Topic: Is there such thing as a malware that would make me automatically post? (Read 325 times)

Thank you all for helping me with this case.
It is now resolved.
I'll lock the thread now.
I archived the thread that I edited as well as the archive made by tvplus006 and the link is in the OP.

I am aware of it, my bad. I already put a two-factor authentication to it, although that doesn't guarantee security for me.


Thank you! I already wrote the captcha code as well as the link and I'll make another reset after this case was resolved. I don't want to bookmark it for security purposes.

This is another thing you have to learn: Don't use online wallets if you have alternatives, even better than online wallets.

Using online wallets to store your funds is bad idea.
Using online wallets probably reduce your ability to control your coins and privacy, or at worst you don't have any control on them.
Most of online wallets don't give you rights to have coin control features.
Abusers can bruteforce your password even when you change your old password to new one, if you don't change your captcha code (by click on Reset button). As you stated, you don't use captcha bypass code, but I think you should note it too, just in case later you decide to use it and somehow get compromised from captcha bypass code.

You can get your captcha code and reset it as soon as possible whenever your problems solved. If abusers get access to your account, there is risk that they also have access to your captcha code already.
https://bitcointalk.org/captcha_code.php

Good day.
Thank you all for keeping up with me with this case, and I really appreciate it.
I only use the BTC address(3MDZFfx9vi1beyS4BXBqvtjAAfM2ZbHCs3) and that address is within an online wallet that I use (Coins.ph) and this is the only thing I could show of ownership with my account at that wallet as well as my account here. I covered something in the upper corner, because it shows my real name.


I had Segwit Address that I created using Electrum and I used when I applied to Coinpayments Campaign back in 2018, but I no longer have access to that wallet when I nuked this Desktop Computer I currently use.

I already sent a PM, please kindly check.

Update: I was told by theymos that logging out will end all sessions. I already cleaned my computer, so I think I am good but I'll run another scan just in case.

Don't do that!

First do what Welsh said:


Clean everything then do what LoyceV said.

You don't want to sign message if you could compromise private keys. Then PM me.

Correct.

It's not the first case I've seen in which a possibly compromised account doesn't get taken by the attacker. Locking the account and recovering it makes that useless, while the attacker can try to scam/spam right under the owner's nose.

The guys from Cryptios have access to IP-data too. They might have more time for those things than theymos.

---

---

Can you sign a message from a Bitcoin address you posted a while ago, to prove you're the real owner?
Good point (in other posts): if your system is compromised, you shouldn't unlock any wallets.

Changing the password would automatically log them out of their session.



This is very much a subjective answer. If you are okay with someone logging into your account to verify this information in the first place, then you'll have to decide who you trust rather than other users recommendations. Users on DefaultTrust may be a good start as they probably are trusted more by others. Although, contacting those that left you negative trust, and showing them personally might be a good option. Although, that would require trusting them. This is up to you unfortunately.

Seems that whatever service you're using to establish that it came from Turkey doesn't recognize it as a VPN straight off the bat. This doesn't mean they used their home address though. Sometimes when searching up an IP address on the internet using whatever search engine you'd prefer you can find past information where this hacker has been caught, and there might already be investigations undertaken previously or ongoing. Usually, hackers target a wide range of users for more successful attempts, and aren't one offs.

You might want to check your outbox of your messages to see if the user has left any other evidence behind. As well as mentioning this to the admins just in case its been deleted from your account, but has still been sent to others. The admins might be able to give you all changes on the account since the alleged compromise if they deem it plausible.

When you change your password, it should automatically log you out of all other sessions.

Someone highly trusted in terms of both trust ratings and trust list inclusions. I believe Loyce previously did this for another user.

Geolocating an IP address is often unreliable. If the user connected via mobile internet, for example, then it might only be accurate as far as the country or origin.

Wait for theymos to respond to your PM, and if not, then ask Loyce to verify your IP data above.

Done.
I already changed my password. I'll send a PM to the admin. I hope he can do something about this and terminate those session, because this is merely out of my control.  I never logged in different devices other than my Laptop and Desktop.



Can you suggest someone that I can trust? I am not sure who is the right person to approach.

I never used captcha bypass when I log in. By the way, I also changed the password of my email and I added mobile number verification to it.

I'll look into where does that IP lead. I'll update the post from my findings.

I hope the feedback will be reconsidered or reviewed. I'll show what is needed, just to prove my innocence.

Update: From my findings, it just shows a random area in Turkey. Not within a company or organization. ISP is Turk Telekom. Can someone please help me with this?

Update 2 : I'll log off for now, it's kinda late here already (1am). I hope there's still a way to prove my innocence, as the post isn't really made by me. I already PM'ed theymos if he can do something about it and the users that left me negative feedback. If there's someone that could help my case, I would really appreciate it because I don't really know who is the right person to approach for this. I never worked for/to whatever that platform is, nor have any association with them. I'll keep this thread open until it is resolved. I already changed my password and the password to my email plus mobile verification (I am not sure if changing email is required, tell me if I have to). Have a great day, everyone.

If you ever suspect that your system is compromised then its probably best to follow the steps of making it safe. Whether that's reinstalling or writing 0s to the hard drive or totally nuking it instead. The forum hasn't been knowingly compromised since you registered here so unless another database leak from another website has the exact same email, and password I doubt that is the case. Depending on how you log in, if you log in using the captcha bypass link that could have potentially been compromised. However, you need to go through the process of elimination, and find out what exactly has likely been compromised, and if you're still stuck then change it all. Password certainly needs to change, but that needs to happen on a non compromised system.

If there has been an IP from turkey recently on your account, then it seems that the attacker got remote access rather than physical unless they used a VPN. You could look that IP address up on the internet to see if its connected with anything else, and what type of service it is identified as. It may well be a known VPN or might be linked with other scams on the internet separate to this forum.


These things are clear:

1. Determine cause via process of elimination
2. Take the necessary actions for a clean, and safe environment.
3. Change credentials in this clean environment (its probably a good idea to change password immediately, as well as again under a clean system)
4. Avoid whatever caused you to get compromised.

As for the feedback. Its up to the user who left the feedback to determine whether they are willing to remove it due to this proposed hacking incident.

Do it immediately without any delay, whoever came into possession of your password still has it, you don't need any more damage. I think admin is only person who can fix this, he has access to you log data, and if you always log from the same country, that IP from Turkey should be a sign that someone has actually hacked your account, though not completely credible proof that it was someone else's. I hope you can prove your innocence.

Thanks for the advice. Already moved and already changed my password.
I'll just ask it from the one that left me a feedback.

You should do that first! Also: move this to Reputation.

If you can prove someone had access to your account, you may be able to get out of your negative feedback. You could for instance ask someone trusted to confirm the login from a different IP, although that's not 100% proof.

I swear it is really sudden. I don't know how would I prove my innocence here.
I just saw my profile tagged when I refreshed my profile then I saw that it indicated that I posted something like that, so I just edited it quickly and locked the thread so that no further post could be made there.

I already PM'ed tvplus006 about this, so he/she can reconsider the feedback. It is out of my control so I didn't know that my account posted something like that.

I didn't change the password yet, because I sorted of panicked about that.

As far as I know, the only way to make a post from your account is to hack your password, or maybe if you forget to log-off and someone took the opportunity to make that post. From what I see, you still haven't changed your password which is not a smart move if we consider everything you have stated in your post.

I don't think you can easily prove your innocence in this case, maybe someone can give you better advice than me.

I live in Philippines and I saw someone logged on at Turkey. Is there a way that would make these sessions logged-out? I'll change my password as well as e-mail.

I'll update this post with screenshot.

Update:

Visit the link below. You can see your IP logs in the past 30 days.

https://bitcointalk.org/myips.php

I am not sure whether to post this in Meta or Reputation, since it just suddenly happen without my control.
Please read my feedback.
I didn't really post that whatever scheme that was.
I was thinking of that something might have triggered this.
I already edited the post and the thread title, but you can see the original post from my feedback and I'll delete it within 24 hours.
Post is in here, but I already edited it: https://bitcointalksearch.org/topic/m.53589799

PS. I never visit "Investor-based games".

Update: I also archived the threads after I locked and edited it because I am gonna delete the thread. I also insert the Archive link that tvplus006 made as reference to the feedback he wrote to me. I don't know how would this help for my case, but it can be used as a future reference or investigations.
Before: http://archive.li/sL9jY
After: http://archive.li/T3kyl