Bitcoin Forum
November 18, 2019, 06:47:51 AM *
News: 10th anniversary art contest
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: [! LINK-SCAMMERS !] We seriously need outgoing link verification  (Read 19042 times)
ShadowOfHarbringer
Legendary
*
Offline Offline

Activity: 1470
Merit: 1002


Bringing Legendary Har® to you since 1952


View Profile
November 17, 2013, 12:23:49 PM
Last edit: November 17, 2013, 12:58:02 PM by ShadowOfHarbringer
 #1

Look at the PM I just received :

[ WARNING FOR NOOBS: DO NOT CLICK THAT LINK BELOW ! ]
Be careful where you mine and exchange bitcoins for money. Most mining pools are a scam, bitcoin exchanges too(they will hold your money for months), look in the scammers section and see for yourself bticointakl.org/index.php?board=83.0

This is a scammer, trying to harvest Bitcointalk forum's logins & passwords. We should act immediately - perhaps an automatic external linking protection (like youtube) or tagging algorithm adding extra description to every outgoing link (like slashdot) should be added to the forum.

Algorithm such as this is easy to write and will save many noobs and people who misclick and don't read website URL's.

Also: Somebody please ban this motherfucker (and others like him) before they do a lot of harm.

The Bitcoin Forum is turning 10 years old! Join the community in sharing and exploring the notable posts made over the years.
whitemage
Full Member
***
Offline Offline

Activity: 214
Merit: 100


View Profile
November 17, 2013, 12:54:08 PM
 #2

Look at the PM I just received :

WARNING FOR NOOBS: DO NOT CLICK THAT LINK BELOW !
Be careful where you mine and exchange bitcoins for money. Most mining pools are a scam, bitcoin exchanges too(they will hold your money for months), look in the scammers section and see for yourself bticointakl.org/index.php?board=83.0

This is a scammer, trying to harvest Bitcointalk forum's logins & passwords. We should act immediately - perhaps an automatic external linking protection (like youtube) or tagging algorithm adding extra description to every outgoing link (like slashdot) should be added to the forum.

Algorithm such as this is easy to write and will save many noobs and people who misclick and don't read website URL's.

Also: Somebody please ban this motherfucker (and others like him) before they do a lot of harm.

Opps, that sucks.. I just realise the website isn't bitcointalk....

ShadowOfHarbringer
Legendary
*
Offline Offline

Activity: 1470
Merit: 1002


Bringing Legendary Har® to you since 1952


View Profile
November 17, 2013, 12:57:03 PM
 #3

Opps, that sucks.. I just realise the website isn't bitcointalk....
Yep, it's that easy to get scammed.

One misclick and your account is fucked (then scammer can use your verified & trusted account to send even more scammy PMs).

dooglus
Legendary
*
Offline Offline

Activity: 2758
Merit: 1210



View Profile
November 17, 2013, 07:18:41 PM
 #4

Yep, it's that easy to get scammed.

One misclick and your account is fucked (then scammer can use your verified & trusted account to send even more scammy PMs).

I got the same PM.  Left negative feedback.

What's weird is he's smart enough to realise you can set the link's target to be different than the link text, but then uses the ugly bticointakl domain in the text.  You could fix that to look like a real bitcointalk link and still have the link target go to the scam site.

Just-Dice                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   Play or Invest                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   1% House Edge
jackjack
Legendary
*
Offline Offline

Activity: 1134
Merit: 1025


May Bitcoin be touched by his Noodly Appendage


View Profile
November 17, 2013, 07:35:21 PM
 #5

Always check ten times before clicking a link

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
devthedev
Legendary
*
Offline Offline

Activity: 1036
Merit: 1000



View Profile
November 22, 2013, 06:48:20 PM
 #6

Always check ten times before clicking a link

Eleven times is even better! You can never be too careful on the forum.

edd
Donator
Legendary
*
Offline Offline

Activity: 1414
Merit: 1001



View Profile WWW
November 22, 2013, 06:53:51 PM
 #7

Always check ten times before clicking a link

Eleven times is even better!

That's why mine go up to eleven:


Still around.
Remember remember the 5th of November
Legendary
*
Offline Offline

Activity: 1862
Merit: 1002

Reverse engineer from time to time


View Profile
November 22, 2013, 10:31:09 PM
 #8

Always check ten times before clicking a link

Eleven times is even better!

That's why mine go up to eleven:


I am going to guess and say this is from Back in the Future  Grin

BTC:1AiCRMxgf1ptVQwx6hDuKMu4f7F27QmJC2
jimmijames73
Hero Member
*****
Offline Offline

Activity: 504
Merit: 500


View Profile
November 22, 2013, 10:53:11 PM
 #9

Always check ten times before clicking a link

Eleven times is even better!

