke up status  is different from password changed.


Title: Re: Bitcointalk mass hacking... Look at seclog now!
Post by: lobcmt2 on January 05, 2019, 04:21:20 AM
Nope. But you can use BPIP.org (http://BPIP.org) to check if a specific user has been mentioned in the seclog since the website is constantly scrapping that page and saving the info.
thank you.
I known that Bpip.org site, but it has likely a bit delay to update real data from the forum (hours delayed).
Code:
Last Parsed
and
Code:
Next Planned Parse
I am not sure, but it is likely that data updates in the site is some hours delayed than what really happened in the forum. I meant it is not real-time data.  :)


I guess it is almost the same reasons which forced theymos to stop the given basic statistics of the site, right?
The given data dump stopped in middle of December last year.
Maybe if theymos implement sorting functions there, but I guess it will affect the forum's speed as it will load such immense data from server.


Title: Re: Bitcointalk mass hacking... Look at seclog now!
Post by: TryNinja on January 05, 2019, 04:30:48 AM
Nope. But you can use BPIP.org (http://BPIP.org) to check if a specific user has been mentioned in the seclog since the website is constantly scrapping that page and saving the info.
thank you.
I known that Bpip.org site, but it has likely a bit delay to update real data from the forum (hours delayed).
Code:
Last Parsed
and
Code:
Next Planned Parse
I am not sure, but it is likely that data updates in the site is some hours delayed than what really happened in the forum. I meant it is not real-time data.  :)
That's the info scrapped from the user's profile, which can't be in real time for obvious reasons (there are 229,988 active profiles being scrapped every time).

BPIP is constantly scrapping the seclog page as an independent process and adding the info to each mentioned profile.


Title: Re: Bitcointalk mass hacking... Look at seclog now!
Post by: manfredmann on January 06, 2019, 05:26:05 AM
Yeah there must be something fishy about it and hopefully mods can explain this. We do not want thos site to be hi jacked by anyone else for we know that a lot of cash flowing through this forum. I can sense there is a hacking activity because OP had almost gets his/her account hack. As we all know that hacked accounts were being sold again in the market place so a lot money could be generated from.this activity.


Title: Re: Bitcointalk mass hacking... Look at seclog now!
Post by: seoincorporation on January 07, 2019, 02:41:06 PM
My account was hacked for few secs daaamn yeah they changed my password , luckily there's notification to my email and quickly i changed the bctalk account password and secured everything back!

Any idea about how you account get hacked? Maybe that can help us to avoid that happens to other users? Is weird to get hacked if you have a hard password to brute force, so maybe you know what was the attacking vector. I would appreciate that info.


Title: Re: Bitcointalk mass hacking... Look at seclog now!
Post by: proexcept on January 25, 2019, 03:31:56 PM
There are 5,895 accounts woke up in last 30 days. The dead accounts waking up always do not mean that they were hacked. Legit user can login to their accounts after long time. I am not sure how long you need to be inactive to have this woke up log for your account.

Not sure I can call it legit, mate .

this mass comeback is really strange.
maybe somebody found an old dump with PWs and all the old are used now.

somebody should find a similarity between all the accounts.
date of registration?
last login before the comeback?
That's what I mean , strange and insane!
I just want to warn everybody here to be more careful with this unusual activity.

I just can't understand how my unique password got hacked , it must be a phising or something but I do aware about that. Or a Keylogger which I do aware about it too.

Sorry, I'm too late, but anyway...
How many and what type of symbols did your hacked password consist of?


Title: Re: Bitcointalk mass hacking... Look at seclog now!
Post by: Coinifyx on January 25, 2019, 03:38:03 PM
Tbh I don't think anyone can bruteforce a recaptcha login even with thousands of attempts

What you see it's only the big farmers of the past taking benefits of free merits


Title: Re: Bitcointalk mass hacking... Look at seclog now!
Post by: Geenstijl on January 25, 2019, 03:44:31 PM
Tbh I don't think anyone can bruteforce a recaptcha login even with thousands of attempts

What you see it's only the big farmers of the past taking benefits of free merits

There is a possibility that the forum database dump with password hashes has been leaked. It could easily be bruteforced, especially weak passwords.