26
submitted 4 months ago* (last edited 4 months ago) by TrocadorApp@monero.town to c/monero@monero.town

Hey community, we are publishing this post to let users know beforehand that there are scammers running fake clones of our service. Do not access any website that claims to be us, but is not one of our main addresses.

Correct addresses:

  • trocador.app

  • trocadorfyhlu27aefre5u7zri66gudtzdyelymftvr4yjwcxhfaqsid.onion

Fake websites:

  • troccador, troccadoor, trocadoor (any other typo)

  • trocadupz35kdyzgqpadqor4jk7u4lmbo2(...).onion

Right now our services are suffering non-stop DDoS attacks for the last three weeks, and they are using ToR exit nodes to conduct such attack (both through clear net and onion). For this reason we had to turn off our Onion link, as we are working into pushing changes to mitigate the attack. There's a chance that these fake websites might be related to the attack, they might be trying to lure users into their fake clones, so it is important to Bookmark the correct website. Stay safe! Our team is small, but we are working into going back to normal.--

you are viewing a single comment's thread
view the rest of the comments
[-] Scolding0513@sh.itjust.works 10 points 4 months ago

thank you so much for staying publicly communicative

it's weird that they are able to ddos an onion. i thought tor had pow mitigations? but this is good learning for TOR to better mitigate ddos i guess

i honestly think this is a fed or similar attack. trocador is a great service and they want people to not have anonymity or freedom.

stay strong team.

[-] Krugtron9000@monero.town 3 points 4 months ago* (last edited 4 months ago)

it’s weird that they are able to ddos an onion. i thought tor had pow mitigations?

I want to know about this too. Why didn't you use HiddenServicePoWDefensesEnabled?

[-] TrocadorApp@monero.town 2 points 4 months ago

We have not yet implemented PoW, as our team is small and we are trying to mitigate the attack on clearnet first, since most users come from there. But yes, some nice people already suggested this, and we'll look into it this week.

[-] hfondmanager@monero.town 1 points 4 months ago* (last edited 4 months ago)

This doesn’t add up:

nobody else noticed the inconsistencies?! They are running a business, they need to comply. And now playing stupid! Getting free ads with FUD. This doesn’t add up, indeed.

Edit: It does make a great deal of sense, however, if you think the big bros (not troc) are trying to sell "Cybersecurity". Before they start selling, they create the need first. It works the same way every time: they sell you wars, peace, vaccines, security, privacy, co2 certs or even your own slavery. What to us looks like false flags


to them its all good business practice.

[-] TrocadorApp@monero.town 1 points 4 months ago* (last edited 4 months ago)

We are just updating the community to let people know that services are disrupted right now, not working 100%. We need to be open about this otherwise users will complain asking why we did this or that, so we are just being transparent. We also need to let users know there are fake websites running because we have already seen some users lose money to these scams, so this is quite important. About what you also said, yes, many other onion websites are suffering attacks as well. I believe eXch was suffering DDoS too, among others.

[-] hfondmanager@monero.town 1 points 4 months ago

I respect that. But I am also around long enough: Flooding attacks never lasted long in the past and did not cause permanent disruption. Iet's not call it hacking, its plain old overloading. After 3-5 days its over usually and admins learnt a lot in that time. (Run a stressnet node!)

And BTW trocador.app is loading as fast as ever here. All the best, your customers just need patience.

[-] TrocadorApp@monero.town 1 points 4 months ago

Thanks! Yes, we are improving our firewall rules and this week we expect everything to be running smooth again.

[-] Scolding0513@sh.itjust.works 1 points 4 months ago

Also look into PoW captchas as well, in case it helps :)

https://mcaptcha.org/

[-] TrocadorApp@monero.town 1 points 4 months ago

Someone said we should run a separate server to work as a load balancer and generate these captchas as they might consume processing from the server. We'll look into it. Thanks!

[-] Scolding0513@sh.itjust.works 1 points 4 months ago

haha i was literally about the suggest the exact same thing 💙

but yeah, basically become your own Cloudflare :)

load more comments (8 replies)
this post was submitted on 23 Jun 2024
26 points (90.6% liked)

Monero

1663 readers
24 users here now

This is the lemmy community of Monero (XMR), a secure, private, untraceable currency that is open-source and freely available to all.

GitHub

StackExchange

Twitter

Wallets

Desktop (CLI, GUI)

Desktop (Feather)

Mac & Linux (Cake Wallet)

Web (MyMonero)

Android (Monerujo)

Android (MyMonero)

Android (Cake Wallet) / (Monero.com)

Android (Stack Wallet)

iOS (MyMonero)

iOS (Cake Wallet) / (Monero.com)

iOS (Stack Wallet)

iOS (Edge Wallet)

Instance tags for discoverability:

Monero, XMR, crypto, cryptocurrency

founded 1 year ago
MODERATORS