Pages:
Author

Topic: Escrow Partner got tricked - page 2. (Read 4984 times)

member
Activity: 70
Merit: 10
March 05, 2016, 03:23:52 PM
other then that thread for removing unverified transactions I haven't clicked any off forum links
I have been mostly just responding to PM's and waiting on BTC to return my funds
I don't do much browsing around as im to busy with my RDP business

legendary
Activity: 1120
Merit: 1000
March 05, 2016, 03:17:26 PM
just thought of one more
maybe 4-5 days ago somone joined new and used there first post to acuse me of being a scammer
linking to somone elces trust report as so called proof (a report that did not even have one referince to me on it)
every time I went to see that lionk I had to re-login
I suspected it was a fishing site so I reported the thread to a MOD and rushed off to change my pass
by the time I got that done the thread had been removed
I dono if that was a fishing URL or not
it looked real but the only time I had to login was when I clicked his link
MAYBE it was more then a fishing site  maybe it installed something that copied my pass every time I changed it
as the thread is gone I can't point you to it
this is the ONLY thing I can think of with any real chance of being the source of my problems

I have ran out of ways to blame my own security for this hack
I am not trying to blame the forum security out of pride or denial
I simply see no way that this could be my fault

You fell for it once, you don't think it's possible the second time? Hackers usually continue to target the suckers (no offense) they find.

Clear your browsing history lately? If not, might wanna take the time to go through each and every site you visited between now and then.

BTW, of course they look real. They are usually EXACT copies of the site. Only thing that's changed is the user name and password form. See here for an example: https://bitcointalksearch.org/topic/warning-about-logging-in-after-clicking-on-google-bitcointalk-link-1378303
member
Activity: 70
Merit: 10
March 05, 2016, 03:08:36 PM
ok didn't say the sites before cause I didn't want to take the time to change the pass
done that now so

A-
the Pass I used here was also used at   payoneer.com   and   advcash.com
and I completely reject the thought that either of them have come here to rip me off
so my pass was not fished as there was no where to fish it from

B-
I do have a number of privet VPS that I setup on my own servers just to get a unique IP (have several Paypal accounts)
I use these PP accounts mostly to pay for my servers so rather then put in my Data-center passwords and links manually I just copied over my FF profile
I did this before joining this forum
then a few days ago (interesting timing) 2 of my VPS's got hacked
someone was in using the built in admin (I do all my work form that account)
first one was using an RDP scanner to search for more RDP's that he could brute his way into (im assuming it was a scan of my IP ranges from SYS that found my VPS's)
since I have never told anyone about them (well gave one person permission to us the one)
in the second I found the hacker using a password scanner to copy all my passwords from firefox (nice little program he left behind)
did a scan myself and it find 205 of my passwords (I get a round a bit hehehe)
the pass I used here is among them but this sites URL isn't
so it is POSSIBLE that the hacker copied all my passwords and ran a script to test them on a bunch of sites he knows of where he could run a scam
and found a connection here
it's HIGHLY unlikely but possible
however if this happened why would he send SebastianJu a message telling him to send the BTC on to Rolobot ?
if it was Rolobot that hacked my VPS how did he learn of it ?
I consider it nearly impossible that my VPS was the leek of my pass in this case
something else has happened here

C-
just before I traded with Rolobot I had a trade with "beel123"
I set my BTC fee's to low and the payment never got confirmed
it took me 4-5 days to get him his BTC (he was really understanding)
along the way I learned that I had to get the unconfirmed transaction removed from my BTC core to get the funds back
beel123 said to look here  https://bitcointalksearch.org/topic/guide-delete-your-0unconfirmed-transactions-in-30-seconds-35214
that thread got me to download this file https://github.com/jackjack-jj/pywallet
I opened it looked at it had no idea what to do with it and went another route (altering the run properties for the BTC core)
could that file I downloaded have somehow copied my password and sent it to someone else ?
I don't think so but this is the ONLY thing I have downloaded since joining this forum

D-
SKYPE
I have talked to a few people in skype
could they somehow infect my computer threw skype
I don't think so

======================================================

I have ran out of ways to blame my own security for this hack
I am not trying to blame the forum security out of pride or denial
I simply see no way that this could be my fault
if you can think of another way please tell me, as I would love to find that I am responsible
that would mean it's something I can fix


----------------------------------------------------------------------
just thought of one more
maybe 4-5 days ago somone joined new and used there first post to acuse me of being a scammer
linking to somone elces trust report as so called proof (a report that did not even have one referince to me on it)
every time I went to see that lionk I had to re-login
I suspected it was a fishing site so I reported the thread to a MOD and rushed off to change my pass
by the time I got that done the thread had been removed
I dono if that was a fishing URL or not
it looked real but the only time I had to login was when I clicked his link
MAYBE it was more then a fishing site  maybe it installed something that copied my pass every time I changed it
as the thread is gone I can't point you to it
this is the ONLY thing I can think of with any real chance of being the source of my problems

full member
Activity: 140
Merit: 100
March 05, 2016, 11:47:57 AM
sign a message can be bypassed easly ....

Indianacoin

What signed message? You realize that most persons don't have a staked address? Then I would have to get one address at the start of the trade only for the case that the account might be compromised and the hacker did not change the pass.

You know, I can offer that but I'm pretty sure either no one will do it or it will be a huge amount of time just to teach most of them that they learn how to sign messages, what a private key is, where to get it. I already had this alot. It is a mess to explain.

Well, if you really mean we now have to distrust every account that way then man, I would not like doing escrow anymore. It costs so much time already and pays practically nothing. Many big escrows already left because of the time needed and no reward.

I wonder if you ever tried to explain someone how to sign a message.

True.
But you must keep Shorena's how to sign a message thread[1] handy from next time onwards just in case someone does not know about it.

Yeah I know escrows are a waste of time  if there is no reward for it.
It would be better if you start escrowing with a minimum fee of 0.01 BTC just as OGNasty started doing it already.
Heck I welcome every escrow providers to start at a base fee. This will be productive overall Smiley



[1] https://bitcointalksearch.org/topic/how-to-sign-a-message-990345
sr. member
Activity: 406
Merit: 252
March 05, 2016, 11:39:45 AM
Indianacoin

What signed message? You realize that most persons don't have a staked address? Then I would have to get one address at the start of the trade only for the case that the account might be compromised and the hacker did not change the pass.

You know, I can offer that but I'm pretty sure either no one will do it or it will be a huge amount of time just to teach most of them that they learn how to sign messages, what a private key is, where to get it. I already had this alot. It is a mess to explain.

Well, if you really mean we now have to distrust every account that way then man, I would not like doing escrow anymore. It costs so much time already and pays practically nothing. Many big escrows already left because of the time needed and no reward.

I wonder if you ever tried to explain someone how to sign a message.

True.
But you must keep Shorena's how to sign a message thread[1] handy from next time onwards just in case someone does not know about it.

Yeah I know escrows are a waste of time  if there is no reward for it.
It would be better if you start escrowing with a minimum fee of 0.01 BTC just as OGNasty started doing it already.
Heck I welcome every escrow providers to start at a base fee. This will be productive overall Smiley



[1] https://bitcointalksearch.org/topic/how-to-sign-a-message-990345
full member
Activity: 140
Merit: 100
March 05, 2016, 11:20:21 AM
Seb i said i dont give a fuck witch means i dont wanna waste my time on something stupid like a screanshout or a random pm transaction that can easly be faked if im a scammer.

anyways already told you my inbox was cleared for empty space .

So Seb how will u do escrow next time any new rules ?
legendary
Activity: 2674
Merit: 1083
Legendary Escrow Service - Tip Jar in Profile
March 05, 2016, 11:12:17 AM
i didnt hack you. i got a msg telling me to pay to an other pm account and i did than i got my money from escrow thats all i can say good bye .

*lol* Sounds like you have a lot ot time... now changing your story back. But still you don't want to provide proof for either of your claims.

He's trying to get as much $$$ now as possible. Easy to see that Grin

It looks like it. Though the info about how the hack happened would have been interesting. I wonder if he surely awaited that amartin99 would have paid him so much and that he would not even use an escrow for the $20. Roll Eyes

Guess that guy is a troll too. Too much time on hands while claiming to have not the time to make a screenshot of the pm transaction. Roll Eyes
legendary
Activity: 1120
Merit: 1000
March 05, 2016, 11:10:03 AM
Dude you are crazy i said i've cleared my inbox ... if you want the pm transaction id i can post it here even if its not a proof so all i can do is laugh.... cause i didn't lose anything.

i didnt hack you. i got a msg telling me to pay to an other pm account and i did than i got my money from escrow thats all i can say good bye .

*lol* Sounds like you have a lot ot time... now changing your story back. But still you don't want to provide proof for either of your claims.

Negative feedback was added for something else, either way. LOL.
full member
Activity: 140
Merit: 100
March 05, 2016, 11:09:18 AM
Dude you are crazy i said i've cleared my inbox ... if you want the pm transaction id i can post it here even if its not a proof so all i can do is laugh.... cause i didn't lose anything.

i didnt hack you. i got a msg telling me to pay to an other pm account and i did than i got my money from escrow thats all i can say good bye .

*lol* Sounds like you have a lot ot time... now changing your story back. But still you don't want to provide proof for either of your claims.
legendary
Activity: 1120
Merit: 1000
March 05, 2016, 11:07:33 AM
i didnt hack you. i got a msg telling me to pay to an other pm account and i did than i got my money from escrow thats all i can say good bye .

*lol* Sounds like you have a lot ot time... now changing your story back. But still you don't want to provide proof for either of your claims.

He's trying to get as much $$$ now as possible. Easy to see that Grin
legendary
Activity: 2674
Merit: 1083
Legendary Escrow Service - Tip Jar in Profile
March 05, 2016, 11:06:16 AM
i didnt hack you. i got a msg telling me to pay to an other pm account and i did than i got my money from escrow thats all i can say good bye .

*lol* Sounds like you have a lot ot time... now changing your story back. But still you don't want to provide proof for either of your claims.
member
Activity: 70
Merit: 10
March 05, 2016, 11:03:49 AM
I mean ran a brute force to get one users account ID/pass
One can make a login attempt every 45 sec. , from an IP. Do the maths, its very unlikely unless the hacker had an unlimited amount of IPs and your pass was weak
they setup a script to try and collect users login/pass

You yourself said you have neither installed anything on your PC , nor do you remember going on a phising site


On a related note, this might've been connected to your site hack

IP limits are useless to hackers
my site wasn't hacked  one of my VPS's where but even that should not give him access to my account here
it is not connected
neither is my site actually
if I where to GIVE someone full access to my site or my VPS I see no way that would give them access here
 even the 2 sites I used the pass at  are new to me and not used on the VPS
anyway im out of time here
legendary
Activity: 1120
Merit: 1000
March 05, 2016, 11:03:39 AM
yes brute forcing that pass would be hard
that is why I used it

but I have not logged into this forum anywhere but from home
but they are not privately owned places they are large businesses
I haven't downloaded anything
or been in contact with him outside of the forum
he has no way to know my home IP

I can't think of any access he could possible have to me other then threw the forum
anyway got to be going out now


Sounds like you're completing fucked. I would keep a close eye on ALL your accounts. Read the message above about server requests. brute forcing your account would not be profitable considering the CPU usage and time that would be required.

Just trying to help but I guess I'll stop. Again, good luck.
full member
Activity: 140
Merit: 100
March 05, 2016, 11:03:03 AM
i didnt hack you. i got a msg telling me to pay to an other pm account and i did than i got my money from escrow thats all i can say good bye .

yes brute forcing that pass would be hard
that is why I used it

but I have not logged into this forum anywhere but from home
but they are not privately owned places they are large businesses
I haven't downloaded anything
or been in contact with him outside of the forum
he has no way to know my home IP

I can't think of any access he could possible have to me other then threw the forum
anyway got to be going out now

hero member
Activity: 924
Merit: 1005
4 Mana 7/7
March 05, 2016, 11:02:21 AM
I can't think of any access he could possible have to me other then threw the forum
Sounds like you're in complete denial about it being your fault your account(s) were compromised.
FTFY
member
Activity: 70
Merit: 10
March 05, 2016, 11:00:26 AM
yes brute forcing that pass would be hard
that is why I used it

but I have not logged into this forum anywhere but from home
but they are not privately owned places they are large businesses
I haven't downloaded anything
or been in contact with him outside of the forum
he has no way to know my home IP

I can't think of any access he could possible have to me other then threw the forum
anyway got to be going out now
hero member
Activity: 924
Merit: 1005
4 Mana 7/7
March 05, 2016, 10:57:09 AM
I mean ran a brute force to get one users account ID/pass
One can make a login attempt every 45 sec. , from an IP. Do the maths, its very unlikely unless the hacker had an unlimited amount of IPs and your pass was weak
they setup a script to try and collect users login/pass

You yourself said you have neither installed anything on your PC , nor do you remember going on a phising site


On a related note, this might've been connected to your site hack
full member
Activity: 140
Merit: 100
March 05, 2016, 10:53:30 AM
amartin99 look boy i hacked your site and your pc i can proof it .... these are my last words how much do you offer before the next TD ?
legendary
Activity: 1120
Merit: 1000
March 05, 2016, 10:51:49 AM
honistly I think you hacked the forum not me

and no im not paying $100
$20 maybe as I do like to learn loosely how things are done
not to the technical side of reproducing it
but just to have an idea of where the risks are



I'm almost 100% sure you were hacked. Why would someone hack the forum and target you? Makes no sense. Sounds like you're in denial about it being your fault your account(s) were compromised. I really hope you figure out what happened soon and this doesn't repeat itself here and elsewhere again and again.

Good luck man.

EDIT:
Just seen your last reply. Brute forcing the password you claimed would be EXTREMELY hard to do, almost impossible without taking quite some time.

I hope you're taking this serious before other accounts are compromised too.

As for the fool trying to get you to pay, don't. Not even $20. How the fuck can you believe anything that guy says? How do you know he still doesn't have access to your account even though you changed your password?
member
Activity: 70
Merit: 10
March 05, 2016, 10:50:11 AM
honistly I think you hacked the forum not me

and no im not paying $100
$20 maybe as I do like to learn loosely how things are done
not to the technical side of reproducing it
but just to have an idea of where the risks are



1.  You're seriously going to give MORE money to the asshole that supposedly scammed you?
2.  He didn't "hack the forum" - Your account was likely compromised.  Had they hacked the forum itself, I'm sure they'd have found better use of this access than to go after a newb member for $270.
3.  ...I got nothing other than to say if you do this, you're an idiot, and I won't feel the least bit of sympathy when they screw you over a second time.
I said it would be worth $20 to me
didn't say I would trust him enough to actually pay it

and I don't mean hacked the hole forum
I mean ran a brute force to get one users account ID/pass
I have seen it before
they setup a script to try and collect users login/pass
I had a lot of trouble with people doing it on my site a year ago
WHMCS isn't setup to block such an attack
I dono about the forum as it's a dif system
but we had to make some changes to our site to block it
Pages:
Jump to: