Bitcoin Forum
September 21, 2019, 10:24:16 AM *
News: Latest Bitcoin Core release: 0.18.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Account Recovery Moderator  (Read 127 times)
lord munchkin
Jr. Member
*
Offline Offline

Activity: 48
Merit: 7


View Profile
March 01, 2018, 11:49:51 AM
Last edit: March 01, 2018, 12:08:33 PM by lord munchkin
 #1

I see more and more threads that are started by people who have had their accounts hacked. People are making these threads because they are not receiving any replies from theymos or cyrus, who are way too over burdened with keeping this forum running smoothly. What is worse is that many of these people have proven ownership with a signed message. I have a solution to this problem.

Theymos could appoint a moderator who could moderate the recovery of hacked accounts.

This doesn't mean theymos would need to give root privileges to this account moderator. Only the privilege of creating a temporary password for the hacked account so that the original user can log in.

A system log should be documented of all accounts that are recovered in this manner for the public to view. This system log should also include the signed message for each account which would prove ownership. This will stop the moderator from abusing the system because all recovered accounts can be publicly viewed as well as the evidence proving the account was given to the correct person.

Any opinions or thoughts?
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1569061456
Hero Member
*
Offline Offline

Posts: 1569061456

View Profile Personal Message (Offline)

Ignore
1569061456
Reply with quote  #2

1569061456
Report to moderator
1569061456
Hero Member
*
Offline Offline

Posts: 1569061456

View Profile Personal Message (Offline)

Ignore
1569061456
Reply with quote  #2

1569061456
Report to moderator
jackg
Copper Member
Legendary
*
Offline Offline

Activity: 1498
Merit: 1305


https://bit.ly/2FR9nyn - free python tutorials


View Profile
March 01, 2018, 02:50:32 PM
 #2

An automated script page would be a better idea in my opinion. For something simple like that. All it needs is unquoted text of a bitcoin address (or maybe 2) that could be automatically verified for simple cases by the code (though with a PM sent to the account and giving them 7-14 days notice to contest the issue if it isn't a genuine case)...

hilariousetc
Legendary
*
Offline Offline

Activity: 1344
Merit: 2194


Merit Felcher


View Profile
March 01, 2018, 03:00:54 PM
 #3

I think it's quite obvious that someone is needed to help with the workload on this as most accounts just aren't getting restored at all even with signed messages or other such proof that is likely sufficient. Root access might not need to be given but access to other sensitive info will be (IPs and emails etc) and to reset people's accounts could be abused in the wrong hands. I suggested to theymos before that another admin is badly needed and if there's nobody else he trusts to do it then he should consider just paying himself a sufficient wage and do admin duties full time.

Distributing other workload between current staff should also happen as there's numerous sub boards with absolutely no dedicated moderator at all.

An automated script page would be a better idea in my opinion. For something simple like that. All it needs is unquoted text of a bitcoin address (or maybe 2) that could be automatically verified for simple cases by the code (though with a PM sent to the account and giving them 7-14 days notice to contest the issue if it isn't a genuine case)...

It's not always as cut and dry as this though and sometimes accounts need looking into in depth. It would be abused as well. People would just start selling their account then claiming it back instantly if it was automated.

jackg
Copper Member
Legendary
*
Offline Offline

Activity: 1498
Merit: 1305


https://bit.ly/2FR9nyn - free python tutorials


View Profile
March 01, 2018, 03:13:08 PM
 #4



An automated script page would be a better idea in my opinion. For something simple like that. All it needs is unquoted text of a bitcoin address (or maybe 2) that could be automatically verified for simple cases by the code (though with a PM sent to the account and giving them 7-14 days notice to contest the issue if it isn't a genuine case)...

It's not always as cut and dry as this though and sometimes accounts need looking into in depth. It would be abused as well. People would just start selling their account then claiming it back instantly if it was automated.

Exactly the purpose of the 14 day period.

And what's to stop people ordinarily selling their accounts and trying to reclaim them back anyway. I mean there's not too much evidence that would be gatherable to prove the account wasn't hacked, sold and is then reclaimed by the original owner. Buying accounts is quite risky.

hilariousetc
Legendary
*
Offline Offline

Activity: 1344
Merit: 2194


Merit Felcher


View Profile
March 01, 2018, 05:04:31 PM
 #5

Exactly the purpose of the 14 day period.

And what's to stop people ordinarily selling their accounts and trying to reclaim them back anyway. I mean there's not too much evidence that would be gatherable to prove the account wasn't hacked, sold and is then reclaimed by the original owner. Buying accounts is quite risky.

1 day or 14 it doesn't make a difference really as they'll just wait whatever delay it is out then follow the process. And people have sold their account and tried or have even been successful in claiming it back in the past.  At the moment the thing that is probably stopping them from doing this is people aren't getting their accounts back at all Grin. This sort of scam would become more common if someone was actively handling the requests but even more so if the process was automated. To kill the market for accounts I think we should just disallow their sale here and allow people to purchase additional membership ranks (Silver and Gold) that come with the benefits of Full and Hero members etc. Would pretty much all but kill the account farming and selling business and curb the chance of people just doing the restore scam.

longlivecapitalism
Member
**
Offline Offline

Activity: 686
Merit: 15


View Profile
March 01, 2018, 05:37:46 PM
 #6

Exactly the purpose of the 14 day period.

And what's to stop people ordinarily selling their accounts and trying to reclaim them back anyway. I mean there's not too much evidence that would be gatherable to prove the account wasn't hacked, sold and is then reclaimed by the original owner. Buying accounts is quite risky.

1 day or 14 it doesn't make a difference really as they'll just wait whatever delay it is out then follow the process. And people have sold their account and tried or have even been successful in claiming it back in the past.  At the moment the thing that is probably stopping them from doing this is people aren't getting their accounts back at all Grin. This sort of scam would become more common if someone was actively handling the requests but even more so if the process was automated. To kill the market for accounts I think we should just disallow their sale here and allow people to purchase additional membership ranks (Silver and Gold) that come with the benefits of Full and Hero members etc. Would pretty much all but kill the account farming and selling business and curb the chance of people just doing the restore scam.
That's a good idea and it would mean some profits for this forum too. Why not give people the ability to purchase their rank? That would kill a lot of spamming too. I think we've all noticed an increased amount of threads made by people who are desperate to rank up.

So,
A) Less hacking
B) Less Spamming
C) More happy users

Why not?

▐▐   ▬▬▬▬▬   DeepOnion   ▬▬▬▬▬   ▌▌
████    40 PUBLIC AIRDROPS COMPLETED    TOR INTEGRATED    ████
▬▬▬▬   (✔) DeepVault Blockchain File Signatures  •  VoteCentral Your Vote Counts  •  deeponion.org   ▬▬▬▬
jackg
Copper Member
Legendary
*
Offline Offline

Activity: 1498
Merit: 1305


https://bit.ly/2FR9nyn - free python tutorials


View Profile
March 01, 2018, 07:00:58 PM
 #7

Exactly the purpose of the 14 day period.

And what's to stop people ordinarily selling their accounts and trying to reclaim them back anyway. I mean there's not too much evidence that would be gatherable to prove the account wasn't hacked, sold and is then reclaimed by the original owner. Buying accounts is quite risky.

1 day or 14 it doesn't make a difference really as they'll just wait whatever delay it is out then follow the process. And people have sold their account and tried or have even been successful in claiming it back in the past.  At the moment the thing that is probably stopping them from doing this is people aren't getting their accounts back at all Grin. This sort of scam would become more common if someone was actively handling the requests but even more so if the process was automated. To kill the market for accounts I think we should just disallow their sale here and allow people to purchase additional membership ranks (Silver and Gold) that come with the benefits of Full and Hero members etc. Would pretty much all but kill the account farming and selling business and curb the chance of people just doing the restore scam.
That's a good idea and it would mean some profits for this forum too. Why not give people the ability to purchase their rank? That would kill a lot of spamming too. I think we've all noticed an increased amount of threads made by people who are desperate to rank up.

So,
A) Less hacking
B) Less Spamming
C) More happy users

Why not?

There'd be a lot more hacking if you had to purchase ranks. (Get a fresh account, Pay the 1BTC to get it to legendary status) then it gets hacked and someone gets a good account. Not exactly what we want.

Also, isn't this what the merit system was supposed to do? (Reduce spam)

hilariousandco
Chopper Member
Global Moderator
Legendary
*
Offline Offline

Activity: 2128
Merit: 1657


KnowNoBorders.io


View Profile WWW
March 02, 2018, 08:09:25 AM
 #8

Yes, but people can still buy accounts to get around it anyway so why not allow people to jump the que legally if they're prepared to pay for it like I just explained here:

It's still pretty bare bones and hardly a huge perk really. I have suggested and still think we should consider implementing the other membership levels with additional perks. Silver Member gets you everything a Full Member has and Gold everything a Hero does (with possibly additional benefits). Offering these ranks will essentially kill the market for farmed accounts and hackings as nobody will bother buying them when you can just purchase a legit one from the forum instead. At least all those crying that merit is too difficult to achieve can just buy the privileges instead and the money then goes to the forum rather than someone selling accounts or merits etc.

Complicated suggestion now since these higher ranks have additional merit requirements which must now be earnt. By paying money you can essentially skip these requirements, which would circumvent the entire purpose of merit.

Well that's kind of the point and it's just a way to skip the que if you're prepared to pay for it. The copper membership already gives you some benefits of things that can only be earned over time, but merit is still relevant and for most people will just try rank up their account naturally but for those that are willing to pay they can do so. There will still be a difference between say a Gold member with no merit and a person who has ranked themselves up to Hero naturally by getting the required merit. I like the idea of a rank or title that can only be achieved by getting a certain amount of merit as well.

As for hackings these have become a lot less frequent with the addition of the email verification now and other 2fa methods will be available on the new forum software.

████████████████████████████
████████▀▀ █▀ █▀ ▀██████████
█████████▄ ▄▄▄▄▄▄███████████
██████████▀     ▀  ▀████████
███████▀ ▀  ▄█▀▀▀█▀▀████████
██████▄      █▄  ▀▀  ▀██████
██████         ▄▄█▄ ▄ ▀█████
█████ ▄         ▀▀ ▄ ▀ █████
██████▌          █▀█▀ ▐█████
███████  ▄▌         ▄ ██████
████████▄█         ▄████████
█████████▀     ▄▄ ▄█████████
████████████████████████████
.JACKMATE'S...........
.
MAJESTIC..
████████████████████████
███████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
.
..WIN 1 BITCOIN ON EVERY PREMIER LEAGUE MATCHDAY..
████████████████████████████████
████████████▀█▀ ▀█▀█▀███████████
███████████▄ ▄▄▄▄▄▄▄████████████
███████████▀▀▄▄▄▄▄▄▄▄███████████
█████████▀▄ ██▀▄▄▄ ▀ ▄▀█████████
███████▀ ▀█████▄▄▄█▄▄▄██████████
███████▀▄████████▀  ▀█ █▐███████
███████ ▀█████████▄█▀▀██ ███████
████████ ███▀██████ ▄ ██ ███████
████████▌▐▀▄ ██████████ ▄███████
█████████▄██▌▐█████▀██ █████████
████████████▄▀▀▀▀▀▄ ▀▄██████████
████████████████████████████████
.
.JOIN US - IT'S FREE! .
longlivecapitalism
Member
**
Offline Offline

Activity: 686
Merit: 15


View Profile
March 02, 2018, 11:56:24 AM
 #9

Exactly the purpose of the 14 day period.

And what's to stop people ordinarily selling their accounts and trying to reclaim them back anyway. I mean there's not too much evidence that would be gatherable to prove the account wasn't hacked, sold and is then reclaimed by the original owner. Buying accounts is quite risky.

1 day or 14 it doesn't make a difference really as they'll just wait whatever delay it is out then follow the process. And people have sold their account and tried or have even been successful in claiming it back in the past.  At the moment the thing that is probably stopping them from doing this is people aren't getting their accounts back at all Grin. This sort of scam would become more common if someone was actively handling the requests but even more so if the process was automated. To kill the market for accounts I think we should just disallow their sale here and allow people to purchase additional membership ranks (Silver and Gold) that come with the benefits of Full and Hero members etc. Would pretty much all but kill the account farming and selling business and curb the chance of people just doing the restore scam.
That's a good idea and it would mean some profits for this forum too. Why not give people the ability to purchase their rank? That would kill a lot of spamming too. I think we've all noticed an increased amount of threads made by people who are desperate to rank up.

So,
A) Less hacking
B) Less Spamming
C) More happy users

Why not?

There'd be a lot more hacking if you had to purchase ranks. (Get a fresh account, Pay the 1BTC to get it to legendary status) then it gets hacked and someone gets a good account. Not exactly what we want.

Also, isn't this what the merit system was supposed to do? (Reduce spam)
I didn't say no more spam, I said less spam. And no, I don't think the merit system has effectively reduced spam because now we have all these threads where people are trying to sound intelligent and offer guidance for others while their only purpose is to gain merits. And the posts are not very intelligent or original either.

▐▐   ▬▬▬▬▬   DeepOnion   ▬▬▬▬▬   ▌▌
████    40 PUBLIC AIRDROPS COMPLETED    TOR INTEGRATED    ████
▬▬▬▬   (✔) DeepVault Blockchain File Signatures  •  VoteCentral Your Vote Counts  •  deeponion.org   ▬▬▬▬
LoyceV
Legendary
*
Online Online

Activity: 1610
Merit: 4641


Largest Merit Circle on BPIP!


View Profile WWW
March 02, 2018, 01:11:04 PM
Merited by InvoKing (1)
 #10

I've been thinking about something similar recently: what if I (or anyone else for that matter) collect a list of signed proof provided by the original owner, anything from staked address to signed and verified message that includes all necessary information. If this has been pre-checked and theymos/cyrus get a long list that can very quickly be checked and processed, would they be willing to spend the required time once a week (or once a month)?
I'm happy to help out a bit, it could even be a central thread instead of many loose threads.

Of course, this will only work for people who have a publicly staked address and can still sign from it, as they're easily checked. Anybody wou can't sign from a staked address will just be on his own (like now).

InvoKing
Legendary
*
Offline Offline

Activity: 1386
Merit: 1064


View Profile
March 02, 2018, 01:39:50 PM
 #11

I've been thinking about something similar recently: what if I (or anyone else for that matter) collect a list of signed proof provided by the original owner, anything from staked address to signed and verified message that includes all necessary information. If this has been pre-checked and theymos/cyrus get a long list that can very quickly be checked and processed, would they be willing to spend the required time once a week (or once a month)?
I'm happy to help out a bit, it could even be a central thread instead of many loose threads.

Of course, this will only work for people who have a publicly staked address and can still sign from it, as they're easily checked. Anybody wou can't sign from a staked address will just be on his own (like now).

Exactly what i would say.
I don't know if theymos or Cyrus are taking a look on ips, pms and crypto addresses in order to get more information about the case, but for the majority it is is quite easy to verify that the hacked account is linked to the one that could verify an old staked address, this member can take back his account in few days and if it requires digging it could be done later imo. For the one that he doesn't staked any address and have another method, he needs to wait longer to be verified by admins.
No need for another admin and btw any information about badbear (previous admin) i didn't find a topic talking about him, he couldn't just look for this issue in case he doesn't have too much time to do admin regular activities?
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!