Bitcoin Forum
October 23, 2018, 02:51:32 PM *
News: Make sure you are not using versions of Bitcoin Core other than 0.17.0 [Torrent], 0.16.3, 0.15.2, or 0.14.3. More info.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: [Security tips]Someone Just tried to reset my password  (Read 165 times)
mdayonliner
Sr. Member
****
Offline Offline

Activity: 322
Merit: 297

Loading... & http://bit.ly/reLoaded_


View Profile
July 30, 2018, 01:49:35 PM
 #1

Whoever you are, trying to get my account please go away... Now my password is stronger then ever FYI. This is what happened few minutes ago.

I received an email...




Meaning someone was trying to reset my password.

IP location locates me in Saudi Arabia



Here is the procedure, if I click the link on my email then it will ask me to set a new password. I do not see how this will benefit the one who requested the password change. Is there any possible way for him/her?

Anyway, this is what I am having in mind... always check the IP location for this kind of sensitive security change even if you are doing by yourself. If you don't see the IP is yours then do not click the link.

1540306292
Hero Member
*
Offline Offline

Posts: 1540306292

View Profile Personal Message (Offline)

Ignore
1540306292
Reply with quote  #2

1540306292
Report to moderator
1540306292
Hero Member
*
Offline Offline

Posts: 1540306292

View Profile Personal Message (Offline)

Ignore
1540306292
Reply with quote  #2

1540306292
Report to moderator
1540306292
Hero Member
*
Offline Offline

Posts: 1540306292

View Profile Personal Message (Offline)

Ignore
1540306292
Reply with quote  #2

1540306292
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1540306292
Hero Member
*
Offline Offline

Posts: 1540306292

View Profile Personal Message (Offline)

Ignore
1540306292
Reply with quote  #2

1540306292
Report to moderator
1540306292
Hero Member
*
Offline Offline

Posts: 1540306292

View Profile Personal Message (Offline)

Ignore
1540306292
Reply with quote  #2

1540306292
Report to moderator
1540306292
Hero Member
*
Offline Offline

Posts: 1540306292

View Profile Personal Message (Offline)

Ignore
1540306292
Reply with quote  #2

1540306292
Report to moderator
pugman
Legendary
*
Offline Offline

Activity: 1260
Merit: 1300


Sliding in ya DM's be like


View Profile WWW
July 30, 2018, 02:04:54 PM
 #2

People have tried to do that to my account as well, couple of times, I didn't bother much. The security of one's account in this forum is non-existent.

Anybody can try to reset your password. It doesn't mean that they have access to your password. And the IP location is definitely a VPN(I guess).


theymos should actually consider focusing some time on the security, cause I don't see the new forum coming around any soon or at all.

I could list a few to avoid hacks:

- Use email id to login instead of username. 90-95% of the accounts won't be hacked unless there is a loophole to it.

- Bring in 2FA(email or through apps like Google authenticator/Authy etc), of any sort. People won't necessarily lose their privacy.

I think these two should be more than enough for now, there are more things, but at least hope for these to be implemented.

PS: I know adding all this is complicated to SMF, but theymos has paid more than a million dollars to Slickage(the ones who are behind creating the new forum and also helped the merit system to be implemented),so I am sure they can take care of minor security flaws.  Roll Eyes

vphasitha01
Full Member
***
Offline Offline

Activity: 168
Merit: 163


View Profile
July 30, 2018, 02:21:55 PM
 #3

So what would happened if someone wants to change their password by clicking the reset button with the separate IP location where IP was banned by bitcointalk forum. But the initial account registration has been done in a country where IP addresses were not banned by the forum. Do we need to reset the password within the IP addresses where that member got registered at the first place?

Because sometimes I heard some people are saying that reset thing ultimately endup being locked their profiles.
mdayonliner
Sr. Member
****
Offline Offline

Activity: 322
Merit: 297

Loading... & http://bit.ly/reLoaded_


View Profile
July 30, 2018, 02:23:30 PM
 #4

Guys this is scary now!!! I got logged out just a minute ago!!! Anybody is experiencing this?

Sorry for the big bold typo


~
I am really not sure why theymos is so quiet in this security issue. Apparently this logout thinggy stopped my heartbeat for few seconds.


So what would happened if someone wants to change their password by clicking the reset button with the separate IP location where IP was banned by bitcointalk forum. But the initial account registration has been done in a country where IP addresses were not banned by the forum. Do we need to reset the password within the IP addresses where that member got registered at the first place?
You can change your password from any IP, it does not have to be the same when you registered

Quickseller
Copper Member
Legendary
*
Offline Offline

Activity: 1568
Merit: 1186


View Profile WWW
July 30, 2018, 03:20:54 PM
 #5

You were probably logged out by an admin when you posted concerns about the email. The purpose was probably to invalidate the reset email.

3PjXm2XYDKLV5mN3oiKzNTyVvSkqP3ujeq <-- tipping address Advertise here
mdayonliner
Sr. Member
****
Offline Offline

Activity: 322
Merit: 297

Loading... & http://bit.ly/reLoaded_


View Profile
July 30, 2018, 03:54:55 PM
 #6

You were probably logged out by an admin when you posted concerns about the email. The purpose was probably to invalidate the reset email.
This actually can be done but I really have doubt about it. We are witnessing 100s of accounts hacking and stuffs but admin/s are actually very quiet in it. My account is no special for them to be taken care of. But I really hope this is the case.

krishnaverma
Member
**
Offline Offline

Activity: 336
Merit: 57

★Bitvest.io★ Play Plinko or Invest!


View Profile
July 30, 2018, 06:19:53 PM
 #7

There are ways to cause force log out for users. I have read reports for such bug submissions on other sites. I am not saying that such a  bug exists here also but that may be the reason why OP got logged out automatically.

▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬ ★ ★ ★ ★ ★ ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
PLINKO    |7| SLOTS     (+) ROULETTE    ▼ BIT SPINBITVESTPLAY or INVEST ║ ✔ Rainbot  ✔ Happy Hours  ✔ Faucet
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬ ★ ★ ★ ★ ★ ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
Piggy
Hero Member
*****
Offline Offline

Activity: 518
Merit: 923



View Profile WWW
July 31, 2018, 04:59:09 AM
 #8

On the other hand could also be some user with a similar account name, of which he could not remember the username and guessed it wrong.

In any case better to be always alert, in particular while receiving links which "should" point to bitcointalk.

darklus123
Hero Member
*****
Offline Offline

Activity: 798
Merit: 514

http://cryptohorizon.xyz


View Profile
July 31, 2018, 05:07:33 AM
 #9

People have tried to do that to my account as well, couple of times, I didn't bother much. The security of one's account in this forum is non-existent.

Anybody can try to reset your password. It doesn't mean that they have access to your password. And the IP location is definitely a VPN(I guess).


theymos should actually consider focusing some time on the security, cause I don't see the new forum coming around any soon or at all.

I could list a few to avoid hacks:

- Use email id to login instead of username. 90-95% of the accounts won't be hacked unless there is a loophole to it.

- Bring in 2FA(email or through apps like Google authenticator/Authy etc), of any sort. People won't necessarily lose their privacy.

I think these two should be more than enough for now, there are more things, but at least hope for these to be implemented.


I actually discovered this two tips on my own before when someone was also trying to reset my password.  2FA is really a big thing when it comes to security

Quote
PS: I know adding all this is complicated to SMF, but theymos has paid more than a million dollars to Slickage(the ones who are behind creating the new forum and also helped the merit system to be implemented),so I am sure they can take care of minor security flaws.  Roll Eyes

Exactly, I personally don't know this person but if he is a part of this forum then might as well he can put some effort for this community. After all this person is being paid a lot and adding some security features is really not a big thing I guess?

░░░░░░░▄▄▄▄▄▄
░░░░▄██████████▄
░░░██████████████
░░██████▐▌██████
█████░░░░░░░▀█████
██████▄▄░░▄▄░░██████
████████░░▀▀▄██████
████████░░▄▄▄░░█████
██████▀▀░░▀▀▀░░█████
█████░░░░░░░░█████
░░██████▐▌██████
░░░██████████████
░░░░▀██████████▀
░░░░░░░▀▀▀▀▀▀
░░░

                   BitCloak Bitcoin Mixer  
  BTC & BCH | API| MULTIADDRESS| PGP PROOF|  FAST MIX |  ESCROW|  MORE ! 

░░░░░░░▄▄▄▄▄▄
░░░░▄██████████▄
░░░██████████████
░░██████▐▌██████
█████░░░░░░░▀█████
██████▄▄░░▄▄░░██████
████████░░▀▀▄██████
████████░░▄▄▄░░█████
██████▀▀░░▀▀▀░░█████
█████░░░░░░░░█████
░░██████▐▌██████
░░░██████████████
░░░░▀██████████▀
░░░░░░░▀▀▀▀▀▀
░░░

esmanthra
Sr. Member
****
Offline Offline

Activity: 280
Merit: 283


View Profile
July 31, 2018, 06:19:38 AM
 #10

I received an email...

It reminds me of that case. It turned out then that user's PC was compromised by dint of virus which climbed in through the router vulnerability. Afterwards if was supposed that cookie leak also took place. Besides it can be expedient to check the e-mail (though it wasn't involved in the mentioned case, it can be affected in yours).

some people are saying that reset thing ultimately endup being locked their profiles

It concerns only the reset via security question.
mdayonliner
Sr. Member
****
Offline Offline

Activity: 322
Merit: 297

Loading... & http://bit.ly/reLoaded_


View Profile
July 31, 2018, 08:25:07 AM
 #11

Guys this is scary now!!! I got logged out just a minute ago!!! Anybody is experiencing this?

Sorry for the big bold typo
This has been answered by theymos yesterday. Sorry I could not keep up with the updates on this topic....

- If you logout on one session, all of your sessions are logged out.
- When you change your password, your session length is changed to 1 hour, so you will soon be logged out.
This is what I wanted to know. Thanks mate. You are a star!

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!