Be ready to break your account

#1
Today I prepared information on how to prepare for the protection of my account, which at any time can be hacked by hackers.
But the topic is so important, and not only for beginners,

So we go into

Part 1

Every BTT account is at risk of hacking, and many of them are already compromised.The only way to persuade the forum administrator is that you are the true owner of the hacked account, this is to send him a corresponding message signed from your personal BTC address published before the date of hacking. Details are listed here https://bitcointalk.org/index.php?topic=497545.0
Russian-language infa here https://bitcointalk.org/index.php?topic=2197357.0
However, from a hacked account, hackers can do anything, and the first thing that will make the one who captured your account this will change all the BTC addresses previously recorded in any of your forum messages.

How can I protect the recording of your personal BTC address on the forum?
  • Step 1: go to the "Forum Profile Information" section, enter the BTC address in the appropriate field and click "Change Profile"
  • Step 2: Go to the "Summary" subsection in the "Forum Profile Information" section and check if it shows your BTC address. If not, go to step 1
  • Step 3: copy the URL of your "Summary" section and save it somewhere. It should look like this: https://bitcointalk.org/index.php?action=profile;u=xxx..x
  • Step 4: Go to https://archive.is. This is the time capsule URL for Web.
  • Step 5: copy the URL of your "Summary" section to the "My url is alive and I want to archive its content" field and click the "save the page" button. Almost instantly, you will be redirected to a page that will display a snapshot of your "Summary" made when you click the button. This image will be marked with an unchanging date and saved in the Web archive forever.
  • Step 6: Copy the URL of this page and save it. It should look like this: https://archive.is/XX...XX .

Now your personal BTC address published on the forum before the date of hacking will be confirmed by the file. If the hacker replaces him with his own, then the time stamp of the latter will be later than yours.

P.S. an alternative to archive.is can be web.archive.org. The procedure there is similar. I would recommend using both. Through the Web archives you can protect any of your entries or messages on the forum.


Part 2

The topic was created in order to tell how to prove that the hacked account belongs to you. But now I want to give advice on how to prevent it from being hacked by 90%. At 90 because I'm not sure of the absence of other, not known to me, algorithms, which are hackers.

So let's go

  • 1st tip: very trivial, use a password with high entropy. What passwords can be found in the Internet, so I stop here.
  • 2nd tip: Go to "Account Related Settings" and put a check in "Hide email address from public?". The e-mail address linked to the forum should not be your primary address. It is better to create another address that is only used for this forum. If you participate in an ICO or bounty, get a separate mail for them other than the one that is tied to the account. The fact is that many of these ICO or bounty companies are fake, and their primary purpose is the collection of personal data.
  • 3rd tip: go to your account, go to the "Notifications and emails" subsection, there you will see 5 items ("check-box") to set a checkbox or a dawdrop according to the common. I number them here for simplicity from 1 to 5 starting from the top down. For us are important 2 and 3. Put a daw in 2 and remove from 3
  • 4th tip: every time you go to the forum before going any further, go to the "Notifications and emails" subsection of your profile and make sure that the checkboxes correspond to those that you have set. The hacker will try to uncheck the box 2 and check box 3
  • 5th tip: every time you go to the forum before going any further, go to the "Summary" subsection of your profile and make sure that the email address corresponds to the one you submitted. The hacker will try to change it.
  • 6th advice: if you went to your mail and saw in the mail box a letter sent to you from the forum, make sure that it is from the forum and does not lead to a phishing site.
  • 7th advice: after reading the letter and making sure that it is not phishing, calm down, get to the core do not answer it under any circumstances , do not click on any links leading from it.
  • 8th tip: go straight to the forum, check if your password is working, and if so, follow tips 3 and 4
  • 9th tip: if the password does not work, click on the link to recover the password, go to the mail, and follow the instructions to restore the password, but pay attention to the 6th tip
  • 10th tip: if the letter says that your password is changed, but you are sure that you did not change it, follow the 6th advice first , and then the 7th-9th advice:
  • 11th advice: if the letter says that your e-mail is changed, but you are sure that you did not change it, follow the 6-9th advice: if after that nothing follows, block the accounting using the link that will be in this letter. So what is next? Then we need to restore. Read the beginning of the post.



Disclaimer , what in Russian means reservation . The above tips appeared on the basis of an analysis of the cases of hacking described in the forum. Everyone can choose one of three options for themselves: a) consider them nonsense and forget b) analyze all the cases themselves and find their own protection algorithm or understand my logic c) believe me and follow these tips

Part 3


In the course of the discussion it became clear that despite the fact that there is a moderator theme https://bitcointalk.org/index.php?topic=2197357.0

many do not understand yet what to send to the administrator when restoring accounting. Therefore, a little razzhuyu

Remember, your private key you never need to show to anyone .

Once again, the procedure for confirming your accounting is already in steps.

  • Step 1 Create the message itself (I'll mention this for MC ) stencil:

    My account <account> has been hacked / lost. Please reset the email to <email>. The current date is <date>.

    (Instead of <account> write your ack, write your e-mail instead of <email>, put the current date instead of <date>.)
  • Step 2 In your wallet find find menu sign a message. Go there. Find your address (this is the public key ) that you inserted into your profile. I will mention it for brevity ADR )
  • Step 3 In the corresponding field, insert the MS

  • Step 4 Click to sign. The wallet will sign your message with a private key that matches your public key, that is, your address. In this case, the private key is not lit anywhere. but a hash of the signed message is created. I'll call this hash SIG
  • Step 5 Check whether everything is correct with SIG using any verifier, for example here is this
    https://blockexplorer.com/messages/verify or this https://brainwalletx.github.io/#verify
  • Step 6 Send the administrator the following: (do everything exactly)


    ----- BEGIN BITCOIN SIGNED MESSAGE -----
    MS

    ----- BEGIN SIGNATURE -----
    ADR
    SIG

    ----- END BITCOIN SIGNED MESSAGE -----
    here you specify the URL of the message with your unregistered ADR on the forum or if the attacker has changed everything, specify the URL of the archive to which you have saved your ADR

Threat, I opened another interesting topic about SMAS blacklists on the forum, of which few people know . Models have driven it to another section (which in my opinion does not correspond to it). I'm afraid that it will be lost there. A theme in between is archival for all . Who does not want to fall into this trap, look