Topic: How long does this warning stay on the account profile? - page 2. (Read 543 times)

They both displays the information, like for instance; If account got hacked you would see that the email changed and password also change, and again if a user changed mail you would also see that very message that this user mail was change. However, every warning disappears after 28-31 days depending on the month mail/password was changed, and of course every single user are meant to stake their bitcoin address for account safety and if they aren't able to stake it then we can assumed that such profile has changed hands therefore while dealing with them we should be extremely careful not to get scammed.

Ofcourse not, TSC. Look, even the smartest ain't putting up with everything. The fact that you're known for your perspectional savvy doesn't necessarily mean you wouldn't be tricked by trivial things... Do you know how inspired we(I) get to read properly constructed, point-driven post like yours, and many others? Lol.

...and, what if the said user never had an address staked in here before now?
Well, If that happens, so many hurdles and protocols would be made useless.
I don't know... I always feel like I'm behind huge bars when I'm confronted with programs and machine languages which I can't comprehend/solve; the only python I've known would probably be the one from 2 years ago, that got killed during an intense bush burning in a local farm.

Definitely. It even seemed a bit bizarre to me here when I first joined. I think I've told you this over PM before, but I remember finding the culture here difficult to adjust to, and I'm still not completely comfortable with it... I guess it's necessary (though I'm not convinced it is) on a forum like this for there to be so much focus on rooting out bad actors. But, I also can't shake the feeling that not much can grow in this soil, if you know what I mean? There's a concrete community-wise cost to the forum's culture of suspicion, and I sometimes find myself wondering if that cost is truly worth the actual (rather than supposed) upside it produces.

Hehe, yeah, it's cool, right? It was a pretty minor security issue that led to me getting it, but, I'm proud of it, all the same.

Aw, thanks, dude. I appreciate that! All I'm really trying to do with my time on Bitcointalk is make sure that I can look back on it one day and be convinced that the forum benefited at least as much from me as I did from it. (I mean, it's far from clear to me that I'll succeed in doing that, but, it's a nice thing to try for.)

Be careful what you wish for! At programming? Yeah, that's where I'm most happy/comfortable. It's been that way since I was little. At everything else in life... I think you'd be surprised to find out just how many things I suck at.

As far as I know, when a user changes his email, it is displayed as a warning for 30 days in his trust option.  And if a hacker hacks an account and changes the email. then there is a link in the previous email through which the account can be locked. and that link is valid for 14 days.

Changing the password shows the same warning but it gets removed after 3 days

Well, not that I don't want the forum to be clean from scammers, spammers, and all other sorts of users with shady behavior, but that or any other restrictions that would completely remove earning opportunities from the forum will only result in the activity dropping drastically and I don't think we want to see that happen. I believe the systems in place are pretty much successful in keeping as much uselessness out of the forum as possible, I know the results are not 100%, but it works, pretty much.

I also think that campaign managers are doing a pretty good job because they only recruit users that are capable of making quality posts and those who have joined the forum only intending to earn money from signature campaigns are barely able to get a spot in a paid signature campaign, and those who are at least actively contributing in some way in the forum are getting rewarded for their efforts and they deserve it, in my opinion. 

P.S.: Sorry for the off-topic post, OP. I could write something about the question asked but it has already been answered multiple times.

Dang, I'm usually wrong!  But in this case, I had to assume that info was displayed because of all the shenanigans that go on here.  If there was an SMF forum dealing with comic books or stamp collecting, it'd seem a bit bizarre wouldn't it?

And hey, I just noticed that neat little badge you got there, PowerGlove.  Props upon props to you for all the hard work you put in.  Wish I had half the talent you've got.

I think TSC has it right: none of that stuff is in ordinary SMF (at least, I can't find those things myself in SMF 1.1.19, and an Internet search for "seclog site:simplemachines.org" returns nothing).

It looks like the seclog and its trust-page-reflections were added by theymos in 2014. It looks like administrative changes to an account's e-mail address started being logged in 2018. I'm not clear on where (or even if) recovery-unrelated e-mail address changes get displayed/logged (I don't think they're supposed to be noticed, but don't quote me on that, I'm just guessing... I know that there was, and maybe still is, an unintended trust warning to do with automatic bounce-related e-mail address changes).

Some warnings on profile trust page like
This user's password was reset recently.
This user recently woke up from a long period of inactivity.
This user's email address was changed recently.

I don't know about email address change but information on password reset lasts 30 days, password change lasts 3 days, and woke up lasts 30 days.

Best way to know if account ownership didn't change (again) is to ask this member to sign a message from bitcoin address and prove ownership.

This is correct.
I know members who changed their email addresses from within account profile and there was no warning about changed email address shown on their profile.

OK, fair enough--I guess the other boards I've been a member of haven't used this format/software (for all the years I've been here, I never bothered to learn what SMF is exactly).  And come to think of it, I don't think I've ever closely checked other members' profiles on the other boards, but I'm pretty sure they don't tell you all the information mentioned in my previous post.


Yeah.  Exactly.  Don't know how long it took from the creation of bitcointalk 'til it became how it's been for the past 10 years at least, but I've disposed of any hope I had that it'd change without Theymos resorting to the banning of all signature campaigns.  Oh well.  When you have to live in a cockroach-infested domicile, it's best to keep roach spray on hand at all times.  Good thing DT members have a lot of it.

I assumed this is the default on SMF.

You mean a community with magic internet money and valuable signature space? That's a magnet for scammers.

Not to bump this thread unnecessarily (but I'mma gonna), but I've never come across a discussion forum where this kind of information, i.e., password/e-mail change, becoming active again after a long time, is displayed publicly.  Have any of you?

On bitcointalk it's extremely useful no matter how long the info is shown for, because of all the scammers, account traders and the like....but it's also sort of telling as to what kind of community this is.  At least 95% of members here are out to screw people over or use the forum as a paycheck delivery service.  That estimate was pulled straight out of my bunghole, but anyone can dispute it if they truly believe I'm wrong.

Anyway.

BPIP keeps logs of email changes. Or see my seclog log (big file).
On second thought: only password resets via email show up, it appears email changes aren't logged.

ask him to sign a message from an old address or contact you via Telegram or any other way to verify that account has not been hacked.
Changing the password is enough reason to raise suspicions.
In general, you can use Security/Moderator Log, which all recorded there, for example ----> https://bpip.org/Profile?id=908982

I knew this message as well as other trust page warning notes e.g. changed passwords will last 30 days, check the quoted post below.

Although this particular post quoted from theymos does not particular talk about the change email but i assume this affects all trust page warning notes.

This is the reason why such message from security log last 30 days too.

Not sure but somehow my memory tells me that it's 14 days.

I mean this warning:

An account of a certain user got hacked, the password and email address were changed a couple of months back, but then the user managed to recover the account. Recently, it appears that the password was changed again. The warning regarding the email address change too still appears on the profile. I am not sure if this was from the previous hack, previous account recovery changes or another recent hack?

Before I conclude about anything, I just want to be sure it's from the previous incident and not recently.