Bitcoin Forum
August 22, 2019, 05:12:17 PM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Poll
Question: Should there be an option to get an e-mail notification upon logging in
Yes - 18 (94.7%)
No - 1 (5.3%)
Total Voters: 19

Pages: « 1 2 [3]  All
  Print  
Author Topic: Create an option to get an e-mail notification someone logs in  (Read 749 times)
erikalui
Legendary
*
Offline Offline

Activity: 1736
Merit: 1051



View Profile WWW
June 06, 2019, 09:17:20 AM
 #41

It's tricky to get email notifications right so that they're not too spammy. Maybe later.

For now, I added this page where you can see your IP logs for the past 30 days: https://bitcointalk.org/myips.php . You could pretty easily write a userscript to periodically check this and warn you if it's weird. (But don't scrape it on every pageload.)

I don't want to make older IP logs automatically accessible because that'd give a hacker a bunch of useful/sensitive information. But 30 days is probably not too harmful.

I can see my log now but it's mainly Unknown city and unknown country and plus today my logs don't show an IP address at all.




.




  ▄▄▄▄▄▄▄▄▄▄▄▄▄
▄████████▀▀▀▀███▄
███████▀     ████
███████   ███████
█████        ████
███████   ███████
▀██████   ██████▀
  ▀▀▀▀▀   ▀▀▀▀▀

  ▄▄▄▄▄▄▄▄▄▄▄▄▄
▄██▀▀▀▀▀▀▀▀▀▀▀██▄
██    ▄▄▄▄▄ ▀  ██
██   █▀   ▀█   ██
██   █▄   ▄█   ██
██    ▀▀▀▀▀    ██
▀██▄▄▄▄▄▄▄▄▄▄▄██▀
  ▀▀▀▀▀▀▀▀▀▀▀▀▀

            ▄▄▄
█▄▄      ████████▄
 █████▄▄████████▌
▀██████████████▌
  █████████████
  ▀██████████▀
   ▄▄██████▀
    ▀▀▀▀▀

    ██  ██
  ███████████▄
    ██      ▀█
    ██▄▄▄▄▄▄█▀
    ██▀▀▀▀▀▀█▄
    ██      ▄█
  ███████████▀
    ██  ██




               ▄
       ▄  ▄█▄ ▀█▀      ▄
      ▀█▀  ▀   ▄  ▄█▄ ▀█▀
███▄▄▄        ▀█▀  ▀     ▄▄▄███       ▐█▄    ▄█▌   ▐█▌   █▄    ▐█▌   ████████   █████▄     ██    ▄█████▄▄   ▐█████▌
████████▄▄           ▄▄████████       ▐███▄▄███▌   ▐█▌   ███▄  ▐█▌      ██      █▌  ▀██    ██   ▄██▀   ▀▀   ▐█
███████████▄       ▄███████████       ▐█▌▀██▀▐█▌   ▐█▌   ██▀██▄▐█▌      ██      █▌   ▐█▌   ██   ██          ▐█████▌
 ████████████     ████████████        ▐█▌    ▐█▌   ▐█▌   ██  ▀███▌      ██      █▌  ▄██    ██   ▀██▄   ▄▄   ▐█
  ████████████   ████████████         ▐█▌    ▐█▌   ▐█▌   ██    ▀█▌      ██      █████▀     ██    ▀█████▀▀   ▐█████▌
   ▀███████████ ███████████▀
     ▀███████████████████▀
        ▀▀▀█████████▀▀▀
FIND OUT MORE AT MINTDICE.COM
1566493937
Hero Member
*
Offline Offline

Posts: 1566493937

View Profile Personal Message (Offline)

Ignore
1566493937
Reply with quote  #2

1566493937
Report to moderator
1566493937
Hero Member
*
Offline Offline

Posts: 1566493937

View Profile Personal Message (Offline)

Ignore
1566493937
Reply with quote  #2

1566493937
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
o_e_l_e_o
Hero Member
*****
Offline Offline

Activity: 658
Merit: 2552



View Profile
June 06, 2019, 09:34:16 AM
 #42

I have been logging from various locations, but some are definitely out of my recognised range.
Country is the same, but very strange IP locations popping out here and there.
If you browse on mobile, your IP assigned to you by your carrier can frequently change, and may not always be geographically accurate. The best way to check is to see what your IP is on your mobile, and check it directly against your logs.

As someone who always connects via a VPN, I'll need to build a small database of all the VPN servers I use and their public IPs, and then cross reference that against my logs periodically to be completely sure, but there's nothing I can see at the moment that stands out at me.

darklus123
Hero Member
*****
Offline Offline

Activity: 1092
Merit: 580


LocalEthereum.com


View Profile
June 06, 2019, 09:57:52 AM
 #43

Quote from: fillippone link=topic=5150936.msg51368311#msg51368311
The log looks suspicious,
I have been logging from various locations, but some are definitely out of my recognised range.
Country is the same, but very strange IP locations popping out here and there.
I am going to change my password anyway.
This is the minimum required action.
But anyway this log need some double checking.


That is because of your service provider. I am not so sure if that is because they are using the Ip from the towers you are at.

Just like in the philippines the service provider just really sucks. You might even get similar IP from other people who uses the same service.

As long as you can recognize the date youve log in. I think thats just fine

████
████
████
████
████          
████             █████████▄
████           ██████████████
████          ██████     ██████
████         ██████       █████
██████████████████████████████
█████████████████████████████▀
              ██████▄
               ██████████████
                 ████████████
  LocalEthereum    50+ Ways To Buy & Sell Ethereum (ETH)   ▄████████████████████▄
██████████████████████
██████████████████████
██████▀▀██████████████
████▀░░░░▀████████████
███▀░░▄▄░░░░░░░░░░████
███▄░░▀▀░░▄▄░░▄▄░░████
████▄░░░░▄██▄▄██▄▄████
██████▄▄██████████████
██████████████████████
██████████████████████
▀████████████████████▀
▄████████████████████▄
██████████████████████
██████████████████████
█████░░▀▀░░░░▀▀░░█████
█████░░░░░░░░░▄░░█████
█████▄░░░░░░▄▀░░▄█████
██████░░░▀▄▀░░░░██████
███████░░░░░░░░███████
████████░░░░░░████████
█████████▄░░▄█████████
██████████████████████
▀████████████████████▀
No verificationsNon-Custodial
Built-in Escrow   ● External Wallet Integration
madnessteat
Sr. Member
****
Offline Offline

Activity: 518
Merit: 439



View Profile
June 06, 2019, 08:23:22 PM
Last edit: June 06, 2019, 08:49:08 PM by madnessteat
 #44

I think that this innovation (https://bitcointalk.org/myips.php) can create an anonymous threat to users who do not use all sorts of anonymizers (using a static IP address). For example if a hacker were to gain access to a user account they could be restored by a signed message but the anonymity of the user would be compromised. In my opinion this is a call to use VPN services. Am I right?


███████████████████████████████████████████
███████████████████████████████████████████
███████████████████████████████████████████
'''''''''''''''''''''''''''''Z█████████
                          _o█████████
                        ,d████████
                      ,d████████
                     █████████
███████████████████████████
█████████████████████████
███████████████████████
          ███████████
        ,d████████
      ,█████████
   _o█████████
  d█████████
███████████████████████████████████████████
███████████████████████████████████████████
███████████████████████████████████████████

▄▄▄██████▄▄▄
▄▄████████████████▄▄
▄█████▀▀        ▀▀█████▄
████▀                ▀████
███▀    ▄▄▄▄▄▄▄▄▄       ▀███
███      █   ▄▄ █▀▄        ███
██▀      █  ███ █  ▀▄      ▀██
███       █   ▀▀ ▀▀▀▀█       ███
███       █  ▄▄▄▄▄▄  █       ███
███       █  ▄▄▄▄▄▄  █       ███
██▄      █  ▄▄▄▄▄▄  █      ▄██
███      █          █      ███
███▄    ▀▀▀▀▀▀▀▀▀▀▀▀    ▄███
████▄                ▄████
▀█████▄▄        ▄▄█████▀
▀▀████████████████▀▀
▀▀▀██████▀▀▀

◾ 0%  trading  FEE
Zooom

Ex

CRYPTO
EXCHANGE
......
  BITCOINTALK                                 

[ A N N ]

[ B O U N T Y ]
......
......
......
......███





███
███████████████████████████████████

TRADE NOW

███████████████████████████████████
███
  █
  █
  █
  █
  █
███
motienvolam
Member
**
Offline Offline

Activity: 292
Merit: 20

I love my wife and my little girl


View Profile
June 06, 2019, 11:03:38 PM
 #45

I think that this innovation (https://bitcointalk.org/myips.php) can create an anonymous threat to users who do not use all sorts of anonymizers (using a static IP address). For example if a hacker were to gain access to a user account they could be restored by a signed message but the anonymity of the user would be compromised. In my opinion this is a call to use VPN services. Am I right?
How do hackers sign a message? Can you explain more about it, please. In my opinion, if real owners already signed a message previously before their accounts hacked. When they want to get accounts back, they have to sign another message with the same address. Hackers mostly can not have access to address used to sign message before. Personally, I think IPs show in that page only help users to discover strange IPs in their accounts' IP list, then if needed, they can change passwords of their accounts to have better security. It is just a preventive protectioin for users.
If accounts really hacked, real users can get their accounts back if they can show good proofs required in recovery process.
madnessteat
Sr. Member
****
Offline Offline

Activity: 518
Merit: 439



View Profile
June 07, 2019, 04:42:47 AM
Merited by DdmrDdmr (2)
 #46

~snip~

I'm sorry. I understand that this is done for personal monitoring of IP addresses. I probably made a mistake because I still don't speak English well. I meant that if a hacker gets access to the account, he will be able to find out the IP address belonging to the owner of the account.



███████████████████████████████████████████
███████████████████████████████████████████
███████████████████████████████████████████
'''''''''''''''''''''''''''''Z█████████
                          _o█████████
                        ,d████████
                      ,d████████
                     █████████
███████████████████████████
█████████████████████████
███████████████████████
          ███████████
        ,d████████
      ,█████████
   _o█████████
  d█████████
███████████████████████████████████████████
███████████████████████████████████████████
███████████████████████████████████████████

▄▄▄██████▄▄▄
▄▄████████████████▄▄
▄█████▀▀        ▀▀█████▄
████▀                ▀████
███▀    ▄▄▄▄▄▄▄▄▄       ▀███
███      █   ▄▄ █▀▄        ███
██▀      █  ███ █  ▀▄      ▀██
███       █   ▀▀ ▀▀▀▀█       ███
███       █  ▄▄▄▄▄▄  █       ███
███       █  ▄▄▄▄▄▄  █       ███
██▄      █  ▄▄▄▄▄▄  █      ▄██
███      █          █      ███
███▄    ▀▀▀▀▀▀▀▀▀▀▀▀    ▄███
████▄                ▄████
▀█████▄▄        ▄▄█████▀
▀▀████████████████▀▀
▀▀▀██████▀▀▀

◾ 0%  trading  FEE
Zooom

Ex

CRYPTO
EXCHANGE
......
  BITCOINTALK                                 

[ A N N ]

[ B O U N T Y ]
......
......
......
......███





███
███████████████████████████████████

TRADE NOW

███████████████████████████████████
███
  █
  █
  █
  █
  █
███
kenzawak
Hero Member
*****
Offline Offline

Activity: 658
Merit: 850



View Profile
June 07, 2019, 10:05:32 AM
Last edit: June 07, 2019, 10:54:07 AM by kenzawak
 #47

Hi everyone,

As you can imagine, I've been very busy the last three days trying to figure this thing out and improving my security here.
For those who don't know, I'm the OP of the thread that led to all this.

If I had any idea how I got hacked, I would share it, really. I haven't kept anything to myself in the other thread.
I was told hacking from a public wifi wasn't easy to do. I honestly don't know if it is or not. I don't know what can be done and how.

It seems that only my account here was compromised. Other accounts (bank, emails, wallets, exchanges...) seem ok.
That reinforces the idea that I was targeted because of my rep here.
So maybe, it comes from a phishing link or a malware that I would have downloaded here ? Even though I don't see myself doing it, I might have clicked the wrong thing, honestly I don't know.  Huh

I've been using my wife's laptop for the past three days and I formatted my PC. The last IP logs (thank you Theymos for that) match so it looks safe . I'll definitely check on those very often.

I'm just a regular guy, definitely no tech expert. I apply basic recommendations, never thought this could happen to me and yet it did. I don't think anyone can say they're 100% safe.

These are my last IP logs. The ones in France match. Maybe you guys should check your own logs to see if any of those IPs shows up in them.

asche
Hero Member
*****
Offline Offline

Activity: 602
Merit: 701


I forgot more than you will ever know.


View Profile
June 07, 2019, 11:09:50 AM
 #48

As I proposed a few days ago in the thread mentioned in OP by bones, the smartest way to implement this would be sending an email either

  • Connection from a new ip, which you need to validate in the email
  • Or, connection from a different geographical region, which you could also validate through a link sent to you

Of course this would have to be an opt in option since some people might have used dispensable email accounts to create their account here.

However maybe this could be enforced and encourage people to change their email address to one they actually have access to.

kenzawak
Hero Member
*****
Offline Offline

Activity: 658
Merit: 850



View Profile
June 07, 2019, 11:15:23 AM
 #49

Maybe just have a visible statistics of sent messages per day/week/month instead of notifications, like
Messages sent today 0.  I don't know where it could be placed but should be on a easy-to-spot place.

I like this idea as well, not sure if it's doable though.
r1s2g3
Sr. Member
****
Offline Offline

Activity: 630
Merit: 387


I am alive but in hibernation.


View Profile
June 08, 2019, 03:24:10 PM
 #50

I am not liking the idea of ip log that is getting shared. The best way is 2FA and we are creating another complex solution that is not going to solve the problem.

What if , if hacker is also in same city?

.
Game that
pays for
Playing











A
blockchain
based game
Ask me anything
about the game
in Bitcointalk.











A game
that recognize
your ownership
Join the
exciting game
of splinterlands











              ▄▄▄▄▄▄██████▄▄▄▄▄▄
          ▄▄██████████████████████▄▄
        ███████▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀███████
     ████████▌    ▄▄▄▄▄▄▄▄    ▐████████
   ▄██████████▌  █████ ▀ ▀███  ▐██████████▄
  ▐███████████▌ ████▄▄ ██ ▐███ ▐███████████▌
  ████████████▌▐█████     ████▌▐████████████
 █████████████▌ ███▄▄ ██ ▐████ ▐█████████████
 █████████████▌  ███    ▄████  ▐█████████████
██████████████▌    ▀▀▀▀▀▀▀▀    ▐██████████████
██████████████████████████████████████████████
▀████████████████████████████████████████████▀
   ▐██████████████████████████████████████▌
   ▐█████████████▀▀▀▀▀▀▀▀▀▀▀▀█████████████▌
    ▀▀██████▀▀                  ▀▀██████▀▀
asche
Hero Member
*****
Offline Offline

Activity: 602
Merit: 701


I forgot more than you will ever know.


View Profile
June 08, 2019, 03:43:29 PM
 #51

2FA can be and has been breached before.

Accessing iplogs IS a security feature as long as it is private to the user only.

So is a notification when a log in happens.

Both features exist on most secured websites like exchanges. I don't see how this would weaken the security of your forum account.

Pages: « 1 2 [3]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!