Pages:
Author

Topic: BitCoinTalk.PW (Bitcointalk Proxy Website) (Read 2769 times)

legendary
Activity: 1246
Merit: 1049
March 22, 2017, 07:03:43 PM
#35
I'm not very familiar to web security but..

Could bitcointalk.org restrict a website like this .pw site from displaying its contents?
I find this unsafe for those users who doesn't have the chance to visit this thread and if prove as a phishing site, this will likely increase more hacked account cases. Just a small beef question  Wink
How difficult it is to notice .org over .pw ? You cannot change the entire system for a bunch of 12 year old kids who expect internet to work according to their standards.Try it,it's not that hard.

It is difficult for "others". I didn't ask for a change of the entire system, have I?. What I'm asking is if there is some feature that they can turn on to restrict those sites (not a change, but an add on security).
legendary
Activity: 1988
Merit: 1317
Get your game girl
I'm not very familiar to web security but..

Could bitcointalk.org restrict a website like this .pw site from displaying its contents?
I find this unsafe for those users who doesn't have the chance to visit this thread and if prove as a phishing site, this will likely increase more hacked account cases. Just a small beef question  Wink
How difficult it is to notice .org over .pw ? You cannot change the entire system for a bunch of 12 year old kids who expect internet to work according to their standards.Try it,it's not that hard.

Perhaps they could use htaccess to block access to the themes directory. That would mess up the display.
Not necessarily.You can always request the pages and display them in your smf theme.
sr. member
Activity: 364
Merit: 250
Don't think it's safe. The guys on the Chinese Local board have been looking for a proxy they can access without VPN for literally years, if they didn't find anything reliable I'm betting this ain't too.
legendary
Activity: 2828
Merit: 2472
https://JetCash.com
Perhaps they could use htaccess to block access to the themes directory. That would mess up the display.
legendary
Activity: 1246
Merit: 1049
I'm not very familiar to web security but..

Could bitcointalk.org restrict a website like this .pw site from displaying its contents?
I find this unsafe for those users who doesn't have the chance to visit this thread and if prove as a phishing site, this will likely increase more hacked account cases. Just a small beef question  Wink
newbie
Activity: 1
Merit: 0
I found this google page for reporting a phishing site page designed to look like another page in an attempt to steal users' personal information. If [Suspicious link removed] users enter their login details is should qualify as a phishing site.

I just visited bitcointalk.pw and it looks like they are making it very clear that it is a proxy website, so I don't think it is safe to assume it is designed to attempt to steal users' information.

It doesn't look like you can register accounts on this website as the .pw medium to the .org site does not appear to use javascript.

If you try to login to your account from the .pw site, you will be redirected to the .org site which will display a "cookie error", although if you go back to the .pw site you will be logged in.

If you try to post from the .pw site, you will get a 'timed out' error message and will be redirected to a page to create a new thread in the sub that the thread you were trying to post on is located in. If you try to create a new thread you will get the same error message. Interestingly enough, you can send PMs without issue.

edit: I was just able to post from the .pw site, I am not sure what caused the 'timed out' error previously.
edit2: don't worry, I used a very unique password to create this account
legendary
Activity: 2772
Merit: 2846
I found this google page for reporting a phishing site page designed to look like another page in an attempt to steal users' personal information. If bitcointalk.pw lets bitcointalk.org users enter their login details is should qualify as a phishing site.

https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en

Quote
Report Phishing Page

Thank you for helping us keep the web safe from phishing sites. If you believe you've encountered a page designed to look like another page in an attempt to steal users' personal information, please complete the form below to report the page to the Google Safe Browsing team.



Google used to provide a form to report scraper websites, but sadly it's now closed.

https://docs.google.com/forms/d/1Pw1KVOVRyr4a7ezj_6SHghnX1Y6bp1SOVmy60QjkF0Y/closedform





However are other tools available like the Google Disavow tool described in this stackexchange post.


http://webmasters.stackexchange.com/questions/78404/someone-has-cloned-my-wordpress-blog-how-do-i-prevent-it-from-hurting-seo

Quote
If the site produces backlinks to you it is important to use the Google Disavow tool otherwise the algorithm will be working against you, regardless.

https://www.google.com/webmasters/tools/disavow-links-main

create a .txt file and add:

domain:thedamnsitethatcloned.com
then upload it to Google via Webmaster Tools.

Here are exactly the steps that I would take to resolve this issue. I know that a lot of webmasters face this issue. I have had this problem before and there does not seem to be a straight answer on Google (ironically) (which is why I want to help). Matt Cutts is the dude who you are supposed to listen to about these issues, but listening to him is like trying to win a game of chess against a supercomputer inside a burning house (no help to be found).

The short Cutts:

Register with DMCA and put the badge on your website.
Gather all copied content by pasting the first 60 words from your website into Google and submut VIA https://www.google.com/webmasters/tools/dmca-dashboard DMCA requests will only accept permalinks.
Disavow EVERY site which has copied content linking back to you. Do this on every page of your website.
My first answer was to disavow the domain, but I forgot mention that you need to disavow:

www. AND
non www.
(Google counts them as two separate domains).
legendary
Activity: 2772
Merit: 2846
bitcointalk.pw is registered through WhoisGuard.

https://who.is/whois/bitcointalk.pw

I'm no legal expert, but someone must own the copyright to the content of posts made here, either the users or the forum itself. Reddit's agreement says users own the copyright rights to their own posts, but by submitting them to reddit they grant it an unrestricted license to display them.

Any website hosting or proxy linking to bitcointalk posts is breaking the Digital Millennium Copyright Act (DMCA) and is risking a takedown notice to remove the copyrighted works.

Whoisguard says to contact it here to report copyright infringement by any domain using its service

http://www.whoisguard.com/contact-us.asp

Quote
In case you believe a domain using our service is engaged in abuse or any illegal activity and/or infringes third parties' trademarks (or other rights), please contact [email protected] and file an abuse report.


The website is just a proxy for bitcointalk.org, it forwards all requests to bitcointalk's server. I don't believe it actually hosts any of the content. Harder to make a case for DMCA.


Yes the DMCA is more vague about proxys. However, this wikipedia page suggests proxied content is still subject to takedown notices.

Also, is any of the content modified on bitcointalk.pw? Any modified content is subject to takedown. I'm not prepared to risk viewing the site myself. I hate accidentally clicking a link to any bitcointalk clone site because of the risk of a virus infection.

https://en.wikipedia.org/wiki/Online_Copyright_Infringement_Liability_Limitation_Act

Quote
512(b) System Caching Safe Harbor

Section 512(b) protects OSPs who engage in caching (i.e. creating copies of material for faster access) if the caching is conducted in standard ways, and does not interfere with reasonable copy protection systems. This Section applies to the proxy and caching servers used by ISPs and many other providers.

If the cached material is made available to end users the system provider must follow the Section 512(c) takedown and put back provisions. Note that this provision only applies to cached material originated by a third party, not by the provider itself. Also, the content of the material must not be modified as a result of the caching process.
full member
Activity: 196
Merit: 101
bitcointalk.pw is registered through WhoisGuard.

https://who.is/whois/bitcointalk.pw

I'm no legal expert, but someone must own the copyright to the content of posts made here, either the users or the forum itself. Reddit's agreement says users own the copyright rights to their own posts, but by submitting them to reddit they grant it an unrestricted license to display them.

Any website hosting or proxy linking to bitcointalk posts is breaking the Digital Millennium Copyright Act (DMCA) and is risking a takedown notice to remove the copyrighted works.

Whoisguard says to contact it here to report copyright infringement by any domain using its service

http://www.whoisguard.com/contact-us.asp

Quote
In case you believe a domain using our service is engaged in abuse or any illegal activity and/or infringes third parties' trademarks (or other rights), please contact [email protected] and file an abuse report.


The website is just a proxy for bitcointalk.org, it forwards all requests to bitcointalk's server. I don't believe it actually hosts any of the content. Harder to make a case for DMCA.
legendary
Activity: 2772
Merit: 2846
bitcointalk.pw is registered through WhoisGuard.

https://who.is/whois/bitcointalk.pw

I'm no legal expert, but someone must own the copyright to the content of posts made here, either the users or the forum itself. Reddit's agreement says users own the copyright rights to their own posts, but by submitting them to reddit they grant it an unrestricted license to display them.

Any website hosting or proxy linking to bitcointalk posts is breaking the Digital Millennium Copyright Act (DMCA) and is risking a takedown notice to remove the copyrighted works.

Whoisguard says to contact it here to report copyright infringement by any domain using its service

http://www.whoisguard.com/contact-us.asp

Quote
In case you believe a domain using our service is engaged in abuse or any illegal activity and/or infringes third parties' trademarks (or other rights), please contact [email protected] and file an abuse report.
administrator
Activity: 5222
Merit: 13032
None of these sites are official, and you should never enter your password there. If you ever accidentally enter your password somewhere other than bitcointalk.org, you should change it here immediately. Maybe some of these sites are intended for bypassing various blacklists such as China's great firewall, but more likely they steal login information or do other nefarious things.

I can understand how it gets new posts, but how does it know when an old post is edited?

My site (in my signature) has to rescrape the pages to get new information, and some pages I don't rescrape for months since they never change.

It's just a proxy, it sends a request to bitcointalk.org whenever you request a page there.
copper member
Activity: 2996
Merit: 2374
In regards to profiles, the site will need to view profiles one at a time the same way it would originally get this information. It might know to check the profile if it sees a new/edited post by you, which would reduce the number of times each profile would get checked.

That wouldn't help if their trust score changes.
Your site uses the Default Trust network to calculate trust scores. If this is what you want to do, then you can have your site determine who is in the DefaultTrust network by going to https://bitcointalk.org/index.php?action=trust and collecting a list of accounts that have a number of zero or greater from an account that only had DefaultTrust in it's trust list, and the trust depth set to 2. From there, your site will only need to parse the sent trust ratings of the few hundred people who are in the DefaultTrust network. The formula to calculate a trust rating is public, so your site should be able to calculate trust ratings without having to visit everyone's profile. Although it might get confused if someone receives their first negative trust rating on the same day that they receive a positive trust rating, so in these instances, you can have your site visit the person's profile to check the ordering of the received trust ratings.

edit: formula for trust ratings --> https://bitcointalksearch.org/topic/minor-trust-score-algorithm-change-1066857
Vod
legendary
Activity: 3668
Merit: 3010
Licking my boob since 1970
In regards to profiles, the site will need to view profiles one at a time the same way it would originally get this information. It might know to check the profile if it sees a new/edited post by you, which would reduce the number of times each profile would get checked.

That wouldn't help if their trust score changes.
copper member
Activity: 2996
Merit: 2374
No, the databases are not the same. Theymos does not operate the other site. What the other site is doing is that it is constantly checking Bitcointalk for changes to any part of the site (threads, profiles, etc.) and then mirroring that exactly.

How?

I can understand how it gets new posts, but how does it know when an old post is edited?

My site (in my signature) has to rescrape the pages to get new information, and some pages I don't rescrape for months since they never change.


If you are logged in, if you read a thread, and a post in that thread subsequently gets updated, that thread will show up as being unread (but will not show up in your watchlist). Once all threads get archived/saved, the site can simply check for unread threads.

In regards to profiles, the site will need to view profiles one at a time the same way it would originally get this information. It might know to check the profile if it sees a new/edited post by you, which would reduce the number of times each profile would get checked.
Vod
legendary
Activity: 3668
Merit: 3010
Licking my boob since 1970
No, the databases are not the same. Theymos does not operate the other site. What the other site is doing is that it is constantly checking Bitcointalk for changes to any part of the site (threads, profiles, etc.) and then mirroring that exactly.

How?

I can understand how it gets new posts, but how does it know when an old post is edited?

My site (in my signature) has to rescrape the pages to get new information, and some pages I don't rescrape for months since they never change.

staff
Activity: 3458
Merit: 6793
Just writing some code
Are this forum's database is the same with that forum? If @achow101 is right, then how's that possible. If this two forum has different databases then this will not be happening but...
No, the databases are not the same. Theymos does not operate the other site. What the other site is doing is that it is constantly checking Bitcointalk for changes to any part of the site (threads, profiles, etc.) and then mirroring that exactly.
copper member
Activity: 2996
Merit: 2374
There are many of these kinds of sites, probably hundreds. Most of them are most likely trying to host advertisements without having any original content, although some of these are probably also phishing sites and it is never going to be safe entering your password onto any of these sites.
copper member
Activity: 2142
Merit: 1305
Limited in number. Limitless in potential.
I've seen different domains with the same look with bitcointalk, but this forum is different, I tried to edit one of my posts here (bitcointalk.org) and when I refresh the page from that site (bitcointalk.pw), and it got edited also? And tried to delete it then it got deleted also. Are this forum's database is the same with that forum? If @achow101 is right, then how's that possible. If this two forum has different databases then this will not be happening but...
hero member
Activity: 3024
Merit: 614
Leading Crypto Sports Betting & Casino Platform
This is definitely a phishing site,once you mistaken it to bitcointalk.org and login with your bitcointalk details,they will take over your bitcointalk account and lose it permanently,we have seen similar sites like this in financial services,so unless the admin here stated here,do not go or block this site..
staff
Activity: 3458
Merit: 6793
Just writing some code
That website, and any website which clones and mirrors Bitcointalk, is not affiliated with bitcointalk in any way whatsoever. Do not try logging in to those websites as they may be phishing sites.
Pages:
Jump to: