Bitcointalk mass hacking... Look at seclog now!

Geenstijl

legendary

Activity: 1232

Merit: 1000

Quote from: Coinifyx on January 25, 2019, 11:38:03 AM

Tbh I don't think anyone can bruteforce a recaptcha login even with thousands of attempts

What you see it's only the big farmers of the past taking benefits of free merits

There is a possibility that the forum database dump with password hashes has been leaked. It could easily be bruteforced, especially weak passwords.

Coinifyx

member

Activity: 182

Merit: 10

Personal Text

Tbh I don't think anyone can bruteforce a recaptcha login even with thousands of attempts

What you see it's only the big farmers of the past taking benefits of free merits

proexcept

full member

Activity: 308

Merit: 156

Quote from: EdenHazard on January 04, 2019, 02:50:07 PM

Quote from: mdayonliner on January 04, 2019, 02:30:37 PM

There are 5,895 accounts woke up in last 30 days. The dead accounts waking up always do not mean that they were hacked. Legit user can login to their accounts after long time. I am not sure how long you need to be inactive to have this woke up log for your account.

Not sure I can call it legit, mate .

Quote from: vlom on January 04, 2019, 02:35:38 PM

this mass comeback is really strange.
maybe somebody found an old dump with PWs and all the old are used now.

somebody should find a similarity between all the accounts.
date of registration?
last login before the comeback?

That's what I mean , strange and insane!
I just want to warn everybody here to be more careful with this unusual activity.

I just can't understand how my unique password got hacked , it must be a phising or something but I do aware about that. Or a Keylogger which I do aware about it too.

Sorry, I'm too late, but anyway...
How many and what type of symbols did your hacked password consist of?

seoincorporation

legendary

Activity: 2982

Merit: 2681

Top Crypto Casino

Quote from: EdenHazard on January 04, 2019, 02:21:21 PM

My account was hacked for few secs daaamn yeah they changed my password , luckily there's notification to my email and quickly i changed the bctalk account password and secured everything back!

Any idea about how you account get hacked? Maybe that can help us to avoid that happens to other users? Is weird to get hacked if you have a hard password to brute force, so maybe you know what was the attacking vector. I would appreciate that info.

manfredmann

member

Activity: 518

Merit: 21

Yeah there must be something fishy about it and hopefully mods can explain this. We do not want thos site to be hi jacked by anyone else for we know that a lot of cash flowing through this forum. I can sense there is a hacking activity because OP had almost gets his/her account hack. As we all know that hacked accounts were being sold again in the market place so a lot money could be generated from.this activity.

TryNinja

legendary

Activity: 2758

Merit: 6830

Quote from: lobcmt2 on January 05, 2019, 12:21:20 AM

Quote from: TryNinja on January 04, 2019, 11:28:39 PM

Nope. But you can use BPIP.org to check if a specific user has been mentioned in the seclog since the website is constantly scrapping that page and saving the info.

thank you.
I known that Bpip.org site, but it has likely a bit delay to update real data from the forum (hours delayed).

Code:

Last Parsed

and

Code:

Next Planned Parse

I am not sure, but it is likely that data updates in the site is some hours delayed than what really happened in the forum. I meant it is not real-time data.

That's the info scrapped from the user's profile, which can't be in real time for obvious reasons (there are 229,988 active profiles being scrapped every time).

BPIP is constantly scrapping the seclog page as an independent process and adding the info to each mentioned profile.

lobcmt2

full member

Activity: 462

Merit: 155

Quote from: TryNinja on January 04, 2019, 11:28:39 PM

Nope. But you can use BPIP.org to check if a specific user has been mentioned in the seclog since the website is constantly scrapping that page and saving the info.

thank you.
I known that Bpip.org site, but it has likely a bit delay to update real data from the forum (hours delayed).

Code:

Last Parsed

and

Code:

Next Planned Parse

I am not sure, but it is likely that data updates in the site is some hours delayed than what really happened in the forum. I meant it is not real-time data.

I guess it is almost the same reasons which forced theymos to stop the given basic statistics of the site, right?
The given data dump stopped in middle of December last year.

Quote from: bL4nkcode on January 04, 2019, 11:36:10 PM

Maybe if theymos implement sorting functions there, but I guess it will affect the forum's speed as it will load such immense data from server.

bL4nkcode

copper member

Activity: 2142

Merit: 1305

Limited in number. Limitless in potential.

Quote from: lobcmt2 on January 04, 2019, 11:13:31 PM

"Are there steps to see full data in the seclog page or at least several options like the last week/ last month/ last quarter, and so on ?"

Maybe if theymos implement sorting functions there, but I guess it will affect the forum's speed as it will load such immense data from server.

Quote from: EdenHazard on January 04, 2019, 02:21:21 PM

My account was hacked for few secs daaamn yeah they changed my password , luckily there's notification to my email and quickly i changed the bctalk account password and secured everything back!

Few moments later I figure out what the heck is happening with my account as far as I know I am using very unique password , then i randomly look at the seclog page ... the result is crazy!

There's nothing to do about it, woke up status is different from password changed.

TryNinja

legendary

Activity: 2758

Merit: 6830

Quote from: lobcmt2 on January 04, 2019, 11:13:31 PM

"Are there steps to see full data in the seclog page or at least several options like the last week/ last month/ last quarter, and so on ?"

Nope. But you can use BPIP.org to check if a specific user has been mentioned in the seclog since the website is constantly scrapping that page and saving the info.

lobcmt2

full member

Activity: 462

Merit: 155

Got the required inactive period to have a Woke-up status after being active again. It is a six-month period.

Quote from: petestheman on January 04, 2019, 03:46:25 PM

It pops up if you login after a 6 months time:

Quote from: achow101 on March 27, 2017, 01:34:41 PM

It shows up if a user has logged in with their last login time being at least 6 months ago.

By the way, I visited the seclog, that provides only one page [that likely provides data of the last one or two days].
I have a curious question:
"Are there steps to see full data in the seclog page or at least several options like the last week/ last month/ last quarter, and so on ?"

Thank you.

xtraelv

legendary

Activity: 1274

Merit: 1924

฿ear ride on the rainbow slide

Maybe an account farmer woke up some old accounts after having some of their accounts nuked.

Perhaps they are the sockpuppet shills of a new ICO.

jackg

copper member

Activity: 2856

Merit: 3071

https://bit.ly/387FXHi lightning theory

Quote from: bitart on January 04, 2019, 06:26:19 PM

Quote from: theymos on January 04, 2019, 06:06:39 PM

I further modified seclog.php so that by default newbies & brand-new members are hidden unless they are whitelisted, copper member, etc.

Whitelisted means you click on the Show All link at the beginning of the Seclog, or this is something new for newbies and brand new members?

I think whitelisted is where an account has special permissions. I think it means like if default trust or the old scammer tag get hacked.

@theymos, what's the remedy of defeating zombies if they have been possessed by an unwanted force?

bitart

hero member

Activity: 1442

Merit: 629

Vires in Numeris

Quote from: theymos on January 04, 2019, 06:06:39 PM

I further modified seclog.php so that by default newbies & brand-new members are hidden unless they are whitelisted, copper member, etc.

Whitelisted means you click on the Show All link at the beginning of the Seclog, or this is something new for newbies and brand new members?

theymos

administrator

Activity: 5166

Merit: 12850

I further modified seclog.php so that by default newbies & brand-new members are hidden unless they are whitelisted, copper member, etc.

LTU_btc

legendary

Activity: 3038

Merit: 1330

Slava Ukraini!

Quote from: YOSHIE on January 04, 2019, 03:40:16 PM

In the human mind, is good and there is bad, right now people don't have work, they can only make trouble and nonsense, so it's not surprising to find something like this, maybe you can see zombies waking up from their nests ,
Example:
1. zom Position: Brand new

10. unQ Position: Brand new

For that there is no need to wonder what people are doing, maybe in 1 day all over the world it can make the same thousands of accounts, by irresponsible person.

Interesting, I also noticed that huge part of accounts which wake up is Brand New, but there are also many Newbie accounts with few posts made. There is also few Jr. Member who ranked up with 1 Merit and few higher ranked accounts, but maybe they aren't related to majority of accounts that wake up. I don't think that these Brand New and Newbie accounts that wake up are hacked, because I don't see many reasons to hack such accounts because they are worthless. I would predict that's just one of botnets which belongs to spamming services

Upgrade00

legendary

Activity: 2030

Merit: 2174

Professional Community manager

It would raise more suspicion if there were lots of high ranking accounts involved, but there are many newbie and brand new accounts which were woken up, and this would not be a target for hackers.

It's good you had your email notification and took quick measures to recover and secure your account.
Also sign a message linked to your account, if you are yet to.

petestheman

sr. member

Activity: 406

Merit: 257

BINGO! BOUNTY MANAGEMENT

Quote from: theymos on January 04, 2019, 03:30:42 PM

No, I mean that I just now added this stat to the page in order to illustrate that the rate is not unusual:

Quote

296 users/day in the last month, 520 users/day in the last year.

Great. It looks more informative now

Quote from: theymos on January 04, 2019, 03:30:42 PM

People often see the big wall of seclog events and freak out, but it's a noisy log covering 30 days, and a high number of events is normal. OP's issue is not part of any wider trend.

Yes, it looks like a big list, but still 5900 woke-up accounts should be too much in just a monthly period I thought. It means every day average 200 accounts wake-up Roll Eyes

Edit:

Quote from: mdayonliner on January 04, 2019, 02:30:37 PM

I am not sure how long you need to be inactive to have this woke up log for your account.

It pops up if you login after a 6 months time:

Quote from: achow101 on March 27, 2017, 01:34:41 PM

It shows up if a user has logged in with their last login time being at least 6 months ago.

YOSHIE

legendary

Activity: 2086

Merit: 1759

Quote from: EdenHazard on January 04, 2019, 02:21:21 PM

I see a lot of dead accounts woke up now! Yeah now it's happening!

Can anybody explain this situation?

In the human mind, is good and there is bad, right now people don't have work, they can only make trouble and nonsense, so it's not surprising to find something like this, maybe you can see zombies waking up from their nests ,
Example:
1. zom Position: Brand new
2. zombie Position: Newbie
3. zomb Position: Newbie
4. zo Position: Newbie
5. z Position: Newbie

1. una Position: Newbie
2. uni Position: Brand new
3. une Position: Brand new
4. uno Position: Brand new
5. unsa Position: Newbie
6. unc Position: Brand new
7. unv Position: Newbie
8. unz Position: Brand new
9. unm Position: Newbie
10. unQ Position: Brand new

For that there is no need to wonder what people are doing, maybe in 1 day all over the world it can make the same thousands of accounts, by irresponsible person.

theymos

administrator

Activity: 5166

Merit: 12850

Quote from: petestheman on January 04, 2019, 03:25:20 PM

But what did you add and how is it connected to the woke-up of all this old accounts?

No, I mean that I just now added this stat to the page in order to illustrate that the rate is not unusual:

Quote

296 users/day in the last month, 520 users/day in the last year.

People often see the big wall of seclog events and freak out, but it's a noisy log covering 30 days, and a high number of events is normal. OP's issue is not part of any wider trend.

petestheman

sr. member

Activity: 406

Merit: 257

BINGO! BOUNTY MANAGEMENT

Quote from: theymos on January 04, 2019, 02:52:53 PM

The rate is not unusual. I added an extra stat to that page.

OK

But what did you add and how is it connected to the woke-up of all this old accounts?

Topic: Bitcointalk mass hacking... Look at seclog now! (Read 646 times)