That's why mine go up to eleven:


I am going to guess and say this is from Back in the Future  Grin

No it is from This is Spinal Tap:

http://www.youtube.com/watch?v=NrVCjnRdB_k&sns=em
fishy
Sr. Member
****
Offline Offline

Activity: 476
Merit: 250


What do you call a fish with no eyes? A Fsh!


View Profile
November 22, 2013, 11:07:42 PM
 #10

What happens when you click it?  I'm scared...

\   \  \ \\\\\\\\\\\\\\\\◥◣◢◤//////////////// /  /   /
Win88.me ❖ Fair, Trusted Online BTC Gambling ❖
/   /  / ////////////////◢◤◥◣\\\\\\\\\\\\\\\\ \  \   \
BadBear
v2.0
Legendary
*
Offline Offline

Activity: 1652
Merit: 1025



View Profile WWW
November 22, 2013, 11:23:40 PM
 #11

It takes you to a login screen that looks like this forum, so they can get your name and password.

1Kz25jm6pjNTaz8bFezEYUeBYfEtpjuKRG | PGP: B5797C4F

Tired of annoying signature ads? Ad block for signatures
Mondy
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
November 23, 2013, 12:36:29 AM
 #12

Yep, it's that easy to get scammed.

One misclick and your account is fucked (then scammer can use your verified & trusted account to send even more scammy PMs).

I got the same PM.  Left negative feedback.

What's weird is he's smart enough to realise you can set the link's target to be different than the link text, but then uses the ugly bticointakl domain in the text.  You could fix that to look like a real bitcointalk link and still have the link target go to the scam site.

Thank you! lets keep the forum safe

ShadowOfHarbringer
Legendary
*
Offline Offline

Activity: 1470
Merit: 1002


Bringing Legendary Har® to you since 1952


View Profile
November 23, 2013, 09:09:47 AM
 #13

It takes you to a login screen that looks like this forum, so they can get your name and password.
Honourable member of Staff, we welcome you !
Any idea if we could have outgoing link verification on these forums ? (You know, it would really help to mitigate attacks like this one)

jackjack
Legendary
*
Offline Offline

Activity: 1134
Merit: 1025


May Bitcoin be touched by his Noodly Appendage


View Profile
November 23, 2013, 11:12:38 AM
 #14

Maybe put a warning next to links from forum users with activity<60 (or 90 or whatever)

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
whiskers75
Hero Member
*****
Offline Offline

Activity: 658
Merit: 500


Doesn't use these forums that often.


View Profile
November 23, 2013, 03:47:37 PM
 #15

Maybe put a warning next to links from forum users with activity<60 (or 90 or whatever)
* whiskers75 looks at jackjack with his fancy BT++ script.

Elastic.pw Elastic - The Decentralized Supercomputer
ELASTIC ANNOUNCEMENT THREAD | ELASTIC SLACK | ELASTIC FORUM
pekv2
Hero Member
*****
Offline Offline

Activity: 770
Merit: 502



View Profile
November 24, 2013, 03:08:37 AM
 #16

Be cautious of all links. I've got into a strong habit, of right clicking links and copy link location, open new tab, paste in urlbar, view the pasted link location in whole. Something I should add to my stay safe link in my sig. Edited: Added to stay safe thread.
deepceleron
Legendary
*
Offline Offline

Activity: 1512
Merit: 1000



View Profile WWW
November 24, 2013, 04:20:14 AM
 #17

The correct response is to destroy the account and every post and IP ban the entire /24 or /16 of a person posting phishing links on the very first instance. Then report the domain for the impersonation and get it taken over and handed to the forum. Then get law enforcement involved, a single login to the forum with a stolen account is a violation of the federal computer abuse act.
jackjack
Legendary
*
Offline Offline

Activity: 1134
Merit: 1025


May Bitcoin be touched by his Noodly Appendage


View Profile
November 24, 2013, 01:16:55 PM
Last edit: November 24, 2013, 01:54:00 PM by jackjack
 #18

The correct response is to destroy the account and every post and IP ban the entire /24 or /16 of a person posting phishing links on the very first instance. Then report the domain for the impersonation and get it taken over and handed to the forum. Then get law enforcement involved, a single login to the forum with a stolen account is a violation of the federal computer abuse act.
Then follow the policemen when they go get him in order to take care of his knees with a chainsaw

Maybe put a warning next to links from forum users with activity<60 (or 90 or whatever)
* whiskers75 looks at jackjack with his fancy BT++ script.
Hmm yeah that would be a good feature until theymos makes something official
It's done, that makes something like this:
Quote
Look at this thread!! http://bitcniotakl.zorg [Domain=bitcniotakl.zorg]
Looks like theymos changed the url rules

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!