|
Title: ip: 46.38.62.225 - Coin Stealer Post by: theonegilly on March 14, 2014, 06:30:45 PM Hello,
the coin stealers ip: 46.38.62.225 (Russia) I have notifications for all my mpos accounts and my BTC-e account all come through today about logins... thankfully i didn't have any coins on any of them but its just a warning to everyone. Im changing all my passwords as i type so i recommend you all do the same. Title: Re: ip: 46.38.62.225 - Coin Stealer Post by: roslinpl on March 14, 2014, 10:47:38 PM Well thanks for letting us know.
Can you tell us something more about it? Some more details? Title: Re: ip: 46.38.62.225 - Coin Stealer Post by: theonegilly on March 15, 2014, 10:35:33 AM Well i have no idea where this dude got my user and password... but i assume it must be from a Mpos pool that doesn't encrypt passwords :l
This was the email i recieved from BTC-E Successful authorization. Login: theonegilly IP: 46.38.62.225 Date and time: 13.03.14 19:36 And ive got logins for all 3 of my altcoins.pw pools. ( for users of my pools - NOTHING was compromised - everything on the pool requires you to confirm changes via email before anything happens.) Your account has successfully logged in User: theonegilly IP: 46.38.62.225 Time: 03/13/14 19:40:52 If you initiated this login, you can ignore this message. If you did NOT, please notify an administrator. Title: Re: ip: 46.38.62.225 - Coin Stealer Post by: Remember remember the 5th of November on March 15, 2014, 11:07:06 PM This is EXACTLY why you should use a different random password for each and every pool and any other website. I've long known some don't encrypt the passwords for the exact reason of phishing them.
Title: Re: ip: 46.38.62.225 - Coin Stealer Post by: Xch4ng3 on March 16, 2014, 01:50:40 AM This is EXACTLY why you should use a different random password for each and every pool and any other website. I've long known some don't encrypt the passwords for the exact reason of phishing them. Very good point. Also using unique passwords in conjunction with something like LastPass/Keepass avoids scenarios where databases get leaked and attackers will use that combination on other sites. http://whatismyipaddress.com/ip/46.38.62.225 The IP address above belongs to a VPS node in Russia and the ISP has been known to host malicious content, whether or not it may be intentionally allowed by the owner is questionable but doesn't change the fact that the host is used to serve and facilitate in less than kosher activities. Sources: Query on IP (http://whatismyipaddress.com/ip/46.38.62.225) Query on host company (https://www.google.co.uk/search?q=TC+TEL+hosting&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a&channel=rcs&gfe_rd=cr&ei=nwIlU4PcB4bR8ge-xoHABw) Forum post (http://www.forumpostersunion.com/showthread.php?t=24768) MyWOT report (https://www.mywot.com/en/scorecard/doip.net?utm_source=addon&utm_content=warn-viewsc) Title: Re: ip: 46.38.62.225 - Coin Stealer Post by: dangerkid on March 16, 2014, 02:09:20 PM lesson learned. for different accounts use different password. you are lucky that you did not learn this lesson the hard way. the intruder could easily wipe out all of your accounts.
|