Silk Road forums
Discussion => Security => Topic started by: BPM on September 01, 2013, 10:20 pm
-
Last week, I suddenly, wasn't able to log in and it was weird because I log in on a daily basis.
After a couple of days, I opened a new account and proved to SR support that it's me, they reset my password and then, when I logged in, I noticed that my funds were withdrawn at one of the days that I couldn't log in.
I neither opened an Atlantis account with the exact same details nor logged in to a fake SR address nor downloaded any new program or plugin to TOR.
Today, I noticed that user "dirkpitt" was also a victim of this hacker.
(
http://dkn255hz262ypmii.onion/index.php?topic=209244.0
http://dkn255hz262ypmii.onion/index.php?topic=209263.0
http://dkn255hz262ypmii.onion/index.php?topic=209267.0
)
SO, I think we have a very smart professional hacker that is stealing our money.
It is a very serious Security breach and I will be glad if SR staff could investigate this issue.
If anyone has experienced such incident he is more than invited to report about it.
Peace,
BPM
-
Did you, at anytime, click another link...that resembled the REAL SR link? ~~> silkroadvb5piz3r.onion
is the REAL working link unless DPR tells us otherwise...point.... blank... and... period
How Strong is or Was your password?
Listen people...it doesn't take much to go to someones SR screen name and get their password....if it isn't secure ..... Remember this...your password should be long...with letters....numbers....and symbols...all mixed up...Comprende? I don't say these things to be a butthead...
Peace & Hugs to ya 8)
ChemCat
O0
-
lol u got pwned. BUT THANKS FOR THE HUGE SCARE WARNING TO FREAK EVERYONE OUT CAUSE UR TOO STUPID TO CHECK THE FUCKING LINK.
-
Did you make any purchases before this happened and entered your PIN?
Have you scanned your computer for malware, like key loggers?
-
You were phished, I must see a dozen people a week posting on the forums having fallen victim to a phishing scam. The only way your funds can be withdrawn is by using your PIN, most people falling for these scams at the moment have opened up accounts on Atlantis via a phishing link using the same credentials as their SR account.
If you didn't do that you should as astor said check your computer for malware, rootkits, keyloggers etc. If you have any of those on your machine you will need to do a HD format and reinstall the OS, they are nearly impossible to remove any other way.
-
@ChemCat, OK let's say that I mistakenly, logged in to a phishing, fake SR address. How could they possibly discover my PIN code to withdraw all of my funds?? It doesn't make any sense...
I admit, my password wasn't so strong nor my PIN code, but it's still doesn't explain that.
@astor and samesamebutdifferent, yes, I did purchased something with my PIN of course but what can you assume from that? and my computer is super clean and protected. I'm a programmer so I know one thing or two about computers, always with updated antivirus+firewall and I know every *.exe program that runs any second on my computer.
Also, as I said, although I opened an Atlantis account, I wasn't so stupid to use the exact same details as on SR.
@Kiwikiikii, I hope that you are right and I'm stupid and all of this is just a coincidence instead of a smart hacker attack!!! >:(
Also, I got a weird automated message from SR staff while I wasn't able to log in:
Subject : "Discussion privledges suspended"
"
Your discussion privledges have been suspended for 1000 day(s) because of the following post:
Silk Road's #1 Alternative: http://[CENSORED: scam link].onion/
Please use a polite tone and stay on topic when posting next time.
Best regards,
Silk Road staff
NOTE: This is an automated message. Replies will not be answered
"
I have no idea what this message means ?????
-
astor, samesamebutdifferent :)
Huge hugs to you two 8)
Peace & Hugs,
ChemCat
O0
-
@ BPM
Well...lets speculate that you used the same username..password and pin # on atlantis...and changed just one or two digits ..numbers or letters...it's not that hard to for them to eventually figure out what your pass..and or pin is..i mean No malice towards you when i say this...the Silk Road is our Home..those that chose and choose to stay here without going elsewhere...are our Family.....it seems as if you've strayed :(
Listen....Remember this...you should never use the same or even similar passwords and pins....sometimes times get tough around here..but for the most part...when you're family...you'll be helped....cut your losses and move on..come back home and stay here...point ...blank...&..period ;)
Peace & Hugs to ya 8)
ChemCat
O0
-
@ChemCat
I really admire your positivity +1 to you :)
You're right, we are a family.
Let's trip together, dude :D
Peace,
BPM
-
@ BPM
Thank ya :)
+1 Karma right back atcha 8)
about the middle of this month will be my monthly trippin time :p
Peace, Love, Hugs & Positive Energy comin yur way 8)
ChemCat
O0
-
I NEVER entered my PIN anywhere !
That would be crazy
I lost 2.12 bitcoins on Aug 28th
I don't understand how this could happen if I didn't let my PIN out by any means?????
I didn't :(
-
@ dirkpitt
One of several things could have happened...
A) You did use the same pass and pin somewhere else....or similar pass and pin..
B) Your mate gotcha because they know your info... (Rolls Eyes)
C) You used a " .to " site to get to the Silk Road, in which case....when ya did that, you've compromised your
own security....Point.....Blank...&...Period.
You tell us....
There are several things that You could have done wrong...i'm not saying that you've done anything....However...when these things happen....usually it's your fault...Listen...sometimes we all make mistakes..but this isn't the place to make mistakes...Change your password and pin....cut your losses and don't feel sorry for yourself....we've seen this time and time again....
Peace & Hugs to ya,
ChemCat
O0
-
What are you doing with BTC left in your account! You should rarely have a balance unless you plan on purchasing something at that exact moment. SR is not very stable and could go down at anytime. You should a permanent btc wallet that you transfer your funds to.
-
might be a good time to double-check your TorBrowser NoScript settings and make sure Allow Scripts Globally has not been accidentally turned on. it's easy to do.
-
I got an error after logging in about 2 days ago - figured it was just due to maintenance or something like that. I'm quite sure that i was on the correct domain since i have it bookmarked which would rule out a typo or clicking on a link somewhere else that resembles the SR url.
I don't keep much in my SR BTC wallet, but as far as i can tell there is nothing missing either.
So just to confirm things: has there been some problem on the real SR that caused an error message to display after trying to login? I do not recall the exact error message, but it was something pretty generic and did not mention anything about a wrong password or something wrong with my account.
-
Your discussion privledges have been suspended for 1000 day(s) because of the following post:
Silk Road's #1 Alternative: http://[CENSORED: scam link].onion/
It's a spam for the Atlantis phishing site. You entered you SR login details on the Atlantis phishing site.
Once again, when people claim they are 100% sure they didn't do something, 95% of the time they are wrong.
-
**BINGO**
:P
-
@ dirkpitt
One of several things could have happened...
A) You did use the same pass and pin somewhere else....or similar pass and pin..
B) Your mate gotcha because they know your info... (Rolls Eyes)
C) You used a " .to " site to get to the Silk Road, in which case....when ya did that, you've compromised your
own security....Point.....Blank...&...Period.
You tell us....
There are several things that You could have done wrong...i'm not saying that you've done anything....However...when these things happen....usually it's your fault...Listen...sometimes we all make mistakes..but this isn't the place to make mistakes...Change your password and pin....cut your losses and don't feel sorry for yourself....we've seen this time and time again....
Peace & Hugs to ya,
ChemCat
O0
Here are your answers
A) Nope, followed standard protocol with password and pin. Both very high security
B) My Mate, No not possible. Take my word, NO
C) SR bookmarked on TOR browser, I use that bookmark only!
I am what you call paronoid with the way I design my security.
PIN's and passwords VERY carefully used.
I got hacked, but I don't know how
You can think it was my fault, but I am sure it wasn't
DP
-
Point taken....However..at some point....there was a mistake made...possibly on your part...then again..maybe you were "Hacked"
Either way....there is no use in crying over spilt Bitcoins.....ya know? I'm sorry for your loss....
Once again....change your password and pin....
Peace & Hugs to ya,
ChemCat
O0
-
sorry but again, please check your NoScript settings. unfortunately the default settings make it really easy to accidentally click 'Allow Scripts Globally'. which could have led to a targeted exploit of some kind. this would be really useful information for the community if something on SR is the culprit.
make a routine of checking them on each start too.
-
I NEVER entered my PIN anywhere !
That would be crazy
I lost 2.12 bitcoins on Aug 28th
I don't understand how this could happen if I didn't let my PIN out by any means?????
I didn't :(
Mine were withdrawn on Aug 23th...
Your discussion privledges have been suspended for 1000 day(s) because of the following post:
Silk Road's #1 Alternative: http://[CENSORED: scam link].onion/
It's a spam for the Atlantis phishing site. You entered you SR login details on the Atlantis phishing site.
Once again, when people claim they are 100% sure they didn't do something, 95% of the time they are wrong.
I'm 100% sure that I didn't sign up to that phishing site with my SR details but never mind...
I've learned my lesson - password and PIN were super strengthened and my computer will be scanned again for any vicious programs.
Thank you very much bro's and peace to y'all,
BPM
-
sorry but again, please check your NoScript settings. unfortunately the default settings make it really easy to accidentally click 'Allow Scripts Globally'. which could have led to a targeted exploit of some kind. this would be really useful information for the community if something on SR is the culprit.
make a routine of checking them on each start too.
I've forbidden all the scripts in the NoScript settings.
Thank you.
-
Well I know I haven't been diligent on changing my password or pin, but I definitely am going to now.
-
Dirkpitt, are you still bullshitting people with the old "I got hacked " crap? you fucked up dickwad, its not possible to be hacked without your pin and password, OK do you understand? capish?
In fucking possible, so try again lying cunt, we know you're lying the question is whats the purpose? attention?
-
Dirkpitt, are you still bullshitting people with the old "I got hacked " crap? you fucked up dickwad, its not possible to be hacked without your pin and password, OK do you understand? capish?
In fucking possible, so try again lying cunt, we know you're lying the question is whats the purpose? attention?
Why do you make him feel more bad than he already feels?? Not nice :(
-
Dirkpitt, are you still bullshitting people with the old "I got hacked " crap? you fucked up dickwad, its not possible to be hacked without your pin and password, OK do you understand? capish?
In fucking possible, so try again lying cunt, we know you're lying the question is whats the purpose? attention?
One last time, I DID NOT USE MY PASSWORD / PIN anywhere else.
I lost 2.14 bitcoins, and I have no idea how?
What would be the purpose of lying???
Anyway, I figure best way to not have this happen is not to keep money on the SR.
And as far as you John The Baptist, I am glad most people here on the forum aren't like you
DirkPitt
-
Hi
I don't know anything about the OP.
I just wanted to say, I have read several of JohntheBaptits, over the couple of months he has been here, I have not read a single positive post from him, and he seems like the sort of person you don't want to know. That is putting it nicely. No need for such a nasty comment, true or not. WE don't need people like him here.
C