Bitcoin Forum
August 18, 2019, 02:28:14 PM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Mass hacking of forum accounts  (Read 968 times)
Blazr
Hero Member
*****
Offline Offline

Activity: 882
Merit: 1001



View Profile
May 21, 2013, 02:00:32 PM
 #1

I've noticed recently that there has been a massive increase in the amount of BitcoinTalk account's being hacked.

See here for some examples:
https://bitcointalk.org/index.php?topic=211977.0;topicseen
https://bitcointalk.org/index.php?topic=211801.msg2221021#msg2221021

I would recommend that anyone who has re-used their account passwords on any other website (including BTC related websites) to immediately change these passwords (use something like LastPass to manage your password), the same goes for your email addresses.

Make sure you use a strong password (letters, numb3rs, $ymbols and upPeR CaSe LeTteRs).

Be careful when trading with people, the account may be hacked, look out for suspicious behaviour, use escrow when possible and do not trade with anyone who may be a risk.

It may be a good idea to add optional Google Authenticator 2FA. This would definitely help reduce the amount of hacked accounts.

1566138494
Hero Member
*
Offline Offline

Posts: 1566138494

View Profile Personal Message (Offline)

Ignore
1566138494
Reply with quote  #2

1566138494
Report to moderator
1566138494
Hero Member
*
Offline Offline

Posts: 1566138494

View Profile Personal Message (Offline)

Ignore
1566138494
Reply with quote  #2

1566138494
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1566138494
Hero Member
*
Offline Offline

Posts: 1566138494

View Profile Personal Message (Offline)

Ignore
1566138494
Reply with quote  #2

1566138494
Report to moderator
pekv2
Hero Member
*****
Offline Offline

Activity: 770
Merit: 502



View Profile
May 21, 2013, 02:30:44 PM
 #2

stay safe link in my sig.
 
&

https://bitcointalk.org/index.php?topic=159424.msg1685280#msg1685280
DobZombie
Hero Member
*****
Offline Offline

Activity: 756
Merit: 500


TheBitcoinMuseum.com


View Profile
May 21, 2013, 07:13:09 PM
 #3

Speaking of signatures, I saw this earlier...

Quote
Bicknellski
https://bitcointalk.org/index.php?action=profile;u=76550
Hero Member
Posts: 631
Canadian Montessori School

   
 
AVALON DELIVERS: Reference Documentation, Bill of Materials, Chip Communication and etc.
LINK FOR THIS ^^^ https://bitcointalk.org/index.php?topic=200668.new#new

The Race is ON: Klondike DIY AVALON by BKKcoins
LINK FOR THIS ^^^ https://109.201.133.65.DONTFUKGOHERE/index.php?topic=190731.msg2095159#msg2095159

I added "DONTFUKGOHERE" in the link so it is useless.

Gives an SSL warning, and I just happen to be logged out.

The Bitcoin Museum is back under my control, but I still need to go through all the code. DO NOT PURCHASE ANYTHING FROM IT

The Biggest Collection of Bitcoin Memorabilia The Bitcoin Museum
Series 2 BitcoinNerd 1g Silver coin thread!
Discount Jewellery! Noella Jean Jewellery



Buy premium Champanges, Spirits & Wines in Australia! My Bitmit Items

Tip Me if you Hate Justin Bieber 1DobZomBiE2gngvy6zDFKY5b76yvDbqRra
2112
Legendary
*
Offline Offline

Activity: 2114
Merit: 1027



View Profile
May 22, 2013, 01:43:54 AM
 #4

I added "DONTFUKGOHERE" in the link so it is useless.

Gives an SSL warning, and I just happen to be logged out.
C'mon, this is completely safe. 109.201.133.65 is just the current IPv4 address for the bitcointalk.org. The browser store the authentication cookie indexed by the string value of the "website" portion of the URL. The warning was propably that "109.201.133.65" != "bitcointalk.org". You can safely log in to https://109.201.133.65/ with the same credentials as to the https://bitcointalk.org/ after verifying that the certificate is indeed for "bitcointalk.org". Same browsers are/were so paranoid that would force another session when the URL would be https://bitcointalk.org:443/ , where 443 is the default HTTPS port.

I think that as far as browsers go only Internet Explorer (maybe some older versions, like IE6) had a cookie and/or authentication credentials storage indexed by the server certificates, not by the URL strings. Several HTTP/HTTPS libraries have this functionality built-in.

Please comment, critique, criticize or ridicule BIP 2112: https://bitcointalk.org/index.php?topic=54382.0
Long-term mining prognosis: https://bitcointalk.org/index.php?topic=91101.0
DobZombie
Hero Member
*****
Offline Offline

Activity: 756
Merit: 500


TheBitcoinMuseum.com


View Profile
May 22, 2013, 02:28:12 PM
 #5

I'd rather be paranoid than trusting  Grin

The Bitcoin Museum is back under my control, but I still need to go through all the code. DO NOT PURCHASE ANYTHING FROM IT

The Biggest Collection of Bitcoin Memorabilia The Bitcoin Museum
Series 2 BitcoinNerd 1g Silver coin thread!
Discount Jewellery! Noella Jean Jewellery



Buy premium Champanges, Spirits & Wines in Australia! My Bitmit Items

Tip Me if you Hate Justin Bieber 1DobZomBiE2gngvy6zDFKY5b76yvDbqRra
dexX7
Legendary
*
Offline Offline

Activity: 1106
Merit: 1005



View Profile WWW
May 22, 2013, 06:46:50 PM
 #6

There is a phishing BTC-E website going around (btceXXXXX.site40.net) and spread by email. Maybe that's linked?

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!