Bitcoin Forum
August 23, 2019, 07:59:01 AM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: « 1 [2]  All
  Print  
Author Topic: New Phishing Link Going Around  (Read 2425 times)
Bitcoins101
Hero Member
*****
Offline Offline

Activity: 602
Merit: 500


View Profile
September 14, 2014, 01:35:29 PM
 #21

Phisher is probably thinking he caught a big one..


 Cheesy . What you got after logging in? Redirecting to BT?

  ~~MZ~~

Yep, redirects right back to the real site under the link that is in the OP. 
1566547141
Hero Member
*
Offline Offline

Posts: 1566547141

View Profile Personal Message (Offline)

Ignore
1566547141
Reply with quote  #2

1566547141
Report to moderator
1566547141
Hero Member
*
Offline Offline

Posts: 1566547141

View Profile Personal Message (Offline)

Ignore
1566547141
Reply with quote  #2

1566547141
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1566547141
Hero Member
*
Offline Offline

Posts: 1566547141

View Profile Personal Message (Offline)

Ignore
1566547141
Reply with quote  #2

1566547141
Report to moderator
acs267
Hero Member
*****
Offline Offline

Activity: 672
Merit: 500



View Profile
September 14, 2014, 02:22:33 PM
 #22

OP: remove the hyperlink in the top post.. I was about to click it..

It's a phishing link. You'll be fine as long as you don't enter your username or password. But you can basically enter in a random or fake one. I didn't remove all of the link, because, I'm pretty sure they all have the same topic start number. 654845.

Anyway, you could basically click away, and even sit on the link and nothing will happen but a discouraged person, looking at the hundreds accounts with 'theymos' or 'satoshi' as their username.
Nullu
Hero Member
*****
Offline Offline

Activity: 532
Merit: 500


View Profile
September 14, 2014, 02:40:21 PM
 #23

Bombard the site with fake username and passwords.

BTC - 14kYyhhWZwSJFHAjNTtyhRVSu157nE92gF
Bitcoins101
Hero Member
*****
Offline Offline

Activity: 602
Merit: 500


View Profile
September 14, 2014, 03:21:41 PM
 #24

Bombard the site with fake username and passwords.
Someone could set up a script to do it.  Cheesy
NoirSuccubus
Full Member
***
Offline Offline

Activity: 203
Merit: 106


View Profile
September 14, 2014, 03:52:07 PM
 #25

I got one from p3tmacter

This guy is registering hordes of new accounts for the purpose of phishing peoples accounts. Look at the new members list and you'll find a bunch. I just went through the first 2 pages of the bitcointalk member list, these are only a few hours old.

NEMmaster
NEMxtester
EspoNem
nemeconomy
utopian-nem
nem-team
nemutopian
p3tnaster
nemxt
nem-xterster


You can see the members list here listed from new to old.
https://bitcointalk.org/index.php?action=mlist;sort=registered;start=0;desc
There's probably much more.

acs267
Hero Member
*****
Offline Offline

Activity: 672
Merit: 500



View Profile
September 14, 2014, 03:57:38 PM
 #26

I got one from p3tmacter

This guy is registering hordes of new accounts for the purpose of phishing peoples accounts. Look at the new members list and you'll find a bunch. I just went through the first 2 pages of the bitcointalk member list, these are only a few hours old.

NEMmaster
NEMxtester
EspoNem
nemeconomy
utopian-nem
nem-team
nemutopian
p3tnaster
nemxt
nem-xterster


You can see the members list here listed from new to old.
https://bitcointalk.org/index.php?action=mlist;sort=registered;start=0;desc
There's probably much more.

I don't get it - why are they doing it? Is it to give NEM a bad name, or to show ill fitted strength? It's bizarre to me. Not to mention, they bragged about the thought of them going to hack acounts. 
theymos
Administrator
Legendary
*
Offline Offline

Activity: 3486
Merit: 6055


View Profile
September 14, 2014, 06:19:48 PM
 #27

I deleted the spam PMs and banned all of the users and IPs sending them.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
EvilDave
Hero Member
*****
Offline Offline

Activity: 854
Merit: 1000



View Profile
September 14, 2014, 09:31:27 PM
 #28

Good work, mate. +1

Nulli Dei, nulli Reges, solum NXT
Love your money: www.nxt.org  www.ardorplatform.org
www.nxter.org  www.nxtfoundation.org
ForgottenPassword
Full Member
***
Offline Offline

Activity: 154
Merit: 100


View Profile
September 14, 2014, 09:56:40 PM
 #29

I deleted the spam PMs and banned all of the users and IPs sending them.

The source on the phishing website contains the following:
Code:
<title>Login</title><!--368ef74f52681c46ec130f3d13d9f239ea78ffb6c1718a5e8bda35ea3af8626a1c46ec130f3d13d9f239ea78ffb6c171138a3f3d4e7f8f4069051c46ec130f3d13d9f239ea78ffb6c171faa6-->

Is that last piece a session ID?

Maybe you could take a look at the logs and find out what IP was using that session ID.

It also looks like the phishing site is including style sheets from bitcointalk.org. You could set up the server to send a modified stylesheet that has a warning message added when it is requested by the phishing domain in order to warn people it is a phishing website.

I have private messages disabled. Send me an email instead. My contact details can be found here.

Tip Address: 13Lwo1hK5smoBpFWxmqeKSL52EvN8U7asX
jackjack
Legendary
*
Offline Offline

Activity: 1134
Merit: 1023


May Bitcoin be touched by his Noodly Appendage


View Profile
September 14, 2014, 10:16:18 PM
 #30

I deleted the spam PMs and banned all of the users and IPs sending them.

The source on the phishing website contains the following:
Code:
<title>Login</title><!--368ef74f52681c46ec130f3d13d9f239ea78ffb6c1718a5e8bda35ea3af8626a1c46ec130f3d13d9f239ea78ffb6c171138a3f3d4e7f8f4069051c46ec130f3d13d9f239ea78ffb6c171faa6-->

Is that last piece a session ID?

Maybe you could take a look at the logs and find out what IP was using that session ID.

It also looks like the phishing site is including style sheets from bitcointalk.org. You could set up the server to send a modified stylesheet that has a warning message added when it is requested by the phishing domain in order to warn people it is a phishing website.

Good ideas

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
mik3
Full Member
***
Offline Offline

Activity: 249
Merit: 104


View Profile
September 15, 2014, 04:05:41 AM
 #31

GUYS report them to their registrar so they remove the site ASAP.

Send an email to  abuse@internet.bs  with a link to this thread and an explanation.
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!