Author

Topic: BitCoinTalk.PW (Bitcointalk Proxy Website) (Read 2757 times)

legendary
Activity: 1246
Merit: 1049
March 22, 2017, 07:03:43 PM
#35
I'm not very familiar to web security but..

Could bitcointalk.org restrict a website like this .pw site from displaying its contents?
I find this unsafe for those users who doesn't have the chance to visit this thread and if prove as a phishing site, this will likely increase more hacked account cases. Just a small beef question  Wink
How difficult it is to notice .org over .pw ? You cannot change the entire system for a bunch of 12 year old kids who expect internet to work according to their standards.Try it,it's not that hard.

It is difficult for "others". I didn't ask for a change of the entire system, have I?. What I'm asking is if there is some feature that they can turn on to restrict those sites (not a change, but an add on security).
legendary
Activity: 1988
Merit: 1317
Get your game girl
I'm not very familiar to web security but..

Could bitcointalk.org restrict a website like this .pw site from displaying its contents?
I find this unsafe for those users who doesn't have the chance to visit this thread and if prove as a phishing site, this will likely increase more hacked account cases. Just a small beef question  Wink
How difficult it is to notice .org over .pw ? You cannot change the entire system for a bunch of 12 year old kids who expect internet to work according to their standards.Try it,it's not that hard.

Perhaps they could use htaccess to block access to the themes directory. That would mess up the display.
Not necessarily.You can always request the pages and display them in your smf theme.
sr. member
Activity: 364
Merit: 250
Don't think it's safe. The guys on the Chinese Local board have been looking for a proxy they can access without VPN for literally years, if they didn't find anything reliable I'm betting this ain't too.
legendary
Activity: 2814
Merit: 2472
https://JetCash.com
Perhaps they could use htaccess to block access to the themes directory. That would mess up the display.
legendary
Activity: 1246
Merit: 1049
I'm not very familiar to web security but..

Could bitcointalk.org restrict a website like this .pw site from displaying its contents?
I find this unsafe for those users who doesn't have the chance to visit this thread and if prove as a phishing site, this will likely increase more hacked account cases. Just a small beef question  Wink
newbie
Activity: 1
Merit: 0
I found this google page for reporting a phishing site page designed to look like another page in an attempt to steal users' personal information. If [Suspicious link removed] users enter their login details is should qualify as a phishing site.

I just visited bitcointalk.pw and it looks like they are making it very clear that it is a proxy website, so I don't think it is safe to assume it is designed to attempt to steal users' information.

It doesn't look like you can register accounts on this website as the .pw medium to the .org site does not appear to use javascript.

If you try to login to your account from the .pw site, you will be redirected to the .org site which will display a "cookie error", although if you go back to the .pw site you will be logged in.

If you try to post from the .pw site, you will get a 'timed out' error message and will be redirected to a page to create a new thread in the sub that the thread you were trying to post on is located in. If you try to create a new thread you will get the same error message. Interestingly enough, you can send PMs without issue.

edit: I was just able to post from the .pw site, I am not sure what caused the 'timed out' error previously.
edit2: don't worry, I used a very unique password to create this account
legendary
Activity: 2772
Merit: 2846
I found this google page for reporting a phishing site page designed to look like another page in an attempt to steal users' personal information. If bitcointalk.pw lets bitcointalk.org users enter their login details is should qualify as a phishing site.

https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en

Quote
Report Phishing Page

Thank you for helping us keep the web safe from phishing sites. If you believe you've encountered a page designed to look like another page in an attempt to steal users' personal information, please complete the form below to report the page to the Google Safe Browsing team.



Google used to provide a form to report scraper websites, but sadly it's now closed.

https://docs.google.com/forms/d/1Pw1KVOVRyr4a7ezj_6SHghnX1Y6bp1SOVmy60QjkF0Y/closedform





However are other tools available like the Google Disavow tool described in this stackexchange post.


http://webmasters.stackexchange.com/questions/78404/someone-has-cloned-my-wordpress-blog-how-do-i-prevent-it-from-hurting-seo

Quote
If the site produces backlinks to you it is important to use the Google Disavow tool otherwise the algorithm will be working against you, regardless.

https://www.google.com/webmasters/tools/disavow-links-main

create a .txt file and add:

domain:thedamnsitethatcloned.com
then upload it to Google via Webmaster Tools.

Here are exactly the steps that I would take to resolve this issue. I know that a lot of webmasters face this issue. I have had this problem before and there does not seem to be a straight answer on Google (ironically) (which is why I want to help). Matt Cutts is the dude who you are supposed to listen to about these issues, but listening to him is like trying to win a game of chess against a supercomputer inside a burning house (no help to be found).

The short Cutts:

Register with DMCA and put the badge on your website.
Gather all copied content by pasting the first 60 words from your website into Google and submut VIA https://www.google.com/webmasters/tools/dmca-dashboard DMCA requests will only accept permalinks.
Disavow EVERY site which has copied content linking back to you. Do this on every page of your website.
My first answer was to disavow the domain, but I forgot mention that you need to disavow:

www. AND
non www.
(Google counts them as two separate domains).
legendary
Activity: 2772
Merit: 2846
bitcointalk.pw is registered through WhoisGuard.

https://who.is/whois/bitcointalk.pw

I'm no legal expert, but someone must own the copyright to the content of posts made here, either the users or the forum itself. Reddit's agreement says users own the copyright rights to their own posts, but by submitting them to reddit they grant it an unrestricted license to display them.

Any website hosting or proxy linking to bitcointalk posts is breaking the Digital Millennium Copyright Act (DMCA) and is risking a takedown notice to remove the copyrighted works.

Whoisguard says to contact it here to report copyright infringement by any domain using its service

http://www.whoisguard.com/contact-us.asp

Quote
In case you believe a domain using our service is engaged in abuse or any illegal activity and/or infringes third parties' trademarks (or other rights), please contact [email protected] and file an abuse report.


The website is just a proxy for bitcointalk.org, it forwards all requests to bitcointalk's server. I don't believe it actually hosts any of the content. Harder to make a case for DMCA.


Yes the DMCA is more vague about proxys. However, this wikipedia page suggests proxied content is still subject to takedown notices.

Also, is any of the content modified on bitcointalk.pw? Any modified content is subject to takedown. I'm not prepared to risk viewing the site myself. I hate accidentally clicking a link to any bitcointalk clone site because of the risk of a virus infection.

https://en.wikipedia.org/wiki/Online_Copyright_Infringement_Liability_Limitation_Act

Quote
512(b) System Caching Safe Harbor

Section 512(b) protects OSPs who engage in caching (i.e. creating copies of material for faster access) if the caching is conducted in standard ways, and does not interfere with reasonable copy protection systems. This Section applies to the proxy and caching servers used by ISPs and many other providers.

If the cached material is made available to end users the system provider must follow the Section 512(c) takedown and put back provisions. Note that this provision only applies to cached material originated by a third party, not by the provider itself. Also, the content of the material must not be modified as a result of the caching process.
full member
Activity: 196
Merit: 101
bitcointalk.pw is registered through WhoisGuard.

https://who.is/whois/bitcointalk.pw

I'm no legal expert, but someone must own the copyright to the content of posts made here, either the users or the forum itself. Reddit's agreement says users own the copyright rights to their own posts, but by submitting them to reddit they grant it an unrestricted license to display them.

Any website hosting or proxy linking to bitcointalk posts is breaking the Digital Millennium Copyright Act (DMCA) and is risking a takedown notice to remove the copyrighted works.

Whoisguard says to contact it here to report copyright infringement by any domain using its service

http://www.whoisguard.com/contact-us.asp

Quote
In case you believe a domain using our service is engaged in abuse or any illegal activity and/or infringes third parties' trademarks (or other rights), please contact [email protected] and file an abuse report.


The website is just a proxy for bitcointalk.org, it forwards all requests to bitcointalk's server. I don't believe it actually hosts any of the content. Harder to make a case for DMCA.
legendary
Activity: 2772
Merit: 2846
bitcointalk.pw is registered through WhoisGuard.

https://who.is/whois/bitcointalk.pw

I'm no legal expert, but someone must own the copyright to the content of posts made here, either the users or the forum itself. Reddit's agreement says users own the copyright rights to their own posts, but by submitting them to reddit they grant it an unrestricted license to display them.

Any website hosting or proxy linking to bitcointalk posts is breaking the Digital Millennium Copyright Act (DMCA) and is risking a takedown notice to remove the copyrighted works.

Whoisguard says to contact it here to report copyright infringement by any domain using its service

http://www.whoisguard.com/contact-us.asp

Quote
In case you believe a domain using our service is engaged in abuse or any illegal activity and/or infringes third parties' trademarks (or other rights), please contact [email protected] and file an abuse report.
administrator
Activity: 5222
Merit: 13032
None of these sites are official, and you should never enter your password there. If you ever accidentally enter your password somewhere other than bitcointalk.org, you should change it here immediately. Maybe some of these sites are intended for bypassing various blacklists such as China's great firewall, but more likely they steal login information or do other nefarious things.

I can understand how it gets new posts, but how does it know when an old post is edited?

My site (in my signature) has to rescrape the pages to get new information, and some pages I don't rescrape for months since they never change.

It's just a proxy, it sends a request to bitcointalk.org whenever you request a page there.
copper member
Activity: 2996
Merit: 2374
In regards to profiles, the site will need to view profiles one at a time the same way it would originally get this information. It might know to check the profile if it sees a new/edited post by you, which would reduce the number of times each profile would get checked.

That wouldn't help if their trust score changes.
Your site uses the Default Trust network to calculate trust scores. If this is what you want to do, then you can have your site determine who is in the DefaultTrust network by going to https://bitcointalk.org/index.php?action=trust and collecting a list of accounts that have a number of zero or greater from an account that only had DefaultTrust in it's trust list, and the trust depth set to 2. From there, your site will only need to parse the sent trust ratings of the few hundred people who are in the DefaultTrust network. The formula to calculate a trust rating is public, so your site should be able to calculate trust ratings without having to visit everyone's profile. Although it might get confused if someone receives their first negative trust rating on the same day that they receive a positive trust rating, so in these instances, you can have your site visit the person's profile to check the ordering of the received trust ratings.

edit: formula for trust ratings --> https://bitcointalksearch.org/topic/minor-trust-score-algorithm-change-1066857
Vod
legendary
Activity: 3668
Merit: 3010
Licking my boob since 1970
In regards to profiles, the site will need to view profiles one at a time the same way it would originally get this information. It might know to check the profile if it sees a new/edited post by you, which would reduce the number of times each profile would get checked.

That wouldn't help if their trust score changes.
copper member
Activity: 2996
Merit: 2374
No, the databases are not the same. Theymos does not operate the other site. What the other site is doing is that it is constantly checking Bitcointalk for changes to any part of the site (threads, profiles, etc.) and then mirroring that exactly.

How?

I can understand how it gets new posts, but how does it know when an old post is edited?

My site (in my signature) has to rescrape the pages to get new information, and some pages I don't rescrape for months since they never change.


If you are logged in, if you read a thread, and a post in that thread subsequently gets updated, that thread will show up as being unread (but will not show up in your watchlist). Once all threads get archived/saved, the site can simply check for unread threads.

In regards to profiles, the site will need to view profiles one at a time the same way it would originally get this information. It might know to check the profile if it sees a new/edited post by you, which would reduce the number of times each profile would get checked.
Vod
legendary
Activity: 3668
Merit: 3010
Licking my boob since 1970
No, the databases are not the same. Theymos does not operate the other site. What the other site is doing is that it is constantly checking Bitcointalk for changes to any part of the site (threads, profiles, etc.) and then mirroring that exactly.

How?

I can understand how it gets new posts, but how does it know when an old post is edited?

My site (in my signature) has to rescrape the pages to get new information, and some pages I don't rescrape for months since they never change.

staff
Activity: 3458
Merit: 6793
Just writing some code
Are this forum's database is the same with that forum? If @achow101 is right, then how's that possible. If this two forum has different databases then this will not be happening but...
No, the databases are not the same. Theymos does not operate the other site. What the other site is doing is that it is constantly checking Bitcointalk for changes to any part of the site (threads, profiles, etc.) and then mirroring that exactly.
copper member
Activity: 2996
Merit: 2374
There are many of these kinds of sites, probably hundreds. Most of them are most likely trying to host advertisements without having any original content, although some of these are probably also phishing sites and it is never going to be safe entering your password onto any of these sites.
copper member
Activity: 2142
Merit: 1305
Limited in number. Limitless in potential.
I've seen different domains with the same look with bitcointalk, but this forum is different, I tried to edit one of my posts here (bitcointalk.org) and when I refresh the page from that site (bitcointalk.pw), and it got edited also? And tried to delete it then it got deleted also. Are this forum's database is the same with that forum? If @achow101 is right, then how's that possible. If this two forum has different databases then this will not be happening but...
hero member
Activity: 3024
Merit: 614
Leading Crypto Sports Betting & Casino Platform
This is definitely a phishing site,once you mistaken it to bitcointalk.org and login with your bitcointalk details,they will take over your bitcointalk account and lose it permanently,we have seen similar sites like this in financial services,so unless the admin here stated here,do not go or block this site..
staff
Activity: 3458
Merit: 6793
Just writing some code
That website, and any website which clones and mirrors Bitcointalk, is not affiliated with bitcointalk in any way whatsoever. Do not try logging in to those websites as they may be phishing sites.
legendary
Activity: 3710
Merit: 1170
www.Crypto.Games: Multiple coins, multiple games
Hope everyone is aware of the long running https://fanbitcoin.com, mirror site of bitcointalk. I guess now are getting another one.

But I remember, people were reporting about their madness on forgetting to check the URL in browser and trying to log in fanbitcoin with bitcointalk credentials. (Then they were advised to change their password immediately to secure their accounts). Having a mirror site might create unnecessary struggles some times. Need to take care accordingly.

edit: fanbitcoin is not working for me. I guess that is the reason we got another mirror services ?  
hero member
Activity: 1190
Merit: 534
DO NOT TRY TO LOGIN FROM YOUR BITCOINTALK ACCOUNT ON ANY MIRROR SITE.

No one is sure that if it's the official mirror or now so it is best to avoid taking any risk that could compromise your bitcointalk account.

However, I find this mirror useful in case if the main site is down. One can read the latest post without having to log in.

IGNORE WARNING AT YOUR OWN RISK
hero member
Activity: 518
Merit: 500
I am also curious about this one. If Bitcointalk.org is mirrored for redundancy, we should hope that the passwords are kept secure. They should also notify everyone about this, if this is not the case and if this is a attempt to spoof this forum. I hope one of the Admins will respond to this. ^hmmmmmm^

I still think this is a scam site.


Yes unfortunately I am doubt the admins are active on this forum and can explaining about their service,
well we must wait and see maybe there are people who know about this thread and know about the service
 and tell to the admins​ or to the owners of website.
legendary
Activity: 3542
Merit: 1965
Leading Crypto Sports Betting & Casino Platform
I am also curious about this one. If Bitcointalk.org is mirrored for redundancy, we should hope that the passwords are kept secure. They should also notify everyone about this, if this is not the case and if this is a attempt to spoof this forum. I hope one of the Admins will respond to this. ^hmmmmmm^

I still think this is a scam site.

hero member
Activity: 2492
Merit: 542
We are not sure with this site, Never try to login in that proxy website with your account until not confirmed by admin, I tried to create an account and got some error many times maybe its a trap or phishing site, unbelievable its almost the same as bitcointalk.org  .
legendary
Activity: 1470
Merit: 1079
Wouldn't put anything on that site before confirming it with an admin or someone on here that the site is actually run by an admin or someone along those lines with power on here. I'd highly doubt someone sophisticated enough to setup a system to auto-transfer everything from here to their is just doing it out of the kindness of their heart.

Gotta be some sort of big money involved in stealing some good juicy accounts on here with that phishing thing, if it is phishing like we think it is.

Steer clear.

Yeah it would be nice if the admin or any moderator would confirm if bitcointalk.org is anyway related to bitcointalk.pw. Like the OP mentioned it would  require some skills, good solid server and big money to not just have a simple clone, but with the same thousands and thousands of posts. I have no clue how I landed on this proxy website, but when I noticed I am not logged in, I saw the .pw extention and just left. I browsed about 10 or 15 threads until I realized it, SSL, same posts, some people might not notice it and just log in. IMO I do think it is a phishing site.

https://bitcointalksearch.org/topic/bitcointalkpw-cheap-expiring-domain-0001-start-namecheap-1331645

Freedoge.co had sold this domain to https://bitcointalksearch.org/user/sinecoin-339814 (sinecoin) who was last active on May 27, 2016

In the auction thread one of the bidders had mentioned,
Quote
if i win will donate this domain to bitcointalk.org owners
sr. member
Activity: 490
Merit: 251
Make winning bets on sports with Sportsbet.io!
Wouldn't put anything on that site before confirming it with an admin or someone on here that the site is actually run by an admin or someone along those lines with power on here. I'd highly doubt someone sophisticated enough to setup a system to auto-transfer everything from here to their is just doing it out of the kindness of their heart.

Gotta be some sort of big money involved in stealing some good juicy accounts on here with that phishing thing, if it is phishing like we think it is.

Steer clear.
hero member
Activity: 2618
Merit: 548
DGbet.fun - Crypto Sportsbook
When something gets popularity soon the copy version too gets into use. Same is the existence of bitcointalk.pw, even the scam websites have the same name with small changes from the trusted website names. We need to be careful while using those.
legendary
Activity: 1288
Merit: 1087
there was also bitcointa.lk or something which was another mirror site. it was useful for checking on old threads when the real site is down. i've no idea what the deal is with any of them. i certainly didn't log in to any.
legendary
Activity: 966
Merit: 1042
I visit that site and I see my exact post their.
Anyone tried to login their using bitcointalk.org account?
But not recommend.

Lol no do not try your password there!!!

Maybe it's just an archive basically? If you delete posts are they still on that website or are they updated in real time? That's really strange. I wonder who owns it. Anyone have the whois? I never know where to find them.
hero member
Activity: 1666
Merit: 701
interesting. I also visit it and I think it is the copy of bitcointalk.org. All posts are totally same including mod, and users. To see the thread about bitcointalk.pw, it is said that someone sells domain. Probably LTU_btc is right.
sr. member
Activity: 280
Merit: 250
🌟-=BitCAD=-🌟 New_Business_Era
I visit that site and I see my exact post their.
Anyone tried to login their using bitcointalk.org account?
But not recommend.
hero member
Activity: 1372
Merit: 647
Same here. I searched a post on google yesterday and use bitcointalk keyword. I've seen that BitCoinTalk.PW (Bitcointalk Proxy Website) too, it's my 1st time to visit that site, also never heard about it before. Seems that all post are there, same posts and usernames. However, even if that's the case, I don't trust the site and don't ever tried to log in there. Let's be extra careful.
legendary
Activity: 3234
Merit: 1375
Slava Ukraini!
Interesting. Everything is same on both websites, except domain. I never heard about Bitcointalk.pw and I don't know doest belongs to Bitcointalk.org. But I remember that few years ago I found alternative Bitcointalk forum domain (can't remember does it was bitcointalk.pw or not). Maybe it is used when bitcointalk.org goes down or avoid internet censore in some countries.
legendary
Activity: 1470
Merit: 1079
I was going through a couple of posts on bitcointalk.org and ended up on bitcointalk.pw, I was just wondering is it anyway related to bitcointalk.org? This site has the exact same layout with ditto posts.  I searched for bitcoin.pw and saw this thread,

https://bitcointalksearch.org/topic/bitcointalkpw-cheap-expiring-domain-0001-start-namecheap-1331645

https://bitcointalk.pw/index.php?topic=1331645.0
Jump to: