Topic: Hijacking of bitcointalk accounts and precautions (Read 105 times)
Surely, OP deserves some Merit for making such a constructive post. That Merit system is seriously flawed, what with scamsters 'meriting' each other, and genuine posters forced to go 'dry'.
Useful safety information for brothers from faraway India. Due to the lack of a highly specialized topic on the theft of bitcointalk accounts and preventive measures, I decided to raise this issue.
Please write in this topic:
-Personal experience of the loss of Akka (like you stole it(hacked), the schema to be able to understand that the case "reeks of kerosene" and time to take action).
-What steps taken to combat hacking (security tips that work)?
-How did you manage to outwit the scammer ?
----------------- Safety tips----------------------
PASSWORDS
(rules for passwords of the mail accounts... useful everywhere)
1) For your account, mail ... come up with a complex password (lat.letters in different case and numbers) more than 20 characters, for example: hBpE2Pms756j3kfe9w2hm6nf (please note the restrictions on the length and character restrictions for passwords of site and database engines).
2) the Password should not be a part of any old password (from the beginning to the end, it should be new).
3) the Password should be meaningless, i.e. there should not be words and words with substitution of symbols (for example: bitc0inP@rol)
4) do Not use password, your date of birth and phone number.
5) do Not use invented the password/login accounts on other sites (though each site will have its own unique password).
6) Sometimes, change the password to a new one(don't be lazy
).
7) don't share your passwords with strangers.
Try not to make mistakes when entering passwords on websites, i.e. do not confuse passwords (for example, instead of the necessary entered your password from mail), they can be collected for further hacking. Be careful.
9) For large and complex passwords, use the clipboard to enter, do not torture yourself
MAIL
(your mailbox)
1) be sure to use two-factor authentication on your mail.
- For example, you register in the mail the number of your cell and each time you log in, you receive an SMS with an additional code to log in. Without it will not be included. Or create one-time passwords and use them as an additional security feature.
2) Do not enter your main e-mail address, where available (registration on questionable resources, subscription to the mailing list), use a different e-mail for this.
3) use a new mailing address for each project.
4) do not poke all the links in a row in the incoming letters, with the help of these links fraudster can:
- Calculate your real IP and make an attack.
- Upload a malicious program to your machine.
5) Be very careful when you run attachments in emails, running an ordinary document can contain a macro which will download and install a virus or Trojan horse. Now these emails are well disguised as the state. authorities or your friends. And investments, under accounts, payment cards, requisites, judicial documents, photos, contracts, etc.
6) in the settings of the mail client should disable viewing of messages (message body) in the form of HTML pages, and enable plain text. (Protection against cross-site scripting).
7) Beware of email phishing is when you send letters on behalf of the mail provider, from online stores, but from any known to you sites, services, banks, this forum and ask to change the password, or send them confidential information. You go to the sent link, get a copy of the site (fake), enter the password.... dramatic pause ... and you're freaking out about the consequences after a while.
Keep your mail clean. Delete emails with sensitive / confidential data by saving them somewhere. In the event of a break-in, nothing of value will be stored there.
CREDENTIAL STORAGE
(your logins and passwords, secret keys, certificates ...)
1) if you store information in text files:
- Backup them (reserve).
Store it in a password-protected archive (it will give "some" protection against theft).
-If the computer is shared, use an external drive for your files.
2) you can also use flash drives with encryption (not to be confused with the sealed flash drives in Windows).
3) there are programs for storing passwords, for example: KeePass Password Safe (there is a portable version that works without installation). Keeps everything encrypted and password protected. Or a similar program KeePassX . They also have reliable password generators, which are suitable not only for their creation, but also to understand what passwords should be.
ACCOUNTS
(bitcointalk, mail, and any other)
0) CAREFULLY, very carefully look at the address bar of the site in the browser before you enter your login and password. The site can only be a fake copy to retrieve your credentials. This is also phishing, but with the help of search engines. For example, introduced at Google (forgive me, Yandex) name for your site. You have it flashed, the first line you click on it and hit. But as a "HIT" depends on you. The site can be a copy. Find out it is possible only eagerly peering into the address bar and checking everything to bukovki, for greater certainty can also check the certificate of the site, in the same place in the line. Now, if the address differs from the original, then it's a fake.
Save your links to your sites in advance so you don't have to search for them again and again. Keep tabs in your browser.
1) this forum can also be used phishing links (in posts, topics, signatures, personal messages), so be careful, I doubt - do not poke
Or make a special service, see further in the text.
2) When you're finished with the forum post ... be sure to click on LOGOUT (exit) to delete your current Cookies, it will make it difficult to steal them.
3) Attention! In advance, tie your account to the bitcoin wallet, it will be easier to restore (or rather, without binding, it may not be possible to restore).
- Step 1
Fill out your profile.
Go to his forum profile by clicking "PROFILE".
In it, click " Forum Profile information "and in the line" Bitcoin address: "enter your bitcoin wallet.
(If want, you can add its might in signature:")
Save your changes and check by clicking on "Summary". Your wallet address should be displayed.
If you send the address of your bitcoin wallet to someone through personal messages (MY MESSAGES), it will also remain and will be an additional confirmation. You can send me a message.:
Code:
My (robotics_industrial) BTC wallet : 1rkqygy5er8aypzsaefqjjtdazsjsf9tx << forum nickname and address of your wallet.
Do not lose access to this wallet in the future, it is necessary for evidence.
Even if it will change after the hacking, it can be seen using the Wayback Machine https://web.archive.org incorporating the link (in this machine you can take a snapshot of your forum profile in advance, when make all of the required data).
- Step 2
Sign the message with your bitcoin wallet to prove you own it.
This requires an offline wallet bitcoin core (sways away https://bitcoin.org/ru/download).
. Go to wallet "bitcoin core" in menu "File" select "Sign message...".
b. There are three lines. In the first line insert your BTC address (or select it from the previously used). Wallet from profile!!!
W. in second string write, roughly such message with its forumnym down and date: Hi, I am "name of profile" on bitcointalk.org " date month year in words"
g. Click on "Sign Message" and with "Signed" copy all the resulting.
*If you have another bitcoin wallet, run to the theme " How to sign a message?!"https://bitcointalksearch.org/topic/how-to-sign-a-message-990345 and search for the manual on how to sign messages to other wallets. It is extremely necessary to use only those wallets that can sign the message (according to the latest data, the cryptographer can not do this).
- Step 3
Protect your account.
Go to the topic "Stake your Bitcoin address here": https://bitcointalksearch.org/topic/stake-your-bitcoin-address-here-996318 and share the message with your data to get your message might cite the other party in case of hacking of your account (protection against substitution of the purse, and messages). And do not forget to quote the message of the previous author, sometimes you need to check their data using the service https://brainwalletx.github.io/#verify (old coinig.com already not works). . Examples there a lot, you will understand.
Example, your message (copy the lines from your wallet after signing the message, do not change anything there and write to the tags "code"!):
------------------------------------------------------------------------------------------------------------------------------
Code:
------ BEGIN BITCOIN SIGNED MESSAGE-------
Hi, I am robotics_industrial on bitcointalk.org 17 January 2018 <<<<<< your signed message
------ BEGIN SIGNATURE-------
1rKqYGY5Er8AYPzsAeFQJjtDaZsjsf9tx <<<<<< your wallet
H54pZXlU34bRGHd9XVdGBCRNNNy7BhiBswgqfa55jpycjttyqu6lyo63sigmyj5djmulh6tgb4x2ys2 opiziixc= <<<<<< Signature generated by your wallet
------ END BITCOIN SIGNED MESSAGE--------
Please verify and quote, thank you!
------------------------------------------------------------------------------------------------------------------------------
Here is in such form and publish their data, the next a participant should their test on https://brainwalletx.github.io/#verify and quote assuring "Quoted and verified with ", just do it and you with the previous participant themes NECESSARILY!
- Step 4
Is this information useful to you? Merit+
source link: https://bitcointalksearch.org/topic/bitcointalk-2714740
Please write in this topic:
-Personal experience of the loss of Akka (like you stole it(hacked), the schema to be able to understand that the case "reeks of kerosene" and time to take action).
-What steps taken to combat hacking (security tips that work)?
-How did you manage to outwit the scammer ?
----------------- Safety tips----------------------
PASSWORDS
(rules for passwords of the mail accounts... useful everywhere)
1) For your account, mail ... come up with a complex password (lat.letters in different case and numbers) more than 20 characters, for example: hBpE2Pms756j3kfe9w2hm6nf (please note the restrictions on the length and character restrictions for passwords of site and database engines).
2) the Password should not be a part of any old password (from the beginning to the end, it should be new).
3) the Password should be meaningless, i.e. there should not be words and words with substitution of symbols (for example: bitc0inP@rol)
4) do Not use password, your date of birth and phone number.
5) do Not use invented the password/login accounts on other sites (though each site will have its own unique password).
6) Sometimes, change the password to a new one(don't be lazy
).7) don't share your passwords with strangers.
Try not to make mistakes when entering passwords on websites, i.e. do not confuse passwords (for example, instead of the necessary entered your password from mail), they can be collected for further hacking. Be careful.9) For large and complex passwords, use the clipboard to enter, do not torture yourself
(your mailbox)
1) be sure to use two-factor authentication on your mail.
- For example, you register in the mail the number of your cell and each time you log in, you receive an SMS with an additional code to log in. Without it will not be included. Or create one-time passwords and use them as an additional security feature.
2) Do not enter your main e-mail address, where available (registration on questionable resources, subscription to the mailing list), use a different e-mail for this.
3) use a new mailing address for each project.
4) do not poke all the links in a row in the incoming letters, with the help of these links fraudster can:
- Calculate your real IP and make an attack.
- Upload a malicious program to your machine.
5) Be very careful when you run attachments in emails, running an ordinary document can contain a macro which will download and install a virus or Trojan horse. Now these emails are well disguised as the state. authorities or your friends. And investments, under accounts, payment cards, requisites, judicial documents, photos, contracts, etc.
6) in the settings of the mail client should disable viewing of messages (message body) in the form of HTML pages, and enable plain text. (Protection against cross-site scripting).
7) Beware of email phishing is when you send letters on behalf of the mail provider, from online stores, but from any known to you sites, services, banks, this forum and ask to change the password, or send them confidential information. You go to the sent link, get a copy of the site (fake), enter the password.... dramatic pause ... and you're freaking out about the consequences after a while.
Keep your mail clean. Delete emails with sensitive / confidential data by saving them somewhere. In the event of a break-in, nothing of value will be stored there.CREDENTIAL STORAGE
(your logins and passwords, secret keys, certificates ...)
1) if you store information in text files:
- Backup them (reserve).
Store it in a password-protected archive (it will give "some" protection against theft).
-If the computer is shared, use an external drive for your files.
2) you can also use flash drives with encryption (not to be confused with the sealed flash drives in Windows).
3) there are programs for storing passwords, for example: KeePass Password Safe (there is a portable version that works without installation). Keeps everything encrypted and password protected. Or a similar program KeePassX . They also have reliable password generators, which are suitable not only for their creation, but also to understand what passwords should be.
ACCOUNTS
(bitcointalk, mail, and any other)
0) CAREFULLY, very carefully look at the address bar of the site in the browser before you enter your login and password. The site can only be a fake copy to retrieve your credentials. This is also phishing, but with the help of search engines. For example, introduced at Google (forgive me, Yandex) name for your site. You have it flashed, the first line you click on it and hit. But as a "HIT" depends on you. The site can be a copy. Find out it is possible only eagerly peering into the address bar and checking everything to bukovki, for greater certainty can also check the certificate of the site, in the same place in the line. Now, if the address differs from the original, then it's a fake.
Save your links to your sites in advance so you don't have to search for them again and again. Keep tabs in your browser.
1) this forum can also be used phishing links (in posts, topics, signatures, personal messages), so be careful, I doubt - do not poke
Or make a special service, see further in the text.2) When you're finished with the forum post ... be sure to click on LOGOUT (exit) to delete your current Cookies, it will make it difficult to steal them.
3) Attention! In advance, tie your account to the bitcoin wallet, it will be easier to restore (or rather, without binding, it may not be possible to restore).
- Step 1
Fill out your profile.
Go to his forum profile by clicking "PROFILE".
In it, click " Forum Profile information "and in the line" Bitcoin address: "enter your bitcoin wallet.
(If want, you can add its might in signature:")
Save your changes and check by clicking on "Summary". Your wallet address should be displayed.
If you send the address of your bitcoin wallet to someone through personal messages (MY MESSAGES), it will also remain and will be an additional confirmation. You can send me a message.:
Code:
My (robotics_industrial) BTC wallet : 1rkqygy5er8aypzsaefqjjtdazsjsf9tx << forum nickname and address of your wallet.
Do not lose access to this wallet in the future, it is necessary for evidence.
Even if it will change after the hacking, it can be seen using the Wayback Machine https://web.archive.org incorporating the link (in this machine you can take a snapshot of your forum profile in advance, when make all of the required data).
- Step 2
Sign the message with your bitcoin wallet to prove you own it.
This requires an offline wallet bitcoin core (sways away https://bitcoin.org/ru/download).
. Go to wallet "bitcoin core" in menu "File" select "Sign message...".
b. There are three lines. In the first line insert your BTC address (or select it from the previously used). Wallet from profile!!!
W. in second string write, roughly such message with its forumnym down and date: Hi, I am "name of profile" on bitcointalk.org " date month year in words"
g. Click on "Sign Message" and with "Signed" copy all the resulting.
*If you have another bitcoin wallet, run to the theme " How to sign a message?!"https://bitcointalksearch.org/topic/how-to-sign-a-message-990345 and search for the manual on how to sign messages to other wallets. It is extremely necessary to use only those wallets that can sign the message (according to the latest data, the cryptographer can not do this).
- Step 3
Protect your account.
Go to the topic "Stake your Bitcoin address here": https://bitcointalksearch.org/topic/stake-your-bitcoin-address-here-996318 and share the message with your data to get your message might cite the other party in case of hacking of your account (protection against substitution of the purse, and messages). And do not forget to quote the message of the previous author, sometimes you need to check their data using the service https://brainwalletx.github.io/#verify (old coinig.com already not works). . Examples there a lot, you will understand.
Example, your message (copy the lines from your wallet after signing the message, do not change anything there and write to the tags "code"!):
------------------------------------------------------------------------------------------------------------------------------
Code:
------ BEGIN BITCOIN SIGNED MESSAGE-------
Hi, I am robotics_industrial on bitcointalk.org 17 January 2018 <<<<<< your signed message
------ BEGIN SIGNATURE-------
1rKqYGY5Er8AYPzsAeFQJjtDaZsjsf9tx <<<<<< your wallet
H54pZXlU34bRGHd9XVdGBCRNNNy7BhiBswgqfa55jpycjttyqu6lyo63sigmyj5djmulh6tgb4x2ys2 opiziixc= <<<<<< Signature generated by your wallet
------ END BITCOIN SIGNED MESSAGE--------
Please verify and quote, thank you!
------------------------------------------------------------------------------------------------------------------------------
Here is in such form and publish their data, the next a participant should their test on https://brainwalletx.github.io/#verify and quote assuring "Quoted and verified with ", just do it and you with the previous participant themes NECESSARILY!
- Step 4
Is this information useful to you? Merit+
source link: https://bitcointalksearch.org/topic/bitcointalk-2714740
Jump to: