Account hacks. Do you self-check your account regularly?

[btcsmlcmnr]

Today, I read the topic, in Meta: account lock again part 2. Theymos see pls here!!!! Need help. You can read the whole topic because by now it has lasted only two pages.
The story of the 'hacked' (assume it was really hacked) account is strange. This is my first time I see such ban appeal.

In case that the hack account story is a real one, what members can learn from that and secure their accounts better?

[1] Don't disclosing your IP publicly (in the forum, or somewhere else)
[2] Logging and checking your account activities regularly


[1] Don't disclosing your IP publicly (in the forum, or somewhere else)
This guy disclosed his IP address as a hope to see account unbanned, but it is a bad idea. He only changed his post to xx.xx.xx.xx after warned by @iasenko.

My ip address always xx.xx.xx.xx and not change last 3 year

You can give your IP address to admin or staffs only if they require you to do this. If they don't require, and you want to say that you have one more proof that your account hacked some period in the past by giving the information that your IP address to log in is only one. That's all you should do, raising the kind of proof, and waiting for official requirements from admin or staffs.
Please remember that you should not disclose your IP address to anyone at any place!
Place to update with topic on weaknesses of most router that usually have common password like '12345'. I just read it yesterday, but don't remember where it is. (I still search to find it)
[Guide] Bitcointalk account security

• 1- Using multiple web-browsers on the same machine for different purposes (chrome, waterfox, opera, safari, brave, etc.) For example: one for social media purposes, another for banking / crypto, another one for surfing / researching, other for entertainment and so on. Also make sure to configure them properly installing useful add-ons. Like the following:
• 1.1- Password manager Add-ons like LastPass or KeePass are essential both for storing + generating random combinations of characters, just make sure to setup 2FA as well as never losing access to the associated email.
• 1.2- Ad-blockers will censor most of the annoying ads including scams / phishing pop-ups. uBlock Origin is the best.
• 1.3- Disconnect add-on is great for saving time + bandwidth by blocking 3rd party scripts used for social media metrics, advertising, analytics, etc. Also enhances privacy.
• 1.4- Privacy Badger add-on blocks all those undesirable trackers that let others monitor your activity.
• 1.5- EtherAddressLookup is a must for crypto enthusiasts, it performs an automated address lookup as well as warns you against blacklisted domains. it prevents you against phishing / loosing money.
• 1.6- Running proxy scripts on your browsers is highly recommended because hides your real IP from websites by sending fake headers with anonymous IP addresses. it is easy to setup and gives you peace of mind.
• 1.7- Finally replace your default search engine Google with a more reliable one like Duckduckgo.com. it is private & simplified without Ads fighting to be on top of the results. You will less likely fall into fake sites, with a plus of a more personalized experience. Highly recommended doing this switch.
• 2- Using a VPN (paid or free) in order to prevent man-in-the-middle attacks, specially if your connection is wifi and you carry a laptop, also to prevent / bypass government censorship. There are a lot of services worth trying, just pick one that doesn't keep user logs + accept crypto as payment. Also keep in mind that the free ones are great but much slower: ultrasurf.us & riseup.net
• 3- Incorporate the habit of changing your passwords more often, let say 6 months minimum to 1-2 years max.
• 4- Make backups more often, or make it automated. Be prepared to deal with data-loss and ransomware. Also always keep your sensitive data offline to prevent identity theft.

I'm probably the same. I use a variety of devices, a variety of locations, a variety of connection methods, a variety of VPN servers, and a variety of browsers. I would take a guess at having ~20 different IPs logged against my username.

As others have said, if you are concerned about your IP being logged, either use Tor or a reputable VPN. See https://thatoneprivacysite.net/vpn-section/ if you don't know where to start. Also be aware that if you use Microsoft, Apple, Google, Chrome, Facebook, etc., then a hell of a lot more than just your IP address is being logged.

[2] Logging and checking your account activities regularly
Even you don't post or create topics too often, whenever you log in, you should open your post history or your last topic page to check your account activities.
With the strange situation when hackers hack your accounts, but don't change password, and only use your accounts to write posts or create topics to scam, or spreading malwares, viruses. The second step is helpful for you to discover strange activities of your accounts, that mostly come from hackers.

Lastly, you should secure your account better with Bitcoin signed message.
Stake your bitcoin address here
How to sign a message?!
Someone signed their Ethereum address but you should only sign bitcoin message as proof of your account ownership. Because it is the bitcoin forum, not Ethereum forum, and admin or staffs only (or mostly) accept Bitcoin signed message. You will easier recover your account with bitcoin signed message.

[1715310189]

1715310189

[1715310189]

1715310189

[1715310189]

1715310189

[1715310189]

1715310189

[1715310189]

1715310189

[bob123]

[...]
[1] Don't disclosing your IP publicly (in the forum, or somewhere else)
[...]
Please remember that you should not disclose your IP address to anyone at any place!
[...]

A lot of people are sitting behind a NAT of their ISP.
Disclosing this ip doesn't harm you security-wise since it is not publicly routeable anyway.

Even if you have a routable IP, it is not that necessary to keep your IP private. Any website (including all advertisments, javascripts they are running, etc..) can access/see your IP.
It is necessary to communicate with you.

Any service / software / etc. which you access via the internet does see your IP address (skype, bitcointalk.org, blockchain.com, DNS-server, electrum server, ledger's server, a VPN service provider, etc.. ).

If you don't have any open ports, you don't need to worry much. Set up a firewall properly, and you are fine.

[btcsmlcmnr]

...

How about this one? If you know it or someone is author of the post, please leave link here. Thank you all.

weaknesses of most router that usually have common password like '12345'. I just read it yesterday, but don't remember where it is. (I still search to find it)

[bob123]

...

How about this one? If you know it or someone is author of the post, please leave link here. Thank you all.

weaknesses of most router that usually have common password like '12345'. I just read it yesterday, but don't remember where it is. (I still search to find it)

All half-way new router have a 'random' (not really random, more like derived from the MAC address) password.

But this doesn't matter anyway because router are (or better: should, if not misconfigured) not accessible from the internet.

There was a vulnerability (i think about 1-2 years ago) where some router were accessible from the internet due to a bug in a support protocol which should have been only accessible from the ISP network. This made them accessible from the internet.


The weak password can only be abused when in the same (local) network.. By the way.. passwords can be changed..

[crairezx20]

...

How about this one? If you know it or someone is author of the post, please leave link here. Thank you all.

weaknesses of most router that usually have common password like '12345'. I just read it yesterday, but don't remember where it is. (I still search to find it)

All half-way new router have a 'random' (not really random, more like derived from the MAC address) password.

But this doesn't matter anyway because router are (or better: should, if not misconfigured) not accessible from the internet.

There was a vulnerability (i think about 1-2 years ago) where some router were accessible from the internet due to a bug in a support protocol which should have been only accessible from the ISP network. This made them accessible from the internet.


The weak password can only be abused when in the same (local) network.. By the way.. passwords can be changed..

I think you are talking about a modem from a PLDT the password comes from the end of modem mac address it isn't the same as a router that mostly password are 12345678 or 1234567890.

Honestly, it's not vulnerability you can still access every ISP/modem if the IP still can be scan through the internet that is why every modem has feature like "TCP/UDP PortScan" disabled or Anti-DDOS attack so that no one will find your IP because if they can access it they can enable the SSH of the modem and send a script where they can retrieve the admin password of the ISP to fully control the modem. 

I have a WiMAX experienced before where we can scan all modem except for dead ports and protected ISP and then if the user pass works we can enable the SSH through the web before we can send a script to retrieve the admin password.

That is why always enable DOS feature from the modem to prevent other user accessing your modem or change your public IP daily because if they can access your modem anytime they can remote your PC without knowing.

[coolcoinz]

...

How about this one? If you know it or someone is author of the post, please leave link here. Thank you all.

weaknesses of most router that usually have common password like '12345'. I just read it yesterday, but don't remember where it is. (I still search to find it)

As a matter of fact, my router password and username are both admin. Also, my security camera system login and password is by default 888888. It doesn't really matter since like bob123 said you can't access them from outside the local network. I could technically allow my cameras to go online by opening ports on my router, but I have no need for that. You should really be more concerned by your wifi, since every kid these days knows what a packet sniffer is and how to use it. Weak wifi password can compromise your whole setup in an instant.

[bob123]

~snip~

There is so much wrong information posted.. i don't even know where to start.. anyways..

I think you are talking about a modem from a PLDT the password comes from the end of modem mac address it isn't the same as a router that mostly password are 12345678 or 1234567890.

No, i am talking about standard home router (which includes a modulator/demodulator; basically a standard device almost everyone has at home).

The password itself depends on how the vendor sets it. But most of them simply use the MAC, pass it into a function and get a 'random'-looking password.
But there are definitely some where the password is the same on all devices shipped.. but it doesn't matter anyway.

Honestly, it's not vulnerability you can still access every ISP/modem if the IP still can be scan through the internet that is why every modem has feature like "TCP/UDP PortScan" disabled or Anti-DDOS attack so that no one will find your IP

A port scan is not the same as an IP scan.

When scanning for open ports (TCP/UDP), a lot of packets on different ports are being sent to one host(IP).
Based on the answer you can determine whether the port is open/closed/filtered (for tcp; udp works slightly different).

Anti DoS is to protect you against a Denial of Service. An attacker, again, needs your IP before starting an DoS.

Both has nothing to do with 'that no one will find your IP".


By the way.. there are just about 4.000.000.000 IP's world wide.
This number is low enough to scan EVERY IP. And given the fact that you can reduce that number by focusing on a smaller geo location (than just the whole world), this just gets even easier..

Your IP is nothing private and does NOT have to stay private.

because if they can access it they can enable the SSH

If they already can access it, they don't need SSH.

enable the SSH of the modem and send a script where they can retrieve the admin password

If they are logged in as root via SSH, they do no longer need to retrieve the password.
If they are logged in as unprivileged user, they can NOT retrieve the root password (given there are no privilege escalation vulnerabilities).

retrieve the admin password of the ISP to fully control the modem. 

There is no admin password of the ISP. There is a local administrator. You don't need any passwort from the Internet service provider...

I have a WiMAX experienced before where we can scan all modem except for dead ports and protected ISP

WiMAX is basically 4g. This has nothing to do with a home router.
Also, ISP's are not protected.. the devices itself are (or aren't).

That is why always enable DOS feature from the modem to prevent other user accessing your modem or change your public IP

As mentioned.. Anti DoS does NOT protect against access.. It protects against DoS..

because if they can access your modem anytime they can remote your PC without knowing.

No. That's not true.
Just because someone has access to one device inside of your local network, this does NOT mean that they have access to all devices.


Your post consisted of so much wrong information.
Please research everything before posting here and spreading misinformation.

[o_e_l_e_o]

As a matter of fact, my router password and username are both admin.

Mine as well, but I've turned off logging in to the router even if you are connected to the WiFi. The only way to log in to the router is via a wired ethernet connection, and if an attacker has managed to gain physical access to my router, than I've got much bigger problems to worry about.

If you are really concerned about your router, make sure you have a strong WiFi password, you are using WPA2 (and not WEP), set a strong (and different) admin password, and make sure remote log in/remote management/remote access/whatever it's called on your device is turned off.

[Zedpastin]

If revealing your IP was such a big deal the majority of the internet would be screwed. Every website that you're visiting on the internet is logging your IP address and anyone can run a website. The only thing that they can do is find the approximate location of where this IP address is coming from and it doesn't have any bearing on your identity or security matters. As pointed out the majority of people are sitting behind a NAT that their ISP has given them protecting them from any ill doing. IP addresses can be used in conjunction with other information to be used to identify a person however on their own they are harmless.

[Thirdspace]

[2] Logging and checking your account activities regularly
Even you don't post or create topics too often, whenever you log in, you should open your post history or your last topic page to check your account activities.

logging into your account periodically could also save you from getting locked in the future
accounts with a long period of inactivity sometimes get locked, this was after the 2015 passdb hack
I'm not sure whether it still applies to new accounts, but try to routinely check in within 6 months or less

[Crypto Girl]

[2] Logging and checking your account activities regularly
Even you don't post or create topics too often, whenever you log in, you should open your post history or your last topic page to check your account activities.

logging into your account periodically could also save you from getting locked in the future
accounts with a long period of inactivity sometimes get locked, this was after the 2015 passdb hack
I'm not sure whether it still applies to new accounts, but try to routinely check in within 6 months or less

Not just checking the post activity but should definitely make at least a post every now and then since moderators will mark your account with like resurrect after long inactivity and this should be avoided though.

[Bitcoin_Arena]

Not just checking the post activity but should definitely make at least a post every now and then since moderators will mark your account with like resurrect after long inactivity and this should be avoided though.

Posting shouldn't be an issue thou. Some users don't really love to post much but just like browsing through and reading only.
AFAIK, the warning " This user recently woke up from a long period of inactivity" only happens when one has not logged into the account for a long period and not necessarily because they did not post after long time.

Posting gap becomes an issue only when the user's style changes from the previous posting style after a hiatus and it can actually help assess if the account has been taken over by someone else.

[btcsmlcmnr]

Postgap is just one of things to consider account change hands. There are some things to consider when investigate potential account ownership changes. Just talking about postgap, they maybe come from users themselves when they delete their past bad posts, then postgap spear after cleanup process. In short, postgap is not enough to judge changes of ownership. Poststyle, IP address, email & password changes are other things.

[Ipwich]

As for me I would easily know if my account is hack because I'm online regularly.
Have also stake my address here https://bitcointalk.org/index.php?topic=996318.0, so if ever my account will be hack, I know I have a chance to recover it. I also made sure to bookmark this forum so I will not become a  victim of phishing sites.

[Johnzky]

As for me I would easily know if my account is hack because I'm online regularly.
Have also stake my address here https://bitcointalk.org/index.php?topic=996318.0, so if ever my account will be hack, I know I have a chance to recover it. I also made sure to bookmark this forum so I will not become a  victim of phishing sites.

Not only to bookmark this forum but also all the sites you regularly visited because more phishing site or hacm sites that pretend to be the popular sites from all over internet so for me almost all of the sites that legit is in my bookmarks list

Postgap is just one of things to consider account change hands. There are some things to consider when investigate potential account ownership changes. Just talking about postgap, they maybe come from users themselves when they delete their past bad posts, then postgap spear after cleanup process. In short, postgap is not enough to judge changes of ownership. Poststyle, IP address, email & password changes are other things.

That's also correct mate,because postgaps wasn't enough.proof of hacking because hacks van happen at anytime with no specific chances, my friend got hacked and just the same day the hacker continues to post so there is no gap in history