Thread archived for future reference...
http://archive.is/FB66F
Topic: Tomatocage account banned? (Read 2206 times)
The forum really should Implement some kind of 2FA for a select few highly trusted accounts. This would probably not be as difficult to implement as 2FA for everyone and there are a few accounts that could do a lot of damage if hacked.
2FA is a nice idea, It's already implemented by some xenforo and mybb forums for example Hackforums.net to avoid SCAM, hacking attempt etc.
Good news. Glad that it was dealt with so swiftly, well done Badbear, this could of gone a lot worse that it did. I've removed my negative trust. Welcome back Tomatocage.
If this was done by an automated system that was put in place then I guess it effectively protected the original owner of the account. I guess theymos could shed some light on this
I believe so, and it's a similar case where you can't register a new account from a TOR IP. It would be nice to get official confirmation on this though.
Whenever I try to register a account through TOR this is the message I am receiving now. I no longer receive I need so send "x" amount of BTC to the specified address. Could be related to the recent attacks on the forum.
Quote
An Error Has Occurred!
Automatic unproxybans are temporarily disabled. Try again in a day or two. If you know a member of the forum, have them post in Meta on your behalf and someone will whitelist you manually.
Automatic unproxybans are temporarily disabled. Try again in a day or two. If you know a member of the forum, have them post in Meta on your behalf and someone will whitelist you manually.
My account was locked out for a few hours as well yesterday. I changed my password from work, got locked, sent the email, Theymos reactivated and I reset my pw and question when I got home. Maybe it had something to do with trying to switch the pw with a different IP I normally do not log into?
If this was done by an automated system that was put in place then I guess it effectively protected the original owner of the account. I guess theymos could shed some light on this
I believe so, and it's a similar case where you can't register a new account from a TOR IP. It would be nice to get official confirmation on this though.
The forum really should Implement some kind of 2FA for a select few highly trusted accounts. This would probably not be as difficult to implement as 2FA for everyone and there are a few accounts that could do a lot of damage if hacked.
Glad you got it sorted. That could have been a big mess.
If this was done by an automated system that was put in place then I guess it effectively protected the original owner of the account. I guess theymos could shed some light on this
I believe so, and it's a similar case where you can't register a new account from a TOR IP. It would be nice to get official confirmation on this though.
If this was done by an automated system that was put in place then I guess it effectively protected the original owner of the account. I guess theymos could shed some light on this
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Confirming from this account. Issue has been sorted out.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJVaMDkAAoJEI5wflVIgNhcYloH/1pFOMWWnoI8Gz2k9IbK1ojL
TeERkvw568up2IRJfWJyakPnuARIbc9HQqkpkMhXcaSJlDmHjYkVMK+Aap1+LsJf
ARG+pChWHm8K1RpdnfFl+hZlbX+PL1qmVBqXSeM6ygtpMaFuNHHXtB1WFkkvpX2Y
tsUq2xiViDaZkEhTWklsKMVHfLoHhA7zHEpi6mYElMaBlFK81CU2OD3qjpFl7TX9
aNP7WiTAw0Mcdouj0ZW7KMCc/7HEYdqF2Zfxw7xZP22y0HHa5qfBcSnRe/W6cDjp
4V852G0pvJwBygT/6nJ19+NNfo1dVX1YGFT6H1VxjjuTtuw7mVrRbcFwHkkLwb8=
=+gga
-----END PGP SIGNATURE-----
Hash: SHA256
Confirming from this account. Issue has been sorted out.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJVaMDkAAoJEI5wflVIgNhcYloH/1pFOMWWnoI8Gz2k9IbK1ojL
TeERkvw568up2IRJfWJyakPnuARIbc9HQqkpkMhXcaSJlDmHjYkVMK+Aap1+LsJf
ARG+pChWHm8K1RpdnfFl+hZlbX+PL1qmVBqXSeM6ygtpMaFuNHHXtB1WFkkvpX2Y
tsUq2xiViDaZkEhTWklsKMVHfLoHhA7zHEpi6mYElMaBlFK81CU2OD3qjpFl7TX9
aNP7WiTAw0Mcdouj0ZW7KMCc/7HEYdqF2Zfxw7xZP22y0HHa5qfBcSnRe/W6cDjp
4V852G0pvJwBygT/6nJ19+NNfo1dVX1YGFT6H1VxjjuTtuw7mVrRbcFwHkkLwb8=
=+gga
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
With the help of BadBear, my account is now re-activated. It was suspected that my account was locked out after a PW reset via a relatively easy Secret Question answer through an IP associated with TOR. My Secret Question has since been removed, and there's no evidence or reason to suspect that anything further happened while my account was banned.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJVaL+4AAoJEI5wflVIgNhctCUIALdVA7jwOarD674XOpHpKigc
HHjb4Flihvk1QHNmDWrvv6tbPqnob+XQWw0hyl4vQnJYyZtRdab6sIPDwC6+4ONt
dBG10Cp0Xqt+gX59As4ejJp5cUbf3JSFrHiZsmINz4cceZ6fgWDEQRJ/nMEzYnlH
MGqaiLLQtHYV9D7tZaDVTKuRnpoNshf9Je7AI2UQjq5XUHLhbEKQbQvo3XcPMJVB
R/ns1ZFOlkYhVTkp1ec7TntK2Y1GopqwWeQuoxHCgRxzruQrI+jpnjvJaW9Zcog0
GoNqGm6jRrbBAu/kHvi2ivW7s1/o3q5M6tMYBejvpaY9aTUKkdZ2+S43ARFoh/M=
=fZ5l
-----END PGP SIGNATURE-----
Hash: SHA256
With the help of BadBear, my account is now re-activated. It was suspected that my account was locked out after a PW reset via a relatively easy Secret Question answer through an IP associated with TOR. My Secret Question has since been removed, and there's no evidence or reason to suspect that anything further happened while my account was banned.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJVaL+4AAoJEI5wflVIgNhctCUIALdVA7jwOarD674XOpHpKigc
HHjb4Flihvk1QHNmDWrvv6tbPqnob+XQWw0hyl4vQnJYyZtRdab6sIPDwC6+4ONt
dBG10Cp0Xqt+gX59As4ejJp5cUbf3JSFrHiZsmINz4cceZ6fgWDEQRJ/nMEzYnlH
MGqaiLLQtHYV9D7tZaDVTKuRnpoNshf9Je7AI2UQjq5XUHLhbEKQbQvo3XcPMJVB
R/ns1ZFOlkYhVTkp1ec7TntK2Y1GopqwWeQuoxHCgRxzruQrI+jpnjvJaW9Zcog0
GoNqGm6jRrbBAu/kHvi2ivW7s1/o3q5M6tMYBejvpaY9aTUKkdZ2+S43ARFoh/M=
=fZ5l
-----END PGP SIGNATURE-----
Sorted.
Remember, the secret question/answer is basically an easier to guess second password, and the hashes for the answer (that was leaked) was a simpler version of the password hashes (which means easier to brute force).
He was likely banned by a global moderator until Theymos could give it personal attention, just as a security measure.
Mod bans don't look like that, anything with something more than the generic "You have been banned by a forum moderator..." is admin applied.
Remember, the secret question/answer is basically an easier to guess second password, and the hashes for the answer (that was leaked) was a simpler version of the password hashes (which means easier to brute force).
Could it be that suspicious logins are filtered? I've never heard of accounts being banned for security reasons, would that protect any attacker from accessing information PMs?
He was likely banned by a global moderator until Theymos could give it personal attention, just as a security measure.
Mod bans don't look like that, anything with something more than the generic "You have been banned by a forum moderator..." is admin applied.
Could it be that suspicious logins are filtered? I've never heard of accounts being banned for security reasons, would that protect any attacker from accessing information PMs?
He was likely banned by a global moderator until Theymos could give it personal attention, just as a security measure.
Could it be that suspicious logins are filtered? I've never heard of accounts being banned for security reasons, would that protect any attacker from accessing information PMs?
I think theymos issued the ban to make sure the account is not misused.
No, not even close.
Wait, you have a same problem with this person here https://bitcointalksearch.org/topic/account-not-accesible-1074232 What is really happening with Bitcointalk 
No, not even close.
Oh, my bad. I was misunderstanding the problem, I'm sorry
I think theymos issued the ban to make sure the account is not misused.
No, not even close.
Wait, you have a same problem with this person here https://bitcointalksearch.org/topic/account-not-accesible-1074232 What is really happening with Bitcointalk
No, not even close.
Wait, you have a same problem with this person here https://bitcointalksearch.org/topic/account-not-accesible-1074232 What is really happening with Bitcointalk
Edited.
You entering your password should not cause you to get banned (assuming there is no special security setting for your account because it is on level 1 default trust or something).
Someone would have to actually ban your account for some reason.
Did it have any kind of ban message (like malware or insubstantial posts + paid sig, trolling, ect.)?
Someone would have to actually ban your account for some reason.
Did it have any kind of ban message (like malware or insubstantial posts + paid sig, trolling, ect.)?
After I had reset my PW and then try logging in with my new credentials, I get:
Sorry Tomatocage, you are banned from using this forum!
For security, your account has been locked. Email [email protected]
BTW I'm still holding escrow for you, so just LMK by Email or PM me on this account once we're ready to finalize the deal.
My primary theory is still that a global moderator account was hacked and banned you for some malicious reason.
I'm not terribly worried about the funds in escrow. It is for a restively small amount and I am confident you will follow through. I'll give you a GPG signed message once the buyer approves the release of escrow. You did get my email from a few days ago with the tracking number right?
You entering your password should not cause you to get banned (assuming there is no special security setting for your account because it is on level 1 default trust or something).
Someone would have to actually ban your account for some reason.
Did it have any kind of ban message (like malware or insubstantial posts + paid sig, trolling, ect.)?
Someone would have to actually ban your account for some reason.
Did it have any kind of ban message (like malware or insubstantial posts + paid sig, trolling, ect.)?
After I had reset my PW and then try logging in with my new credentials, I get:
Sorry Tomatocage, you are banned from using this forum!
For security, your account has been locked. Email [email protected]
BTW I'm still holding escrow for you, so just LMK by Email or PM me on this account once we're ready to finalize the deal.
Yeah the [email protected] address has always been displayed on my account. I may indeed have simply typed in the password wrong (it's some F'd up like 18+ character PW) that I usually have little problem typing in. However, even after I reset the PW, I still get a message saying that my account has been banned. Better safe than sorry, I guess. I vaguely remember this happening in the past, but IIRC it just "went away" and I was able to log back in again.
You entering your password should not cause you to get banned (assuming there is no special security setting for your account because it is on level 1 default trust or something). Someone would have to actually ban your account for some reason.
Did it have any kind of ban message (like malware or insubstantial posts + paid sig, trolling, ect.)?
Yeah the [email protected] address has always been displayed on my account. I may indeed have simply typed in the password wrong (it's some F'd up like 18+ character PW) that I usually have little problem typing in. However, even after I reset the PW, I still get a message saying that my account has been banned. Better safe than sorry, I guess. I vaguely remember this happening in the past, but IIRC it just "went away" and I was able to log back in again.
I remember seeing the email in the past. I was under the impression that was his email address.
I am not sure why TC doesn't just reset his password via email.
Edit: maybe a global mod account is hacked. I don't see any reason why TC would get banned unless someone thought that his account was somehow compromised.
Also the GPG signature matches.
I am not sure why TC doesn't just reset his password via email.
Edit: maybe a global mod account is hacked. I don't see any reason why TC would get banned unless someone thought that his account was somehow compromised.
Also the GPG signature matches.
I don't think that's necessary, he's just locked himself out, not like someone else has access, as far as we know.
Just as a precautionary, although I do believe he's simply just locked himself out, as I said in my original post.
He does seem concerned himself to issue the statement or at least as a precautionary himself:
Quote
So in short, don't accept any deals with Tomatocage for the time being until I can get this issue sorted. Thanks!
EDIT: Seems the email is revealed on the account now, which I can't remember seeing that before.
Although, you've likely made a typo. I've issued a negative trust rating for the time being, warning people that you have been locked out and not to proceed to trade with the account until you have verified you have access. Unfortunately, I don't think people will take note of the feedback, due to myself not carrying any weight.
I don't think that's necessary, he's just locked himself out, not like someone else has access, as far as we know.
Although, you've likely made a typo. I've issued a negative trust rating for the time being, warning people that you have been locked out and not to proceed to trade with the account until you have verified you have access. Unfortunately, I don't think people will take note of the feedback, due to myself not carrying any weight. I've included this thread as a reference, and I will remove the feedback when it's confirmed you have gained control again.
Hope theymos will prioritise giving you your account back before there could be any damage. Do you have any suspicions on how it could have happened? Could you have been targeted?
Address: 1FLnpvdXL6ooBpFj2LHqZxQsrxn2voj5uv
Message: This is Tomatocage, May 29th, 2015.
Signature: GyajVjqGxScgbakdkEbcxQGkM3LWwHZ7iHHGOpzYQUtey2iGO+5nMHCon/zD5+b2ib9Y9XqqLp8J+rp6K2b3KBE=
Message verified. Unfortunately, I can't help Message: This is Tomatocage, May 29th, 2015.
Signature: GyajVjqGxScgbakdkEbcxQGkM3LWwHZ7iHHGOpzYQUtey2iGO+5nMHCon/zD5+b2ib9Y9XqqLp8J+rp6K2b3KBE=
EDIT: Issue has been sorted out. For more info jump to https://bitcointalksearch.org/topic/m.11484196
Hey guys, just FYI: I got locked out of my account this morning. The password I had cookied didn't appear to work, so I had reset; hence the "This user's password was reset recently."
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The address I had previously staked claim to in https://bitcointalksearch.org/topic/stake-your-bitcoin-address-here-996318 is 1FLnpvdXL6ooBpFj2LHqZxQsrxn2voj5uv and as you can see my original post has not been altered. Here is proof that I do indeed own that address:
Address: 1FLnpvdXL6ooBpFj2LHqZxQsrxn2voj5uv
Message: This is Tomatocage, May 29th, 2015.
Signature: GyajVjqGxScgbakdkEbcxQGkM3LWwHZ7iHHGOpzYQUtey2iGO+5nMHCon/zD5+b2ib9Y9XqqLp8J+rp6K2b3KBE=
Additionally, I'll PGP-sign this entire message.
So in short, don't accept any deals with Tomatocage for the time being until I can get this issue sorted. Thanks!
Regards,
TC
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBAgAGBQJVaIlKAAoJEI5wflVIgNhci+4IAIXU19L2WsqyidKiDZObWhyx
I9aaqRE0QZ0p4P/DkcBQiOZCD+4XgSU8p1lz3mcACYL+wOkNvXGzJJ9krO2j+L9g
S7gCp8++r6mntMSIoK3yvxrn2M4YPQox4Mrzqzq9zWx7Pi0mQ7mJPmGva4dGL9fJ
jNvX4PODiRTBEUxYBjg80VSTw+fyDWcZ+ZoLHo+FvUk0XiJTBQYkJozLCa70pYan
cKCHeM5iDu4/SkYd6sfBoh3WfWdQUeMAILjhEAZx5TgSuo2rlaq7fMnghe3pudGk
Wm8dzfawbysyqwcSLsLg25HKdPDkzMpcsT/69g+tTAqSrqxVSqo4dcKZ5lybIHc=
=JwOo
-----END PGP SIGNATURE-----
Hey guys, just FYI: I got locked out of my account this morning. The password I had cookied didn't appear to work, so I had reset; hence the "This user's password was reset recently."
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The address I had previously staked claim to in https://bitcointalksearch.org/topic/stake-your-bitcoin-address-here-996318 is 1FLnpvdXL6ooBpFj2LHqZxQsrxn2voj5uv and as you can see my original post has not been altered. Here is proof that I do indeed own that address:
Address: 1FLnpvdXL6ooBpFj2LHqZxQsrxn2voj5uv
Message: This is Tomatocage, May 29th, 2015.
Signature: GyajVjqGxScgbakdkEbcxQGkM3LWwHZ7iHHGOpzYQUtey2iGO+5nMHCon/zD5+b2ib9Y9XqqLp8J+rp6K2b3KBE=
Additionally, I'll PGP-sign this entire message.
So in short, don't accept any deals with Tomatocage for the time being until I can get this issue sorted. Thanks!
Regards,
TC
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBAgAGBQJVaIlKAAoJEI5wflVIgNhci+4IAIXU19L2WsqyidKiDZObWhyx
I9aaqRE0QZ0p4P/DkcBQiOZCD+4XgSU8p1lz3mcACYL+wOkNvXGzJJ9krO2j+L9g
S7gCp8++r6mntMSIoK3yvxrn2M4YPQox4Mrzqzq9zWx7Pi0mQ7mJPmGva4dGL9fJ
jNvX4PODiRTBEUxYBjg80VSTw+fyDWcZ+ZoLHo+FvUk0XiJTBQYkJozLCa70pYan
cKCHeM5iDu4/SkYd6sfBoh3WfWdQUeMAILjhEAZx5TgSuo2rlaq7fMnghe3pudGk
Wm8dzfawbysyqwcSLsLg25HKdPDkzMpcsT/69g+tTAqSrqxVSqo4dcKZ5lybIHc=
=JwOo
-----END PGP SIGNATURE-----
Jump to: