Pages:
Author

Topic: Create an option to get an e-mail notification someone logs in (Read 1130 times)

legendary
Activity: 1484
Merit: 1491
I forgot more than you will ever know.
2FA can be and has been breached before.

Accessing iplogs IS a security feature as long as it is private to the user only.

So is a notification when a log in happens.

Both features exist on most secured websites like exchanges. I don't see how this would weaken the security of your forum account.
sr. member
Activity: 742
Merit: 395
I am alive but in hibernation.
I am not liking the idea of ip log that is getting shared. The best way is 2FA and we are creating another complex solution that is not going to solve the problem.

What if , if hacker is also in same city?
hero member
Activity: 658
Merit: 851
Maybe just have a visible statistics of sent messages per day/week/month instead of notifications, like
Messages sent today 0.  I don't know where it could be placed but should be on a easy-to-spot place.

I like this idea as well, not sure if it's doable though.
legendary
Activity: 1484
Merit: 1491
I forgot more than you will ever know.
As I proposed a few days ago in the thread mentioned in OP by bones, the smartest way to implement this would be sending an email either

  • Connection from a new ip, which you need to validate in the email
  • Or, connection from a different geographical region, which you could also validate through a link sent to you

Of course this would have to be an opt in option since some people might have used dispensable email accounts to create their account here.

However maybe this could be enforced and encourage people to change their email address to one they actually have access to.
hero member
Activity: 658
Merit: 851
Hi everyone,

As you can imagine, I've been very busy the last three days trying to figure this thing out and improving my security here.
For those who don't know, I'm the OP of the thread that led to all this.

If I had any idea how I got hacked, I would share it, really. I haven't kept anything to myself in the other thread.
I was told hacking from a public wifi wasn't easy to do. I honestly don't know if it is or not. I don't know what can be done and how.

It seems that only my account here was compromised. Other accounts (bank, emails, wallets, exchanges...) seem ok.
That reinforces the idea that I was targeted because of my rep here.
So maybe, it comes from a phishing link or a malware that I would have downloaded here ? Even though I don't see myself doing it, I might have clicked the wrong thing, honestly I don't know.  Huh

I've been using my wife's laptop for the past three days and I formatted my PC. The last IP logs (thank you Theymos for that) match so it looks safe . I'll definitely check on those very often.

I'm just a regular guy, definitely no tech expert. I apply basic recommendations, never thought this could happen to me and yet it did. I don't think anyone can say they're 100% safe.

These are my last IP logs. The ones in France match. Maybe you guys should check your own logs to see if any of those IPs shows up in them.

legendary
Activity: 2310
Merit: 2073
~snip~

I'm sorry. I understand that this is done for personal monitoring of IP addresses. I probably made a mistake because I still don't speak English well. I meant that if a hacker gets access to the account, he will be able to find out the IP address belonging to the owner of the account.

member
Activity: 291
Merit: 20
I love my wife and my little girl
I think that this innovation (https://bitcointalk.org/myips.php) can create an anonymous threat to users who do not use all sorts of anonymizers (using a static IP address). For example if a hacker were to gain access to a user account they could be restored by a signed message but the anonymity of the user would be compromised. In my opinion this is a call to use VPN services. Am I right?
How do hackers sign a message? Can you explain more about it, please. In my opinion, if real owners already signed a message previously before their accounts hacked. When they want to get accounts back, they have to sign another message with the same address. Hackers mostly can not have access to address used to sign message before. Personally, I think IPs show in that page only help users to discover strange IPs in their accounts' IP list, then if needed, they can change passwords of their accounts to have better security. It is just a preventive protectioin for users.
If accounts really hacked, real users can get their accounts back if they can show good proofs required in recovery process.
legendary
Activity: 2310
Merit: 2073
I think that this innovation (https://bitcointalk.org/myips.php) can create an anonymous threat to users who do not use all sorts of anonymizers (using a static IP address). For example if a hacker were to gain access to a user account they could be restored by a signed message but the anonymity of the user would be compromised. In my opinion this is a call to use VPN services. Am I right?
hero member
Activity: 1246
Merit: 588
Quote from: fillippone link=topic=5150936.msg51368311#msg51368311
The log looks suspicious,
I have been logging from various locations, but some are definitely out of my recognised range.
Country is the same, but very strange IP locations popping out here and there.
I am going to change my password anyway.
This is the minimum required action.
But anyway this log need some double checking.


That is because of your service provider. I am not so sure if that is because they are using the Ip from the towers you are at.

Just like in the philippines the service provider just really sucks. You might even get similar IP from other people who uses the same service.

As long as you can recognize the date youve log in. I think thats just fine
legendary
Activity: 2268
Merit: 18771
I have been logging from various locations, but some are definitely out of my recognised range.
Country is the same, but very strange IP locations popping out here and there.
If you browse on mobile, your IP assigned to you by your carrier can frequently change, and may not always be geographically accurate. The best way to check is to see what your IP is on your mobile, and check it directly against your logs.

As someone who always connects via a VPN, I'll need to build a small database of all the VPN servers I use and their public IPs, and then cross reference that against my logs periodically to be completely sure, but there's nothing I can see at the moment that stands out at me.
legendary
Activity: 2632
Merit: 1094
It's tricky to get email notifications right so that they're not too spammy. Maybe later.

For now, I added this page where you can see your IP logs for the past 30 days: https://bitcointalk.org/myips.php . You could pretty easily write a userscript to periodically check this and warn you if it's weird. (But don't scrape it on every pageload.)

I don't want to make older IP logs automatically accessible because that'd give a hacker a bunch of useful/sensitive information. But 30 days is probably not too harmful.

I can see my log now but it's mainly Unknown city and unknown country and plus today my logs don't show an IP address at all.
legendary
Activity: 2380
Merit: 17063
Fully fledged Merit Cycler - Golden Feather 22-23
It's tricky to get email notifications right so that they're not too spammy. Maybe later.

For now, I added this page where you can see your IP logs for the past 30 days: https://bitcointalk.org/myips.php . You could pretty easily write a userscript to periodically check this and warn you if it's weird. (But don't scrape it on every pageload.)

I don't want to make older IP logs automatically accessible because that'd give a hacker a bunch of useful/sensitive information. But 30 days is probably not too harmful.

The log looks suspicious,
I have been logging from various locations, but some are definitely out of my recognised range.
Country is the same, but very strange IP locations popping out here and there.
I am going to change my password anyway.
This is the minimum required action.
But anyway this log need some double checking.
full member
Activity: 462
Merit: 155
This could be useful for the current forum but once the forum switches to the new software, hopefully with a 2FA option, it would no longer be needed.
Theymos stepped in and did hard for forum users. The switch from bitcointalk.org to Epochtalk might be a huge migration (or hugest) in history of crypto forums. Mainly because bitcointalk.org is the biggest and unique crypto forum, for years. I don't know which set of security methods for accounts will be applied in the new forum with 2-factor authentication, but I guess there are three methods: emails, signed message, and 2FA. It will be likely a tripple security method, that is hard for hackers to steal accounts.
legendary
Activity: 2730
Merit: 7065
Can't the hacker delete the sent PMs from the user's account? When they can send PMs without the knowledge of the user, they can easily delete their own sent PMs as well as we can do now manually.

At the moment they could but in the 2nd part of his post CryptopreneurBrainboss says:
How about the option of making the "save a copy to my outbox" a default setting that can't be changed and message saved in outbox can only be deleted after certain number of days like 30 days period.
This could be useful for the current forum but once the forum switches to the new software, hopefully with a 2FA option, it would no longer be needed.
full member
Activity: 924
Merit: 221
OP suggested like a 2 way factor authentication and yes it does sound good to use email rather than a smart phone with its number. A smartphone has disadvantage that whenever it will be stolen the the two way factor will be not be activated and it is the same as like you are also will not be able to access your btc precious account.
administrator
Activity: 5222
Merit: 13032
It's tricky to get email notifications right so that they're not too spammy. Maybe later.

For now, I added this page where you can see your IP logs for the past 30 days: https://bitcointalk.org/myips.php . You could pretty easily write a userscript to periodically check this and warn you if it's weird. (But don't scrape it on every pageload.)

I don't want to make older IP logs automatically accessible because that'd give a hacker a bunch of useful/sensitive information. But 30 days is probably not too harmful.
legendary
Activity: 1988
Merit: 1317
Get your game girl
WiFi MITM attack isn't that simple IMO. To extract a password from an HTTPS session you'd need to fool the user into accepting a fake cert, or plant a fake CA.
Depends on the type of authentication method used. You can extract session token/JWT's from request headers but again installing the fake cert on your own system and making sure the system accepts it is a very difficult task. Basically, your system will be already compromised if the MITM managed to install a fake cert on the system.
legendary
Activity: 1806
Merit: 1828
They can't hold your hand, account security falls on you.  No one to blame but yourself.

     First of all, let's get something straight. When an account gets hacked, the main blame goes to the hacker. It's not like hackers are some wild predatory animals that just can't control their instincts. I'm not suggesting that Bitcointalk holds people's hands. I'm just suggesting an additional tool for users to implement.
jr. member
Activity: 49
Merit: 2
They can't hold your hand, account security falls on you.  No one to blame but yourself.
legendary
Activity: 3654
Merit: 8909
https://bpip.org
~

Or a keylogger, or an XSS exploit to grab the cookie, or his password was password123, or a salty ex-girlfriend/boyfriend tried to screw him over...

WiFi MITM attack isn't that simple IMO. To extract a password from an HTTPS session you'd need to fool the user into accepting a fake cert, or plant a fake CA.
Pages:
Jump to: