Bitcoin Forum
December 13, 2024, 09:03:13 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: ip: 46.38.62.225 - Coin Stealer  (Read 1020 times)
theonegilly (OP)
Member
**
Offline Offline

Activity: 106
Merit: 10

Your Pool Your Way - Admin


View Profile
March 14, 2014, 06:30:45 PM
 #1

Hello,

the coin stealers ip: 46.38.62.225 (Russia)

I have notifications for all my mpos accounts and my BTC-e account all come through today about logins... thankfully i didn't have any coins on any of them but its just a warning to everyone.

Im changing all my passwords as i type so i recommend you all do the same.

[Multi-Coin][Auto-Switch] Your Pool Your Way - http://yourpoolyourway.eu
roslinpl
Legendary
*
Offline Offline

Activity: 2212
Merit: 1199


View Profile WWW
March 14, 2014, 10:47:38 PM
 #2

Well thanks for letting us know.

Can you tell us something more about it?

Some more details?
theonegilly (OP)
Member
**
Offline Offline

Activity: 106
Merit: 10

Your Pool Your Way - Admin


View Profile
March 15, 2014, 10:35:33 AM
 #3

Well i have no idea where this dude got my user and password... but i assume it must be from a Mpos pool that doesn't encrypt passwords :l

This was the email i recieved from BTC-E

Successful authorization.

Login: theonegilly
IP: 46.38.62.225
Date and time: 13.03.14 19:36


And ive got logins for all 3 of my altcoins.pw pools. ( for users of my pools - NOTHING was compromised - everything on the pool requires you to confirm changes via email before anything happens.)

Your account has successfully logged in

User: theonegilly

IP: 46.38.62.225

Time: 03/13/14 19:40:52

If you initiated this login, you can ignore this message. If you did NOT, please notify an administrator.



[Multi-Coin][Auto-Switch] Your Pool Your Way - http://yourpoolyourway.eu
Remember remember the 5th of November
Legendary
*
Offline Offline

Activity: 1862
Merit: 1011

Reverse engineer from time to time


View Profile
March 15, 2014, 11:07:06 PM
 #4

This is EXACTLY why you should use a different random password for each and every pool and any other website. I've long known some don't encrypt the passwords for the exact reason of phishing them.

BTC:1AiCRMxgf1ptVQwx6hDuKMu4f7F27QmJC2
Xch4ng3
Hero Member
*****
Offline Offline

Activity: 661
Merit: 502



View Profile WWW
March 16, 2014, 01:50:40 AM
 #5

This is EXACTLY why you should use a different random password for each and every pool and any other website. I've long known some don't encrypt the passwords for the exact reason of phishing them.

Very good point. Also using unique passwords in conjunction with something like LastPass/Keepass avoids scenarios where databases get leaked and attackers will use that combination on other sites.

http://whatismyipaddress.com/ip/46.38.62.225

The IP address above belongs to a VPS node in Russia and the ISP has been known to host malicious content, whether or not it may be intentionally allowed by the owner is questionable but doesn't change the fact that the host is used to serve and facilitate in less than kosher activities.

Sources:

Query on IP
Query on host company
Forum post
MyWOT report

[AUTOBUY] [CHEAP] $2 Account Shop -> https://bitcointalk.org/index.php?topic=4611147
dangerkid
Newbie
*
Offline Offline

Activity: 33
Merit: 0


View Profile
March 16, 2014, 02:09:20 PM
 #6

lesson learned. for different accounts use different password. you are lucky that you did not learn this lesson the hard way. the intruder could easily wipe out all of your accounts.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!