[The hello-nice-to-meet-you-you're-locked-message looks like this:]

Someone asked the related question in our local board, so I started to search and found these reasons why the account could be locked (not banned) on bitcointalk.org. Unfortunetely, I just can't find the exect description of time and process for some cases (and also the confirmation if I made the whole list), so I thought that somebody from the staff can assist me.


1. Proxyban.

The hello-nice-to-meet-you-you're-locked-message looks like this:

You are unable to post. How to enable posting.

Bitcoin Forum > Remove Proxyban
Your IP address has previously been used for evil on this forum, or it is a known proxy/VPN/Tor exit node, so you are required to pay a small fee before you are able to post messages or send PMs. You can still use all of the read-only features without paying.

Your account contains XXX units of evil. To atone, you must pay a total of XXX bitcoins (XXX mBTC; XXX satoshi). Pay to the address XXX. Once you have paid the full amount, wait a few seconds and then reload this page. If the fee is so small that your wallet is unable to send it, you can send any larger amount, though you will not be refunded the difference.

Alternatively, any forum staff member and some other notable members can manually whitelist you. Paying the fee is probably easier/quicker, though.

If you don't have any bitcoins, you can get small amounts of free bitcoins using the sites listed here. It is recommended that you give the free bitcoin sites the address listed above. Do not collect money in your own wallet and then send the bitcoins to the forum -- this will likely result in significant network fees.

If you find any bugs in this system, email pbbugs-...@.... For example, send email here if your payment is not registered an hour after sending it. You will be permanently banned if you send email here requesting free whitelisting.

Examples: threadone, threadtwo, threadthree.
WTH?! A measure implemented basically to prevent the ban evasion and spam.
The process: someone tries to register with TOR/proxy/VPN/IP that was previously used by some violator - and recieves the automatic block.
Possible solution for innocents: use the "white" IP to register or pay a fee.


2. Secret question block.

The hello-nice-to-meet-you-you're-locked-message looks like this:

Sorry Guest, you are banned from using this forum!
For security, your account has been locked. Email acctcomp15@theymos.e4ward.com

Examples: threadone, threadtwo, threadthree.
WTH?! The aftermath of forum database leak'2015. Was implemented for security reasons (so someone who gained the access to the compromised answers couldn't use them).
The process: someone tries to reset his/her password with secret question and receives the automatic block. The result is displayed on seclog page as "password reset via secret question".
Possible solution for innocents: forget about secret questions and/or try to restore the account according to procedure described in official topic (or create a thread in Meta providing the signed message so Global Mods could help).


3. Block on suspicion of being hacked or due to the long period of inactivity.

Can be of two types:

 - when user him/herself blocks the account via e-mail:

Sorry XXX, you are banned from using this forum!
For security, your account has been locked. Email acctcomp15@theymos.e4ward.com

WTH?! Someone obviously hacked the account.
The process: account owner detected invasion in time and applied the link which was sent to his/her e-mail.
Possible solution for innocents: try to restore the account according to procedure described in official topic.

 - [???] (see the questions below):

Sorry Guest, you are banned from using this forum!
For security, your account has been locked. Email acctcomp15@theymos.e4ward.com

Sorry XXX, you are banned from using this forum!
Your account looks like it may have been hacked, so it was locked for safety. Email hacked-hw9521c@theymos.e4ward.com

Sorry Guest, you are banned from using this forum!
Your account is locked because it sat inactive for years after the password hashes were leaked in 2015, and was therefore at high risk of being hacked. Email react-vdnp8@theymos.e4ward.com to get it unlocked.

Examples: threadone, threadtwo, threadthree, threadfour, threadfive.
WTH?! The aftermath of forum database leak'2015.
The process: Account was suspended for years and then someone comes and tries to log in.
Possible solution for innocents: try to restore the account according to procedure described in official topic (or create a thread in Meta providing the signed message so Global Mods could help).


Questions:

Regarding the one noted with question marks:
- Are they actually auto blocks or somebody (I mean the staff) still pushs the button?
- For how long the account should be inactive to be locked (or what curcumstances lead it to be locked)?
- Which message corresponds to which case?
- It looks like some message shows up for someone who appeared to fall into certain list of potentially hacked users (in other words was manually added to some group by mods and thus received the security block) - is that so?
- Seclog page often displays the "woke up" lines - are they connected with blocks somehow?

Also do we have any other blocks?..

[The situation]

I wonder if someone from staff can clarify this.

The situation

Recently one of our Legendarys was hacked. He created a thread describing what happened (I adduce the translation from Russian below):

Got 2 messages:

• the link to reset my allegedly 'forgotten' password:

  Dear Vadi2323,
  
  This mail was sent because the 'forgot password' function has been applied to your account. To set a new password click the following link:
  
  <the link's here>
  
  IP: 173.224.120.147
  
  Username: Vadi2323
  
  Regards,
  The Bitcoin Forum Team.

• after that - the letter about password change turned up:
  

  Dear Vadi2323,
  
  Your Bitcoin Forum (bitcointalk.org) password was just changed by IP address 173.224.120.147 via email recovery. If you did not do this, then you should use the forgotten password feature to change your password.
  
  Regards,
  The Bitcoin Forum Team.

I tried to log in - and password indeed didn't match. Then I changed it myself via forgot password option.

Also I checked the e-mail visit log, but it revealed my IPs only, no 173.224.120.147.

E-mail didn't seem to send messages to any other addresses too.

WTF?

In other words, someone somehow changed his password bypassing the e-mail (since it doesn't look like the e-mail was compromised).
The chronology:

https://ip.bitcointalk.org/?u=https%3A%2F%2Fs8.hostingkartinok.com%2Fuploads%2Fimages%2F2018%2F03%2F622f841b86de505e1fc0c20e7a84eee6.png&t=586&c=3gzXpgExQJ7frA

Moscow time:

20:21 - hacker requested the password reset via e-mail
20:50 - hacker changed the password (as if he was using the e-mail link)
20:55 - I requested the password reset via e-mail
20:56 - I changed the password (definitely using the e-mail link)

Our suppositions

Reset links sent by e-mails are typal. Usually we receive a message including link like that:

https://bitcointalk.org/index.php?action=reminder;sa=setpassword;u=userIDhere;code=someCodeHere

Presumably anyone can set the userIDhere to the ID of target account and get to the targetaccount's 'change password here' page.
The snag is in the last part of the link - the code. I assume that it's supposed to be unique and should be formed by engine for every request. And you can't change the password if the code is wrong.

So for now the only reasonable explanation we have is that someone just brute forced that code. Using some kind of automated tool, for example.

Accordingly the question is: can this be true? Or perhaps some other possibility to change password on the reset-email-stage without e-mail access exists?