Author

Topic: Request to un-ban account (Read 605 times)

member
Activity: 364
Merit: 19
November 25, 2017, 05:39:19 PM
#17

So I have confirmed, after checking my email, that my JJGALLOW account was compromised in bitcointalk, and I received the following email from the forum on 2015/05/25.   

So I now know why my account was locked/banned.   

I can provide proof of my identity and I would really appreciate getting my account un-banned or recovered.

Thank you


Quote
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

You are receiving this message because your email address is associated
with an account on bitcointalk.org. I regret to have to inform you that
some information about your account was obtained by an attacker who
successfully compromised the bitcointalk.org server. The following
information about your account was likely leaked:
 - Email address
 - Password hash
 - Last-used IP address and registration IP address
 - Secret question and a basic (not brute-force-resistant) hash of your
 secret answer
 - Various settings

You should immediately change your forum password and delete or change
your secret question. To do this, log into the forum, click "profile",
and then go to "account related settings".

If you used the same password on bitcointalk.org as on other sites, then
you should also immediately change your password on those other sites.
Also, if you had a secret question set, then you should assume that the
attacker now knows the answer to your secret question.

Your password was salted and hashed using sha256crypt with 7500 rounds.
This will slow down anyone trying to recover your password, but it will
not completely prevent it unless your password was extremely strong.

While nothing can ever be ruled out in these sorts of situations, I do
not believe that the attacker was able to collect any forum personal
messages.

I apologize for the inconvenience and for any trouble that this may cause.
-----BEGIN PGP SIGNATURE-----

iF4EAREIAAYFAlVhiGIACgkQxlVWk9q1keeUmgEAhGi8pTghxISo1feeXkUMhW3a
uKxLeOOkTQR5Zh7aGKoBAMEvYsGEBGt3hzInIh+k43XJjGYywSiPAal1KI7Arfs0
=bvuI
-----END PGP SIGNATURE-----
member
Activity: 364
Merit: 19
November 22, 2017, 01:40:32 AM
#16
I think the main reason you want to recover your account because it'll have Full Member in this week Smiley. But I think it's nearly impossible to recover banned account.

I actually don't even know what that means lol.

I don't know why I wouldn't want to recover it.   I believe that most secure sites are able to either recover accounts or provide reasona why they can't.    The more secure the more capable of doing do.   I don't see this site as any different.

I may not get what I request but that's never stopped me from asking.  

The original date of the account, its continuity, and the posts are significant to me but I am not familiar with the member statuses.
newbie
Activity: 2
Merit: 0
November 22, 2017, 12:56:25 AM
#15
I think the main reason you want to recover your account because it'll have Full Member in this week Smiley. But I think it's nearly impossible to recover banned account.
member
Activity: 364
Merit: 19
November 22, 2017, 12:42:48 AM
#14
I experienced this also before and moved on and just made a different account. Probably, you might have posted something similar to other posts in the web making it look like a copy paste. Or probably, you created accounts consecutively in a single internet provider which is like account farming.

Even if you email the given address, most probanly you wont receive any replies. You wont also know the exact reason why you were banned. So better yet move on and create another account and be careful with your actions.

Thank you franco123,

To my knowledge, I have never used more than one account at a time.  But, when they get banned, it creates a situation where you have to create another.   Thus, having created this account (if that is the issue), I'm perpetuating the situation.   Ideally I would like to understand the reason for the ban, so as not to waste my time building up the next account and making the same mistake.   Or, in the case where it was just a security precaution, which I suspect, that it can be corrected.

My chances might not be great but that hasn't stopped me from making this request going on 4 years now.   Maybe I can set a record, lol.  Preferably, eventually get an explanation or some help.
full member
Activity: 252
Merit: 100
November 22, 2017, 12:26:30 AM
#13
I experienced this also before and moved on and just made a different account. Probably, you might have posted something similar to other posts in the web making it look like a copy paste. Or probably, you created accounts consecutively in a single internet provider which is like account farming.

Even if you email the given address, most probanly you wont receive any replies. You wont also know the exact reason why you were banned. So better yet move on and create another account and be careful with your actions.
member
Activity: 364
Merit: 19
November 21, 2017, 10:03:48 AM
#12
Quote
In all cases, if an account were compromised, bitcoin addresses, PGP keys, and email addresses could all be altered by the hacker, and no doubt all of these scenarios have occurred on this forum.

Wrong if your address was quoted by someone else, it can't be altered.   My bitcoin address is XYZ, for instance.   So its the ultimate proof that this BTC address belonged to the original owner, if they can sign it.

Email Addresses can be hacked too, So they aren't the ultimate proof.

Quote
While my associated website is currently private on whois,  I would like to propose using this as proof (I can change the settings....to be reflected in a day).   This whois information is tied to my personal address...my credit cards, my actual identity.   

Anything other than Signing Bitcoin address is not considered valid.

Quote
In the case of both my accounts  (the original jjgallow and safecoin)

Do you mean 'safecoin.org' account? Please provide links to your both accounts.

Quote
Would this be acceptable?

No.

Thank you for the information, I appreciate it.


I am not sure that it is fair to say a BTC address quoted by someone else is the "ultimate proof" for the following reasons:

  • 1.   Anyone on here has the ability at all points in time (past and present) to create an account on this forum.    So I don't see how this proof can go past a gut feel trust for other users.   See what I did above, for instance.

    2.   This method relies, as I understand it, on trusting other accounts on this forum not to be compromised, when the purpose is to safeguard against individuals known to be able to compromise forum accounts.   Is this not essentially a gut feel trust as well?   Or an exercise of good common sense with some risk management?

    3.   BTC addresses are hacked just as much as email addresses if not more.   In fact this would often be the prime objective of steeling someone's identify on here.   There are entire sections of this forum devoted to dealing with it.   This just actually happened while you posted:
          http://www.independent.co.uk/news/business/news/bitcoin-hack-crash-latest-updates-news-cryptocurrency-treasury-wallet-a8066651.html

    4.   Nowhere in the sticky does it mention a requirement for having a BTC or PGP associated with your account being quoted, so I am not sure if this is protocol?   And with the reasons above, perhaps that is why?


In terms off accounts and what I'm referring to as proof, here are the requested links and descriptions:


jjgallow   (this was actually my original account, in hindsight probably the one to be unlocked):  https://bitcointalksearch.org/user/jjgallow-160150

safecoin   https://bitcointalksearch.org/user/safecoin-325125

In both cases, the accounts are associated with the Internet Domain http://safecoin.org.

In both cases, both accounts immediately post about http://safecoin.org, and are quoted by more senior uses about http://safecoin.org


I have temporarily removed the privacy on this domain name, which I own, which has my personal address, name, email, phone number, associated credit cards, and login credentials.   Basically my actual identity.   

An admin will be able to note that the associated email on the WHOIS matches my accounts above.  In hindsight I believe it matches jjgallow:

https://www.whois.com/whois/safecoin.org


Sending an email to this address will further confirm that I am the contact for the associated domain and these accounts.


Additionally, further legal proof of my identity associated with these accounts, this email address, and this domain, is available here:
https://trademarks.justia.com/861/37/safecoin-86137742.html


P.S..please do not reply with information in my WHOIS.   I intend to return this to Privacy mode shortly.

Thank you.

legendary
Activity: 1512
Merit: 1218
Change is in your hands
November 21, 2017, 01:46:48 AM
#11
Quote
In all cases, if an account were compromised, bitcoin addresses, PGP keys, and email addresses could all be altered by the hacker, and no doubt all of these scenarios have occurred on this forum.

Wrong! if your address was quoted by someone else, it can't be altered. So its the ultimate proof that this BTC address belonged to the original owner, if they can sign it.

Email Addresses can be hacked too, So they aren't the ultimate proof.

Quote
While my associated website is currently private on whois,  I would like to propose using this as proof (I can change the settings....to be reflected in a day).   This whois information is tied to my personal address...my credit cards, my actual identity.  

Anything other than Signing Bitcoin address is not considered valid.

Quote
In the case of both my accounts  (the original jjgallow and safecoin)

Do you mean 'safecoin.org' account? Please provide links to your both accounts.

Quote
Would this be acceptable?

No.
member
Activity: 364
Merit: 19
November 21, 2017, 01:27:06 AM
#10
Thank you very much dillpicklechips and BitRent for elaborating on this issue, I really appreciate it.

I have actually lost 2 usernames this way within a short period of time, my absolute original being jjgallow.   At least, this is my understanding.

The explanations do help, but I am still confused why a PGP key or bitcoin address would provide more proof than the email address on record.     

In all cases, if an account were compromised, bitcoin addresses, PGP keys, and email addresses could all be altered by the hacker, and no doubt all of these scenarios have occurred on this forum.   Thus I am unsure what additional proof this provides.  If anything could it  it provide a false sense of assurance and allow hackers to regain access to locked hacked accounts? 

In the case of both my accounts  (the original jjgallow and safecoin), I have not only attached to my profile but posted (on first posts) my associated Web address... not surprisingly http://safecoin.org.

In addition, these time stamped posts which show to be unaltered have been replied to by others in posts that no hacker could alter.

While my associated website is currently private on whois,  I would like to propose using this as proof (I can change the settings....to be reflected in a day).   This whois information is tied to my personal address...my credit cards, my actual identity.   

Would this be acceptable?   

Thank you for your consideration
hero member
Activity: 994
Merit: 507
November 20, 2017, 11:37:15 PM
#9
Thank you....in this case I can log in....and I have access  to the associated recovery emaIl...thus if I'm not mistaken I have the same proof of ownership as anyone else on this forum...

I could be mistaken but that is my understanding?
Not really. The standard proof of ownership is thru signing a message. So, basically, if you provide other proof other than signing a message then most likely it will not be entertained especially if it takes a lot of time to verify whether it can be or not. Please read the sticky like KWH said. You obviously didn't read it.

Hello,   I actually have read the sticky many times, for the last 2 years, but it specifically says it is for account recovery,   does not address banned accounts,  and does not ascertain standard proof of ownership.

I'm not saying you are wrong,  but I have read the sticky and would not have made this request otherwise.   I would gladly send a signed message but no PGP key was required on signin, and I responsibly maintained my ability to log in

Thank you
If so and you recognizing the possibility that the ban was due to being not able to log in to your account after the database hack and for security purposes it was banned (or locked) then it falls to recovering your account. Even though you can recover it via email, the case is that it was banned because of security puposes (a possibility) then it would be useless and end up providing proof of ownership.

P.S. Don't worry. I don't take it offensively.
P.P.S. Finished this post after BitRent had replied. I decided not to delete this. I think it would contribute to further understanding the situation.
staff
Activity: 1718
Merit: 1206
Yield.App
November 20, 2017, 11:30:28 PM
#8
Thank you....in this case I can log in....and I have access  to the associated recovery emaIl...thus if I'm not mistaken I have the same proof of ownership as anyone else on this forum...

I could be mistaken but that is my understanding?
Not really. The standard proof of ownership is thru signing a message. So, basically, if you provide other proof other than signing a message then most likely it will not be entertained especially if it takes a lot of time to verify whether it can be or not. Please read the sticky like KWH said. You obviously didn't read it.

Hello,   I actually have read the sticky many times, for the last 2 years, but it specifically says it is for account recovery,   does not address banned accounts,  and does not ascertain standard proof of ownership.

I'm not saying you are wrong,  but I have read the sticky and would not have made this request otherwise.   I would gladly send a signed message but no PGP key was required on signin, and I responsibly maintained my ability to log in

Thank you

You said it yourself in the OP that it was due to recent attack on the forum. To prove the ownership, you need to be able to sign a message from a BTC address you posted here long time ago or a PGP key that you used to have. Because who knows that it is really YOU, could be a hacker, right? You can PM Cyrus about this.

You need to sign an address which you posted with that account, and send it to cyrus. Look at the sticky in meta for the guide. Don't expect a reply any time soon though, as loads of people are requesting the same thing so he likely has a backlog.
I've got the same issue. Really annoying that the message says to email, but not that this procedure is in place. I didn't couple my bitcoin address, so I've got no way to recover. Any suggestions on other ways of proving ownership? Btw. My email address never changed, shouldn't the database confirm this even after the hashes got stolen?

If the hashes did get stolen, then they also know your email. Which, a lot of people use the same password for multiple websites, which means emails could of been compromised too. There isn't any other way to prove ownership other than signing an address.
member
Activity: 364
Merit: 19
November 20, 2017, 10:58:06 PM
#7
Thank you....in this case I can log in....and I have access  to the associated recovery emaIl...thus if I'm not mistaken I have the same proof of ownership as anyone else on this forum...

I could be mistaken but that is my understanding?
Not really. The standard proof of ownership is thru signing a message. So, basically, if you provide other proof other than signing a message then most likely it will not be entertained especially if it takes a lot of time to verify whether it can be or not. Please read the sticky like KWH said. You obviously didn't read it.

Hello,   I actually have read the sticky many times, for the last 2 years, but it specifically says it is for account recovery,   does not address banned accounts,  and does not ascertain standard proof of ownership.

I'm not saying you are wrong,  but I have read the sticky and would not have made this request otherwise.   I would gladly send a signed message but no PGP key was required on signin, and I responsibly maintained my ability to log in

Thank you
hero member
Activity: 994
Merit: 507
November 20, 2017, 10:37:51 PM
#6
Thank you....in this case I can log in....and I have access  to the associated recovery emaIl...thus if I'm not mistaken I have the same proof of ownership as anyone else on this forum...

I could be mistaken but that is my understanding?
Not really. The standard proof of ownership is thru signing a message. So, basically, if you provide other proof other than signing a message then most likely it will not be entertained especially if it takes a lot of time to verify whether it can be or not. Please read the sticky like KWH said. You obviously didn't read it.
member
Activity: 364
Merit: 19
November 20, 2017, 10:26:15 PM
#5
Read the easy to find sticky in Meta.

Isn't that for account recovery?

You still need to proof your ownership.


Thank you....in this case I can log in....and I have access  to the associated recovery emaIl...thus if I'm not mistaken I have the same proof of ownership as anyone else on this forum...

I could be mistaken but that is my understanding?
staff
Activity: 1718
Merit: 1206
Yield.App
November 20, 2017, 10:21:39 PM
#4
Read the easy to find sticky in Meta.

Isn't that for account recovery?

You still need to proof your ownership.
member
Activity: 364
Merit: 19
November 20, 2017, 10:16:41 PM
#3
Read the easy to find sticky in Meta.

Isn't that for account recovery?
KWH
legendary
Activity: 1904
Merit: 1045
In Collateral I Trust.
November 20, 2017, 10:01:16 PM
#2
Read the easy to find sticky in Meta.
member
Activity: 364
Merit: 19
November 20, 2017, 09:51:43 PM
#1
Hey there,

It appears that my original account from 2014 was banned ("safecoin"), and to my understanding this was due to some kind of attack on the forum at that time which led to many accounts being banned.

I can still log into my account, and I still have access to the associated email address to it (I just logged in today).    https://bitcointalksearch.org/user/safecoin-325125

Would it be possible to get this unbanned, or if there is a different reason why it was banned, some education on that provided?   I have not received any reason and thus assume it to be above, which was a known "thing" at that time on the forum.


Thank you very kindly.
Jump to: