Pages:
Author

Topic: How long does this warning stay on the account profile? - page 2. (Read 543 times)

hero member
Activity: 882
Merit: 800
Before I conclude about anything, I just want to be sure it's from the previous incident and not recently.
Best way to know if account ownership didn't change (again) is to ask this member to sign a message from bitcoin address and prove ownership.

On second thought: only password resets via email show up, it appears email changes aren't logged.
This is correct.
I know members who changed their email addresses from within account profile and there was no warning about changed email address shown on their profile.

They both displays the information, like for instance; If account got hacked you would see that the email changed and password also change, and again if a user changed mail you would also see that very message that this user mail was change. However, every warning disappears after 28-31 days depending on the month mail/password was changed, and of course every single user are meant to stake their bitcoin address for account safety and if they aren't able to stake it then we can assumed that such profile has changed hands therefore while dealing with them we should be extremely careful not to get scammed.
hero member
Activity: 798
Merit: 1045
Goodnight, ohh Leo!!! 🦅
Dang, I'm usually wrong!
Ofcourse not, TSC. Look, even the smartest ain't putting up with everything. The fact that you're known for your perspectional savvy doesn't necessarily mean you wouldn't be tricked by trivial things... Do you know how inspired we(I) get to read properly constructed, point-driven post like yours, and many others? Lol.

Best way to know if account ownership didn't change (again) is to ask this member to sign a message from bitcoin address and prove ownership.
...and, what if the said user never had an address staked in here before now?
I've disposed of any hope I had that it'd change without Theymos resorting to the banning of all signature campaigns.
Well, If that happens, so many hurdles and protocols would be made useless.
Be careful what you wish for! At programming? Yeah, that's where I'm most happy/comfortable.
I don't know... I always feel like I'm behind huge bars when I'm confronted with programs and machine languages which I can't comprehend/solve; the only python I've known would probably be the one from 2 years ago, that got killed during an intense bush burning in a local farm.
hero member
Activity: 510
Merit: 4005
If there was an SMF forum dealing with comic books or stamp collecting, it'd seem a bit bizarre wouldn't it?
Definitely. It even seemed a bit bizarre to me here when I first joined. I think I've told you this over PM before, but I remember finding the culture here difficult to adjust to, and I'm still not completely comfortable with it... I guess it's necessary (though I'm not convinced it is) on a forum like this for there to be so much focus on rooting out bad actors. But, I also can't shake the feeling that not much can grow in this soil, if you know what I mean? There's a concrete community-wise cost to the forum's culture of suspicion, and I sometimes find myself wondering if that cost is truly worth the actual (rather than supposed) upside it produces.

And hey, I just noticed that neat little badge you got there, PowerGlove.
Hehe, yeah, it's cool, right? It was a pretty minor security issue that led to me getting it, but, I'm proud of it, all the same.

Props upon props to you for all the hard work you put in.
Aw, thanks, dude. I appreciate that! All I'm really trying to do with my time on Bitcointalk is make sure that I can look back on it one day and be convinced that the forum benefited at least as much from me as I did from it. (I mean, it's far from clear to me that I'll succeed in doing that, but, it's a nice thing to try for.)

Wish I had half the talent you've got.
Be careful what you wish for! At programming? Yeah, that's where I'm most happy/comfortable. It's been that way since I was little. At everything else in life... I think you'd be surprised to find out just how many things I suck at.
sr. member
Activity: 546
Merit: 309
I mean this warning:

Quote
This user's email address was changed recently.
An account of a certain user got hacked, the password and email address were changed a couple of months back, but then the user managed to recover the account. Recently, it appears that the password was changed again. The warning regarding the email address change too still appears on the profile. I am not sure if this was from the previous hack, previous account recovery changes or another recent hack?

Before I conclude about anything, I just want to be sure it's from the previous incident and not recently.
As far as I know, when a user changes his email, it is displayed as a warning for 30 days in his trust option.  And if a hacker hacks an account and changes the email. then there is a link in the previous email through which the account can be locked. and that link is valid for 14 days.

Changing the password shows the same warning but it gets removed after 3 days
sr. member
Activity: 1260
Merit: 358
I've disposed of any hope I had that it'd change without Theymos resorting to the banning of all signature campaigns.

Well, not that I don't want the forum to be clean from scammers, spammers, and all other sorts of users with shady behavior, but that or any other restrictions that would completely remove earning opportunities from the forum will only result in the activity dropping drastically and I don't think we want to see that happen. I believe the systems in place are pretty much successful in keeping as much uselessness out of the forum as possible, I know the results are not 100%, but it works, pretty much.

I also think that campaign managers are doing a pretty good job because they only recruit users that are capable of making quality posts and those who have joined the forum only intending to earn money from signature campaigns are barely able to get a spot in a paid signature campaign, and those who are at least actively contributing in some way in the forum are getting rewarded for their efforts and they deserve it, in my opinion.  Smiley

P.S.: Sorry for the off-topic post, OP. I could write something about the question asked but it has already been answered multiple times.
legendary
Activity: 3556
Merit: 7011
Top Crypto Casino
I think TSC has it right:

Dang, I'm usually wrong!  But in this case, I had to assume that info was displayed because of all the shenanigans that go on here.  If there was an SMF forum dealing with comic books or stamp collecting, it'd seem a bit bizarre wouldn't it?

And hey, I just noticed that neat little badge you got there, PowerGlove.  Props upon props to you for all the hard work you put in.  Wish I had half the talent you've got.

hero member
Activity: 510
Merit: 4005
I've never come across a discussion forum where this kind of information, i.e., password/e-mail change, becoming active again after a long time, is displayed publicly.
I assumed this is the default on SMF.
I think TSC has it right: none of that stuff is in ordinary SMF (at least, I can't find those things myself in SMF 1.1.19, and an Internet search for "seclog site:simplemachines.org" returns nothing).

It looks like the seclog and its trust-page-reflections were added by theymos in 2014. It looks like administrative changes to an account's e-mail address started being logged in 2018. I'm not clear on where (or even if) recovery-unrelated e-mail address changes get displayed/logged (I don't think they're supposed to be noticed, but don't quote me on that, I'm just guessing... I know that there was, and maybe still is, an unintended trust warning to do with automatic bounce-related e-mail address changes).
sr. member
Activity: 602
Merit: 387
Rollbit is for you. Take $RLB token!
Some warnings on profile trust page like
This user's password was reset recently.
This user recently woke up from a long period of inactivity.
This user's email address was changed recently.

I don't know about email address change but information on password reset lasts 30 days, password change lasts 3 days, and woke up lasts 30 days.

You're considered to have woken up if your last login time is 180+ days ago, and the message remains for 30 days.

Whenever a user changes his own password or resets his account (via email or secret question), this action is now publicly logged here for 30 days:
https://bitcointalk.org/seclog.php

Additionally, these same actions will be listed on the person's Trust page. A reset will be shown for 30 days, while a password change will be shown for 3 days.

This should make it easier to determine whether an account has been compromised.
legendary
Activity: 2212
Merit: 7064
Before I conclude about anything, I just want to be sure it's from the previous incident and not recently.
Best way to know if account ownership didn't change (again) is to ask this member to sign a message from bitcoin address and prove ownership.

On second thought: only password resets via email show up, it appears email changes aren't logged.
This is correct.
I know members who changed their email addresses from within account profile and there was no warning about changed email address shown on their profile.
legendary
Activity: 3556
Merit: 7011
Top Crypto Casino
I've never come across a discussion forum where this kind of information, i.e., password/e-mail change, becoming active again after a long time, is displayed publicly.
I assumed this is the default on SMF.

OK, fair enough--I guess the other boards I've been a member of haven't used this format/software (for all the years I've been here, I never bothered to learn what SMF is exactly).  And come to think of it, I don't think I've ever closely checked other members' profiles on the other boards, but I'm pretty sure they don't tell you all the information mentioned in my previous post.

Quote
it's also sort of telling as to what kind of community this is
You mean a community with magic internet money and valuable signature space? Wink That's a magnet for scammers.

Yeah.  Exactly.  Don't know how long it took from the creation of bitcointalk 'til it became how it's been for the past 10 years at least, but I've disposed of any hope I had that it'd change without Theymos resorting to the banning of all signature campaigns.  Oh well.  When you have to live in a cockroach-infested domicile, it's best to keep roach spray on hand at all times.  Good thing DT members have a lot of it.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
I've never come across a discussion forum where this kind of information, i.e., password/e-mail change, becoming active again after a long time, is displayed publicly.
I assumed this is the default on SMF.

Quote
it's also sort of telling as to what kind of community this is
You mean a community with magic internet money and valuable signature space? Wink That's a magnet for scammers.
legendary
Activity: 3556
Merit: 7011
Top Crypto Casino

On second thought: only password resets via email show up, it appears email changes aren't logged.

Not to bump this thread unnecessarily (but I'mma gonna), but I've never come across a discussion forum where this kind of information, i.e., password/e-mail change, becoming active again after a long time, is displayed publicly.  Have any of you?

On bitcointalk it's extremely useful no matter how long the info is shown for, because of all the scammers, account traders and the like....but it's also sort of telling as to what kind of community this is.  At least 95% of members here are out to screw people over or use the forum as a paycheck delivery service.  That estimate was pulled straight out of my bunghole, but anyone can dispute it if they truly believe I'm wrong.

Anyway.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
I am not sure if this was from the previous hack, previous account recovery changes or another recent hack?
BPIP keeps logs of email changes. Or see my seclog log (big file).
On second thought: only password resets via email show up, it appears email changes aren't logged.
legendary
Activity: 2702
Merit: 4002

Before I conclude about anything, I just want to be sure it's from the previous incident and not recently.
ask him to sign a message from an old address or contact you via Telegram or any other way to verify that account has not been hacked.
Changing the password is enough reason to raise suspicions.
In general, you can use Security/Moderator Log, which all recorded there, for example ----> https://bpip.org/Profile?id=908982
hero member
Activity: 1554
Merit: 880
Notify wallet transaction @txnNotifierBot
I knew this message as well as other trust page warning notes e.g. changed passwords will last 30 days, check the quoted post below.

I didn't particularly intend for the trust warning to appear for these automatic changes, but it's a niche situation and a bit difficult to fix, so I probably won't fix this unless several other people complain. It only lasts 30 days, after all.
Although this particular post quoted from theymos does not particular talk about the change email but i assume this affects all trust page warning notes.

This is the reason why such message from security log last 30 days too.
legendary
Activity: 2464
Merit: 3878
Hire Bitcointalk Camp. Manager @ r7promotions.com
Not sure but somehow my memory tells me that it's 14 days.
copper member
Activity: 2198
Merit: 1837
🌀 Cosmic Casino
I mean this warning:

Quote
This user's email address was changed recently.
An account of a certain user got hacked, the password and email address were changed a couple of months back, but then the user managed to recover the account. Recently, it appears that the password was changed again. The warning regarding the email address change too still appears on the profile. I am not sure if this was from the previous hack, previous account recovery changes or another recent hack?

Before I conclude about anything, I just want to be sure it's from the previous incident and not recently.
Pages:
Jump to: