ok didn't say the sites before cause I didn't want to take the time to change the pass
done that now so
A-
the Pass I used here was also used at payoneer.com and advcash.com
and I completely reject the thought that either of them have come here to rip me off
so my pass was not fished as there was no where to fish it from
B-
I do have a number of privet VPS that I setup on my own servers just to get a unique IP (have several Paypal accounts)
I use these PP accounts mostly to pay for my servers so rather then put in my Data-center passwords and links manually I just copied over my FF profile
I did this before joining this forum
then a few days ago (interesting timing) 2 of my VPS's got hacked
someone was in using the built in admin (I do all my work form that account)
first one was using an RDP scanner to search for more RDP's that he could brute his way into (im assuming it was a scan of my IP ranges from SYS that found my VPS's)
since I have never told anyone about them (well gave one person permission to us the one)
in the second I found the hacker using a password scanner to copy all my passwords from firefox (nice little program he left behind)
did a scan myself and it find 205 of my passwords (I get a round a bit hehehe)
the pass I used here is among them but this sites URL isn't
so it is POSSIBLE that the hacker copied all my passwords and ran a script to test them on a bunch of sites he knows of where he could run a scam
and found a connection here
it's HIGHLY unlikely but possible
however if this happened why would he send SebastianJu a message telling him to send the BTC on to Rolobot ?
if it was Rolobot that hacked my VPS how did he learn of it ?
I consider it nearly impossible that my VPS was the leek of my pass in this case
something else has happened here
C-
just before I traded with Rolobot I had a trade with "beel123"
I set my BTC fee's to low and the payment never got confirmed
it took me 4-5 days to get him his BTC (he was really understanding)
along the way I learned that I had to get the unconfirmed transaction removed from my BTC core to get the funds back
beel123 said to look here
https://bitcointalksearch.org/topic/guide-delete-your-0unconfirmed-transactions-in-30-seconds-35214that thread got me to download this file
https://github.com/jackjack-jj/pywalletI opened it looked at it had no idea what to do with it and went another route (altering the run properties for the BTC core)
could that file I downloaded have somehow copied my password and sent it to someone else ?
I don't think so but this is the ONLY thing I have downloaded since joining this forum
D-
SKYPE
I have talked to a few people in skype
could they somehow infect my computer threw skype
I don't think so
======================================================
I have ran out of ways to blame my own security for this hack
I am not trying to blame the forum security out of pride or denial
I simply see no way that this could be my fault
if you can think of another way please tell me, as I would love to find that I am responsible
that would mean it's something I can fix
----------------------------------------------------------------------
just thought of one more
maybe 4-5 days ago somone joined new and used there first post to acuse me of being a scammer
linking to somone elces trust report as so called proof (a report that did not even have one referince to me on it)
every time I went to see that lionk I had to re-login
I suspected it was a fishing site so I reported the thread to a MOD and rushed off to change my pass
by the time I got that done the thread had been removed
I dono if that was a fishing URL or not
it looked real but the only time I had to login was when I clicked his link
MAYBE it was more then a fishing site maybe it installed something that copied my pass every time I changed it
as the thread is gone I can't point you to it
this is the ONLY thing I can think of with any real chance of being the source of my problems