Author

Topic: Bitcointalk mass hacking... Look at seclog now! (Read 680 times)

legendary
Activity: 1232
Merit: 1000
Tbh I don't think anyone can bruteforce a recaptcha login even with thousands of attempts

What you see it's only the big farmers of the past taking benefits of free merits

There is a possibility that the forum database dump with password hashes has been leaked. It could easily be bruteforced, especially weak passwords.
member
Activity: 182
Merit: 10
Personal Text
Tbh I don't think anyone can bruteforce a recaptcha login even with thousands of attempts

What you see it's only the big farmers of the past taking benefits of free merits
full member
Activity: 308
Merit: 156
There are 5,895 accounts woke up in last 30 days. The dead accounts waking up always do not mean that they were hacked. Legit user can login to their accounts after long time. I am not sure how long you need to be inactive to have this woke up log for your account.

Not sure I can call it legit, mate .

this mass comeback is really strange.
maybe somebody found an old dump with PWs and all the old are used now.

somebody should find a similarity between all the accounts.
date of registration?
last login before the comeback?
That's what I mean , strange and insane!
I just want to warn everybody here to be more careful with this unusual activity.

I just can't understand how my unique password got hacked , it must be a phising or something but I do aware about that. Or a Keylogger which I do aware about it too.

Sorry, I'm too late, but anyway...
How many and what type of symbols did your hacked password consist of?
legendary
Activity: 3346
Merit: 3125
My account was hacked for few secs daaamn yeah they changed my password , luckily there's notification to my email and quickly i changed the bctalk account password and secured everything back!

Any idea about how you account get hacked? Maybe that can help us to avoid that happens to other users? Is weird to get hacked if you have a hard password to brute force, so maybe you know what was the attacking vector. I would appreciate that info.
member
Activity: 518
Merit: 21
Yeah there must be something fishy about it and hopefully mods can explain this. We do not want thos site to be hi jacked by anyone else for we know that a lot of cash flowing through this forum. I can sense there is a hacking activity because OP had almost gets his/her account hack. As we all know that hacked accounts were being sold again in the market place so a lot money could be generated from.this activity.
legendary
Activity: 2758
Merit: 6830
Nope. But you can use BPIP.org to check if a specific user has been mentioned in the seclog since the website is constantly scrapping that page and saving the info.
thank you.
I known that Bpip.org site, but it has likely a bit delay to update real data from the forum (hours delayed).
Code:
Last Parsed
and
Code:
Next Planned Parse
I am not sure, but it is likely that data updates in the site is some hours delayed than what really happened in the forum. I meant it is not real-time data.  Smiley
That's the info scrapped from the user's profile, which can't be in real time for obvious reasons (there are 229,988 active profiles being scrapped every time).

BPIP is constantly scrapping the seclog page as an independent process and adding the info to each mentioned profile.
full member
Activity: 462
Merit: 155
Nope. But you can use BPIP.org to check if a specific user has been mentioned in the seclog since the website is constantly scrapping that page and saving the info.
thank you.
I known that Bpip.org site, but it has likely a bit delay to update real data from the forum (hours delayed).
Code:
Last Parsed
and
Code:
Next Planned Parse
I am not sure, but it is likely that data updates in the site is some hours delayed than what really happened in the forum. I meant it is not real-time data.  Smiley


I guess it is almost the same reasons which forced theymos to stop the given basic statistics of the site, right?
The given data dump stopped in middle of December last year.
Maybe if theymos implement sorting functions there, but I guess it will affect the forum's speed as it will load such immense data from server.
copper member
Activity: 2142
Merit: 1305
Limited in number. Limitless in potential.
"Are there steps to see full data in the seclog page or at least several options like the last week/ last month/ last quarter, and so on ?"
Maybe if theymos implement sorting functions there, but I guess it will affect the forum's speed as it will load such immense data from server.


My account was hacked for few secs daaamn yeah they changed my password , luckily there's notification to my email and quickly i changed the bctalk account password and secured everything back!

Few moments later I figure out what the heck is happening with my account as far as I know I am using very unique password , then i randomly look at the seclog page ... the result is crazy!
There's nothing to do about it, woke up status  is different from password changed.
legendary
Activity: 2758
Merit: 6830
"Are there steps to see full data in the seclog page or at least several options like the last week/ last month/ last quarter, and so on ?"
Nope. But you can use BPIP.org to check if a specific user has been mentioned in the seclog since the website is constantly scrapping that page and saving the info.
full member
Activity: 462
Merit: 155
Got the required inactive period to have a Woke-up status after being active again. It is a six-month period.
It pops up if you login after a 6 months time:
It shows up if a user has logged in with their last login time being at least 6 months ago.


By the way, I visited the seclog, that provides only one page [that likely provides data of the last one or two days].
I have a curious question:
"Are there steps to see full data in the seclog page or at least several options like the last week/ last month/ last quarter, and so on ?"

Thank you.
legendary
Activity: 1288
Merit: 1926
฿ear ride on the rainbow slide
Maybe an account farmer woke up some old accounts after having some of their accounts nuked.

Perhaps they are the sockpuppet shills of a new ICO.
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
I further modified seclog.php so that by default newbies & brand-new members are hidden unless they are whitelisted, copper member, etc.
Whitelisted means you click on the Show All link at the beginning of the Seclog, or this is something new for newbies and brand new members?

I think whitelisted is where an account has special permissions. I think it means like if default trust or the old scammer tag get hacked.




@theymos, what's the remedy of defeating zombies if they have been possessed by an unwanted force?
hero member
Activity: 1442
Merit: 629
Vires in Numeris
I further modified seclog.php so that by default newbies & brand-new members are hidden unless they are whitelisted, copper member, etc.
Whitelisted means you click on the Show All link at the beginning of the Seclog, or this is something new for newbies and brand new members?
administrator
Activity: 5222
Merit: 13032
I further modified seclog.php so that by default newbies & brand-new members are hidden unless they are whitelisted, copper member, etc.
legendary
Activity: 3234
Merit: 1375
Slava Ukraini!
In the human mind, is good and there is bad, right now people don't have work, they can only make trouble and nonsense, so it's not surprising to find something like this, maybe you can see zombies waking up from their nests ,
Example:
1. zom Position: Brand new

10. unQ Position: Brand new

For that there is no need to wonder what people are doing, maybe in 1 day all over the world it can make the same thousands of accounts, by irresponsible person.
Interesting, I also noticed that huge part of accounts which wake up is Brand New, but there are also many Newbie accounts with few posts made. There is also few Jr. Member who ranked up with 1 Merit and few higher ranked accounts, but maybe they aren't related to majority of accounts that wake up. I don't think that these Brand New and Newbie accounts that wake up are hacked, because I don't see many reasons to hack such accounts because they are worthless. I would predict that's just one of botnets which belongs to spamming services
legendary
Activity: 2114
Merit: 2248
Playgram - The Telegram Casino
It would raise more suspicion if there were lots of  high ranking accounts involved, but there are many newbie and brand new accounts which were woken up, and this would not be a target for hackers.

It's good you had your email notification and took quick measures to recover and secure your account.
Also sign a message linked to your account, if you are yet to.
sr. member
Activity: 406
Merit: 257
BINGO! BOUNTY MANAGEMENT
No, I mean that I just now added this stat to the page in order to illustrate that the rate is not unusual:
Quote
296 users/day in the last month, 520 users/day in the last year.
Great. It looks more informative now Smiley

People often see the big wall of seclog events and freak out, but it's a noisy log covering 30 days, and a high number of events is normal. OP's issue is not part of any wider trend.
Yes, it looks like a big list, but still 5900 woke-up accounts should be too much in just a monthly period I thought. It means every day average 200 accounts wake-up Roll Eyes



Edit:

I am not sure how long you need to be inactive to have this woke up log for your account.

It pops up if you login after a 6 months time:
It shows up if a user has logged in with their last login time being at least 6 months ago.
legendary
Activity: 2128
Merit: 1775

I see a lot of dead accounts woke up now! Yeah now it's happening!

Can anybody explain this situation?

In the human mind, is good and there is bad, right now people don't have work, they can only make trouble and nonsense, so it's not surprising to find something like this, maybe you can see zombies waking up from their nests ,
Example:
1. zom Position: Brand new
2. zombie Position: Newbie
3. zomb Position: Newbie
4. zo Position: Newbie
5. z Position: Newbie


1. una Position: Newbie
2. uni Position: Brand new
3. une Position: Brand new
4. uno Position: Brand new
5. unsa Position: Newbie
6. unc Position: Brand new
7. unv Position: Newbie
8. unz Position: Brand new
9. unm Position: Newbie
10. unQ Position: Brand new

For that there is no need to wonder what people are doing, maybe in 1 day all over the world it can make the same thousands of accounts, by irresponsible person.
administrator
Activity: 5222
Merit: 13032
But what did you add and how is it connected to the woke-up of all this old accounts?

No, I mean that I just now added this stat to the page in order to illustrate that the rate is not unusual:
Quote
296 users/day in the last month, 520 users/day in the last year.

People often see the big wall of seclog events and freak out, but it's a noisy log covering 30 days, and a high number of events is normal. OP's issue is not part of any wider trend.
sr. member
Activity: 406
Merit: 257
BINGO! BOUNTY MANAGEMENT
The rate is not unusual. I added an extra stat to that page.
OK

But what did you add and how is it connected to the woke-up of all this old accounts?
administrator
Activity: 5222
Merit: 13032
The rate is not unusual. I added an extra stat to that page.
legendary
Activity: 2674
Merit: 1048
There are 5,895 accounts woke up in last 30 days. The dead accounts waking up always do not mean that they were hacked. Legit user can login to their accounts after long time. I am not sure how long you need to be inactive to have this woke up log for your account.

Not sure I can call it legit, mate .

this mass comeback is really strange.
maybe somebody found an old dump with PWs and all the old are used now.

somebody should find a similarity between all the accounts.
date of registration?
last login before the comeback?
That's what I mean , strange and insane!
I just want to warn everybody here to be more careful with this unusual activity.

I just can't understand how my unique password got hacked , it must be a phising or something but I do aware about that. Or a Keylogger which I do aware about it too.
legendary
Activity: 1498
Merit: 1117
thats true.
or the database of an account-seller got lost.....  Shocked
legendary
Activity: 2702
Merit: 3045
Top Crypto Casino
this mass comeback is really strange.
maybe somebody found an old dump with PWs and all the old are used now.

Even if someone has a copy of the forum's database, it will be useless since paswords are saved after many rounds of sha256 hashing unless the hacker used brute force to find weak passwords.
legendary
Activity: 2814
Merit: 2472
https://JetCash.com
Cancel all their sMerits. Smiley
legendary
Activity: 1498
Merit: 1117
this mass comeback is really strange.
maybe somebody found an old dump with PWs and all the old are used now.

somebody should find a similarity between all the accounts.
date of registration?
last login before the comeback?

thanks to the colour:

augustocroppo - woke up
https://bitcointalksearch.org/user/augustocroppo-50315

Narydu - woke up
https://bitcointalksearch.org/user/narydu-21434

copper member
Activity: 630
Merit: 420
We are Bitcoin!
There are 5,895 accounts woke up in last 30 days. The dead accounts waking up always do not mean that they were hacked. Legit user can login to their accounts after long time. I am not sure how long you need to be inactive to have this woke up log for your account.
legendary
Activity: 2674
Merit: 1048
A lot of accounts comeback from the dead recently just look at the seclog!

My account was hacked for few secs daaamn yeah they changed my password , luckily there's notification to my email and quickly i changed the bctalk account password and secured everything back!

Few moments later I figure out what the heck is happening with my account as far as I know I am using very unique password , then i randomly look at the seclog page ... the result is crazy!

I see a lot of dead accounts woke up now! Yeah now it's happening!

Can anybody explain this situation?
Jump to: