Topic: Why is this system not set up for the Bitcointalk forum? - page 2. (Read 569 times)

It is not a matter of initiative for me.  When I registered the account I found that It was not asked for any email confirmation. And since I have a business partner in this forum, I constantly call him and ask him a lot about the forum at the end of business discussions.  And since he is an old member here, I can learn many things from him and I have heard these things from his. The story of my coming to the forum I mentioned earlier in my interview

I am not completely sure about this and I do not guarantee that all the accounts sold here are hacked accounts. But as it is difficult to rank up yourself in this forum, I have said from my thoughts that, no one will interested to sell his hard builded account. Would you agree to sell your account for cash even if someone offered you $100k? Definitely not  

i Don't know much about cryptotalk but Yobit is totally shit place including there exchange platform so I never interested in using Yobit

Some newbies might not be familiar with this simple but helpful security process. That is why I commend op for this thread. I also think that it will be difficult for hackers to successfully take full control of a hacked account if members are security conscience. If an account has been hacked the owners can immediately inform the forum, I have even seen threads of members informing the community that their accounts have been hacked. And they will be asked to sign a signature from an address. That's why it is important to attach an address to your account.

But sometimes hackers have access to inactive accounts and the users do not know about the hack. This will make these hackers successfully own the account because the owner might not complain about the hack until it is discovered after some time. So logging into an account periodically even when not in use could be helpful.

First of all, you need to know that this is not a ordinary forum, this is a bitcoin forum. Remember that bitcoin is decentralized.

Although we do have a password to access the forum, but there are many other things which you setup, it will be impossible for anyone to hack the account. For example, if you sign your bitcoin address and later if somehow your account is hacked, you can claim it back.
Secondly a hacker simply can't hack your account and start using it, as you will always come up and proof that the account belongs to you.

Signing a bitcoin message to prove the ownership of your account is a much better way than to use the email OTP's and 2fa's that are being used all over the internet.

I was also frustrated to see a newbie with all these concerns, but I'm not ruling out the possibility of an alt account from an older member who doesn't want to be told off in such cases. I was also a little disheartened when the merit system was introduced a few years ago, but ultimately, it wasn't that hard to rank up. I was too young to see the positive side. Generally, account sales have been reduced compared to a few years ago when members were farming accounts due to it being easy to rank up; you just had to be active and post.

2FA is generally a decent measure to tackle any malicious attempts; however, most hacked accounts are older and abandoned accounts that suddenly wake up after being penetrated and sold on the market. Personally, I understand the desire for 2FA, but I don't believe that it's necessary.

OP, you registered in March of this year and you have all of this knowledge of forum issues/drama/etc. how....?  And since ostensibly you've only been a member here for about 3 months, why is this is a major concern for you?

I would also challenge your assertion that most account sales are those of hacked accounts.  I've been here for years now and have never seen any hard data on anything that would support or contradict that.  In fact I think account sales have decreased dramatically at least since the merit system came about, and that's likely because account farmers got cut off at the knees overnight in Jan. 2018.

The account registration security isn't really affecting you directly, right?  If that's the case and you don't like how outdated bitcointalk is (and I can't argue with you on that one), try another discussion forum.  Like cryptotalk.  That Yobit monstrosity of a website posing as a place where ideas and knowledge are shared--and that's if it still exists. 

There's just nothing like bitcointalk.  All the other forums are deader than dead.

While we are all telling OP, this is that, and that is this. He got some legit points that the forum admins should care about. 2FA was discussed in this forum multiple times. If I am not wrong, someone already wrote a patch for the forum, and I don't know why it wasn't implemented. Stunna offered Bitcoin for the patch. You cannot just blame users for not being careful and let things go on. Everyone doesn't learn things in a single day. There are a lot of people who don't care about their security till they fall into a trap. The platform can play a significant role in keeping its users safe and secure. Sometimes a new forum member needs to spend months learning more about security.

OP, if you're familiar with online security techniques and know the weaknesses in your account, you'll be hard to hack. If you do not click on other people's links, use your account separately from visiting other sites, have a strong password, and are always attentive, it is unlikely that your account will be of interest to a hacker. You should always take responsibility for keeping your data in your own hands. First, check yourself to see if you behave correctly on the Internet, among other things, sign your Bitcoin address on the forum, and sleep well.
Your safety is in your hands.

Due to ipevil restrictions, signing up with an exclusive email might be a wasteful decision the first time, unless you're willing to buy a copper membership. It's better to get the desired username first with a random email before syncing with the real email.

After all, forums have a method of security and account recovery that is known to be compromised very rarely: Signed bitcoin addresses.
All reputable account owners with high commercial value do this and almost never complain about the forum's security system.

It's freedom.

It's a Bitcoin forum and you can sign a Bitcoin message to prove your account ownership for account recovery.

• How to sign a message!!
• Stake your Bitcoin message here
• Recovering hacked/lost accounts

To change your email address, you will need to type your current password.

It was disabled long time ago after that if anyone use a secret question, that account will be locked.

2FA was asked many times. It won't be deployed on SMF-based forum, this one.

You can request it for a new forum, Epochtalk. New forum software

• Can bitcointalk.org get 2 factor authentication?
• Why doesn't Bitcointalk support 2FA?
• 2FA on bitcoin talk
• Isn't it time to introduce 2FA to enhance user account security ?
• Bitcointalk.org 2FA option/feature
• Should there be an option of adding 2fa for forum accounts?

When people lose access to their accounts (because they got hacked), it is not uncommon for them to also lose access to their email accounts. Unfortunately, it is hard to provide protection to individuals who neglect or remain ignorant about securing their online accounts. Sometimes, it boils down to poor security practices.

I really like that this forum doesn't even ask for a working email address. It is great for maintaining online privacy and keeping things anonymous, which is something many people in this community really want.

To avoid such an act of account compromise, the forum has made all users' email addresses hidden; therefore, we cannot blame the forum if our accounts are hacked due to our weak passwords or if we reveal our emails for everyone to see in the forum.

I'm not sure what pattern people who sell accounts use to hack users' forum accounts, even though the forum has made users' emails hidden by default; to some extent, I suspect that those selling accounts are forum users who have multiple accounts and would like to get rid of them, because it would be difficult for someone with only one forum account to decide to sell the account.

It's not that I'm supporting selling of accounts kind of business, but from my knowledge its quite convincing that if someone should portray that he or her want to his account of bitcointalk theirs is every tendency that the account might belong to the person, because at sometime some people doesn't like to be in forum till eternity, some people will like to sell out their account to a reasonable amount of money since they feel that they are tired or fade up using forum, when some is old enough or start having a sight challenge you will not be comfortable to logins your bitcointalk account and react to a certain suggestion or conversations again, so selling of account is a decision and also allow but it usually be negotiated outside the community of bitcointalk.

well i have not seen many cases of hackers in my little time on this platform and if there is any they are only few due to many of the reasons that could compromise someone's wallet, as crypto is totally about digitalization where phising attacks and other types of attacks are common and if someone got into them then they could be compromised and everything linked to there pc will also be compromised like this platform.
Plus i have seen so far, if someone get caught in selling or buying accounts they will be tagged and anyone could know they are selling the accounts or buying and this there reputation on the platform will be done. (means finished).
Cases of account selling
1   2   3  4 There are more on the list but to proof you that, forum is doing everything to overcome these problems.
i have no answers for these but i think there must be some authentic reason behind it but let's hear it from the most seniors.
AFAIK, i think there is one feature that helps you to recover your account, its like you have to sign a message with some wallet address (BTC) and then you will have to sign that wallet address to you BTT to prove you account ownership to admin once you got hacked by providing them the key which you will be provided. its like a 2FA. Note* i am not sure where i read it on this platform but i do know there are topics on how to do that, but i can not find any topic right now, i hope another member could mention those. or maybe i mistold you some step so please forgive me for that.

A very simple answer to your this question is that the forum is already secured to its best levels and hacking an account of this forum isn't an easy thing, but the users who have set weak passwords in first place and who hasn't hidden their email addresses might be vulnerable to brute force attacks. But, those kind of attacks can work on almost any forum or website and that depends on a user's technical knowledge during the time of new account registration.

Those accounts that are often sold by some newbie members are basically farmed accounts and they were farmed in those times when merit system wasn't implemented and any member could rank up in those days by just creating posts. The shit-posters were also able to rank up because only activity was needed to get higher ranks back then. That issue was resolved with the introduction of the merit system.



The simple answer to all of your remaining questions is that the forum has a simplistic design and it works best in this way. Those users who aren't good at technology in first place are vulnerable because of their own fault and their other accounts can also be compromised because they might have used same password on multiple websites. The forum has high privacy and the morals are of very high levels. The forum was basically created to serve as an answer book for the users so they could share their ideas with each other.

That purpose is still being served even till this day, and this is the only forum that's still following the simplistic design and ease of use for its users. And, I don't think that adding all those additional features are needed to make the forum better because those features could make it hard for new users to create accounts in first place and that's not a good thing at all.

You’re right, it’s not likely that someone would build an account to a high rank just to sell the account afterwards. Most sold accounts are usually accounts registered before the merit system came to place, back then it was easy to increase your rank by just posting. Account farmers took advantage of this opportunity to make some money without doing any work.


I have no problem with the way the forum is set up. You’re free to choose what you want, if you open an account with a fake email address, you will have yourself to blame if you forget your password and want to recover your account.

Did you search if this topic has been discussed before??

Forum accounts are regularly hacked and there are many stories of forum accounts being bought and sold. And these accounts are mostly sold by hackers. Those who hack accounts and sell them to someone for a low price. It is not possible to build a high ranking account in one night on this forum. So I don't think a person would be interested in selling an account after achieving a high rank. Because the high rank account of this forum has a value that cannot be compared with money. So why is the security of this forum not increased despite developing so much?

- Why is email confirmation not requested during account registration? I have checked that it is possible to open a forum account with an email address that does not exist or has not yet been created.
- Email OTP is not asked during password change. But why the OTP of the current email is not asked even when changing the account email address?
- There is a Secret Question facilities. which is work as a second password.  but anyone can remove it after logging in the account without giving any answer or verifying any OTP.
- Where all platforms have 2FA option for their users, why this forum has not put this option in the user account for security reasons.

I don't understand why this is not in this forum where everyone including the admin knows these things.  And since the forum was created almost 14 years ago, why has this not been done yet?  Is there any secret behind it?