Pages:
Author

Topic: Tomatocage account banned? (Read 2204 times)

legendary
Activity: 3696
Merit: 2219
💲🏎️💨🚓
September 17, 2016, 03:52:31 AM
#29
Thread archived for future reference...

http://archive.is/FB66F
legendary
Activity: 1274
Merit: 1004
May 30, 2015, 06:06:25 AM
#28



The forum really should Implement some kind of 2FA for a select few highly trusted accounts. This would probably not be as difficult to implement as 2FA for everyone and there are a few accounts that could do a lot of damage if hacked.

2FA is a nice idea, It's already implemented by some xenforo and mybb forums for example Hackforums.net to avoid SCAM, hacking attempt etc.
staff
Activity: 3304
Merit: 4115
May 29, 2015, 07:32:20 PM
#27
Good news. Glad that it was dealt with so swiftly, well done Badbear, this could of gone a lot worse that it did. I've removed my negative trust. Welcome back Tomatocage.
sr. member
Activity: 434
Merit: 252
May 29, 2015, 03:58:09 PM
#26
If this was done by an automated system that was put in place then I guess it effectively protected the original owner of the account. I guess theymos could shed some light on this

I believe so, and it's a similar case where you can't register a new account from a TOR IP. It would be nice to get official confirmation on this though.

Whenever I try to register a account through TOR this is the message I am receiving now. I no longer receive I need so send "x" amount of BTC to the specified address. Could be related to the recent attacks on the forum.


Quote
An Error Has Occurred!
Automatic unproxybans are temporarily disabled. Try again in a day or two. If you know a member of the forum, have them post in Meta on your behalf and someone will whitelist you manually.
legendary
Activity: 999
Merit: 1000
May 29, 2015, 03:45:28 PM
#25
My account was locked out for a few hours as well yesterday.  I changed my password from work, got locked, sent the email, Theymos reactivated and I reset my pw and question when I got home.  Maybe it had something to do with trying to switch the pw with a different IP I normally do not log into?
hero member
Activity: 532
Merit: 500
no longer selling accounts
May 29, 2015, 03:42:41 PM
#24
If this was done by an automated system that was put in place then I guess it effectively protected the original owner of the account. I guess theymos could shed some light on this

I believe so, and it's a similar case where you can't register a new account from a TOR IP. It would be nice to get official confirmation on this though.
I don't know anything about automatic banning of accounts when they access the forum via tor. However I do know that known exit nodes almost always are going to have enough units of evil to require them getting white listed it needing to pay a fee. There might be something in place to stop people resetting passwords with secret questions via tor, especially after the recent hack.



The forum really should Implement some kind of 2FA for a select few highly trusted accounts. This would probably not be as difficult to implement as 2FA for everyone and there are a few accounts that could do a lot of damage if hacked.
legendary
Activity: 3318
Merit: 2008
First Exclusion Ever
May 29, 2015, 03:11:29 PM
#23
Glad you got it sorted. That could have been a big mess.
legendary
Activity: 1554
Merit: 1222
brb keeping up with the Kardashians
May 29, 2015, 03:02:56 PM
#22
If this was done by an automated system that was put in place then I guess it effectively protected the original owner of the account. I guess theymos could shed some light on this

I believe so, and it's a similar case where you can't register a new account from a TOR IP. It would be nice to get official confirmation on this though.
legendary
Activity: 2422
Merit: 1451
Leading Crypto Sports Betting & Casino Platform
May 29, 2015, 02:58:37 PM
#21
If this was done by an automated system that was put in place then I guess it effectively protected the original owner of the account. I guess theymos could shed some light on this
newbie
Activity: 6
Merit: 0
May 29, 2015, 02:41:54 PM
#20
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Confirming from this account. Issue has been sorted out.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJVaMDkAAoJEI5wflVIgNhcYloH/1pFOMWWnoI8Gz2k9IbK1ojL
TeERkvw568up2IRJfWJyakPnuARIbc9HQqkpkMhXcaSJlDmHjYkVMK+Aap1+LsJf
ARG+pChWHm8K1RpdnfFl+hZlbX+PL1qmVBqXSeM6ygtpMaFuNHHXtB1WFkkvpX2Y
tsUq2xiViDaZkEhTWklsKMVHfLoHhA7zHEpi6mYElMaBlFK81CU2OD3qjpFl7TX9
aNP7WiTAw0Mcdouj0ZW7KMCc/7HEYdqF2Zfxw7xZP22y0HHa5qfBcSnRe/W6cDjp
4V852G0pvJwBygT/6nJ19+NNfo1dVX1YGFT6H1VxjjuTtuw7mVrRbcFwHkkLwb8=
=+gga
-----END PGP SIGNATURE-----
legendary
Activity: 1554
Merit: 1222
brb keeping up with the Kardashians
May 29, 2015, 02:38:01 PM
#19
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

With the help of BadBear, my account is now re-activated. It was suspected that my account was locked out after a PW reset via a relatively easy Secret Question answer through an IP associated with TOR. My Secret Question has since been removed, and there's no evidence or reason to suspect that anything further happened while my account was banned.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJVaL+4AAoJEI5wflVIgNhctCUIALdVA7jwOarD674XOpHpKigc
HHjb4Flihvk1QHNmDWrvv6tbPqnob+XQWw0hyl4vQnJYyZtRdab6sIPDwC6+4ONt
dBG10Cp0Xqt+gX59As4ejJp5cUbf3JSFrHiZsmINz4cceZ6fgWDEQRJ/nMEzYnlH
MGqaiLLQtHYV9D7tZaDVTKuRnpoNshf9Je7AI2UQjq5XUHLhbEKQbQvo3XcPMJVB
R/ns1ZFOlkYhVTkp1ec7TntK2Y1GopqwWeQuoxHCgRxzruQrI+jpnjvJaW9Zcog0
GoNqGm6jRrbBAu/kHvi2ivW7s1/o3q5M6tMYBejvpaY9aTUKkdZ2+S43ARFoh/M=
=fZ5l
-----END PGP SIGNATURE-----
legendary
Activity: 1652
Merit: 1128
May 29, 2015, 02:25:06 PM
#18
Sorted.  

Remember, the secret question/answer is basically an easier to guess second password, and the hashes for the answer (that was leaked) was a simpler version of the password hashes (which means easier to brute force).  

Could it be that suspicious logins are filtered? I've never heard of accounts being banned for security reasons, would that protect any attacker from accessing information PMs?

He was likely banned by a global moderator until Theymos could give it personal attention, just as a security measure.

Mod bans don't look like that, anything with something more than the generic "You have been banned by a forum moderator..." is admin applied.
legendary
Activity: 3318
Merit: 2008
First Exclusion Ever
May 29, 2015, 02:16:26 PM
#17
Could it be that suspicious logins are filtered? I've never heard of accounts being banned for security reasons, would that protect any attacker from accessing information PMs?

He was likely banned by a global moderator until Theymos could give it personal attention, just as a security measure.
legendary
Activity: 2422
Merit: 1451
Leading Crypto Sports Betting & Casino Platform
May 29, 2015, 01:58:51 PM
#16
Could it be that suspicious logins are filtered? I've never heard of accounts being banned for security reasons, would that protect any attacker from accessing information PMs?
legendary
Activity: 1022
Merit: 1003
𝓗𝓞𝓓𝓛
May 29, 2015, 01:17:11 PM
#15
I think theymos issued the ban to make sure the account is not misused.

Wait, you have a same problem with this person here https://bitcointalksearch.org/topic/account-not-accesible-1074232 What is really happening with Bitcointalk Huh

No, not even close.

Oh, my bad. I was misunderstanding the problem, I'm sorry Sad
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
May 29, 2015, 01:13:28 PM
#14
I think theymos issued the ban to make sure the account is not misused.

Wait, you have a same problem with this person here https://bitcointalksearch.org/topic/account-not-accesible-1074232 What is really happening with Bitcointalk Huh

No, not even close.
legendary
Activity: 1022
Merit: 1003
𝓗𝓞𝓓𝓛
May 29, 2015, 01:10:27 PM
#13
Wait, you have a same problem with this person here https://bitcointalksearch.org/topic/account-not-accesible-1074232 What is really happening with Bitcointalk Huh
hero member
Activity: 617
Merit: 559
May 29, 2015, 12:46:25 PM
#12
Edited.
copper member
Activity: 2996
Merit: 2374
May 29, 2015, 12:31:35 PM
#11
You entering your password should not cause you to get banned (assuming there is no special security setting for your account because it is on level 1 default trust or something).

Someone would have to actually ban your account for some reason.

Did it have any kind of ban message (like malware or insubstantial posts + paid sig, trolling, ect.)?

After I had reset my PW and then try logging in with my new credentials, I get:

Sorry Tomatocage, you are banned from using this forum!
For security, your account has been locked. Email [email protected]


BTW I'm still holding escrow for you, so just LMK by Email or PM me on this account once we're ready to finalize the deal.
I know that when I have two sessions open on my account on two different browsers (for example one on my phone and one on my computer) and I log out of one then I will be forcibly logged out of both, so it is theoretically possible that your account was somehow hacked, tried to do some kind of damage and then logged out. I am not sure if this also happens when you are banned (I've never been banned).

My primary theory is still that a global moderator account was hacked and banned you for some malicious reason.

I'm not terribly worried about the funds in escrow. It is for a restively small amount and I am confident you will follow through. I'll give you a GPG signed message once the buyer approves the release of escrow. You did get my email from a few days ago with the tracking number right?
newbie
Activity: 6
Merit: 0
May 29, 2015, 12:14:15 PM
#10
You entering your password should not cause you to get banned (assuming there is no special security setting for your account because it is on level 1 default trust or something).

Someone would have to actually ban your account for some reason.

Did it have any kind of ban message (like malware or insubstantial posts + paid sig, trolling, ect.)?

After I had reset my PW and then try logging in with my new credentials, I get:

Sorry Tomatocage, you are banned from using this forum!
For security, your account has been locked. Email [email protected]


BTW I'm still holding escrow for you, so just LMK by Email or PM me on this account once we're ready to finalize the deal.
Pages:
Jump to: