Bitcoin Forum
September 24, 2018, 04:43:34 PM *
News: ♦♦ New info! Bitcoin Core users absolutely must upgrade to previously-announced 0.16.3 [Torrent]. All Bitcoin users should temporarily trust confirmations slightly less. More info.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: My idea for automation in recovering stolen accounts  (Read 118 times)
alegotardo
Full Member
***
Offline Offline

Activity: 364
Merit: 190


✪FOXBIT | Exchange✪


View Profile
May 07, 2018, 02:49:01 PM
 #1

I've been thinking of an automated way to recover stolen accounts...
And i thought of a simple solution to be implemmented.

The user signs a message only with his nickname (the same as the forum) and fills two fields in the forum: wallet and signature.


The system checks the message based on the entered wallet and nickname of the account and verifies if it checks with the informed signature.

When that user needs to retrieve your account, he accesses a specific link, for example: https://bitcointalk.org/recovery.php
The forum informs a random word and requests the nickname and signature.
The user signs a new message with the word informed and pastes the signature into the forum.
The forum verifies the signature by searching for the wallet stored in the system, corresponding to the nickname informed. If everything is okay, ask for new password and email for the account in question.


All very simple for the user, easy to implement, automated and secure.
Why not?

Sorry for my english

1537807414
Hero Member
*
Offline Offline

Posts: 1537807414

View Profile Personal Message (Offline)

Ignore
1537807414
Reply with quote  #2

1537807414
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1537807414
Hero Member
*
Offline Offline

Posts: 1537807414

View Profile Personal Message (Offline)

Ignore
1537807414
Reply with quote  #2

1537807414
Report to moderator
mdayonliner
Sr. Member
****
Offline Offline

Activity: 294
Merit: 282


Over 13BTC http://bit.ly/BTCLoan


View Profile
May 07, 2018, 02:57:04 PM
 #2

What if you are not using a valid email address? The forum does not have an email verification feature.

I had a different proposal to automate the same thing. Click here. I have seen similar proposal from another user too. I guess theymos has his own idea, may be he does not want this to be automated or may be he is looking for a better solution.

I heard they are working on new forum software so hopefully we will be seeing a solution for this in the new software.


       █
      ██
     ██
   ██ ██
 █ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
   
       █
      ██
     ██
   ██ ██
 █ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
  B

          ▄▄▄▄▄▄
     ▄▄████████████▄▄
   ▄█████▀▀    ▀▀█████▄
  ████▀            ▀████
 ████                ████
▐███                  ███▌
███▌                  ▐███
▐███           ▄▄     ███▌
 ████         ▀███▄  ▐███
  ████▄         ▀███▄███
   ▀█████▄▄     ▄█████▀
     ▀▀████████████▀▀
          ▀▀▀▀▀▀
T 
Better. Quick.

Transparent.






             ▄████▄▄   ▄
█▄          ██████████▀▄
███        ███████████▀
▐████▄     ██████████▌
▄▄██████▄▄▄▄█████████▌
▀████████████████████
  ▀█████████████████
  ▄▄███████████████
   ▀█████████████▀
    ▄▄█████████▀
▀▀██████████▀
    ▀▀▀▀▀






▄█████████████████████████▄
███████████████████████████
███████████████▀       ████
██████████████      ▄▄▄████
██████████████    ▐████████
██████████████    ▐████████
██████████            ▐████
██████████            █████
██████████████    ▐████████
██████████████    ▐████████
██████████████    ▐████████
▀█████████████    ▐███████▀






                   ▄▄████
              ▄▄████████▌
         ▄▄█████████▀███
    ▄▄██████████▀▀ ▄███▌
▄████████████▀▀  ▄█████
▀▀▀███████▀   ▄███████▌
      ██    ▄█████████
       █  ▄██████████▌
       █  ███████████
       █ ██▀ ▀██████▌
       ██▀     ▀████
                 ▀█▌
alegotardo
Full Member
***
Offline Offline

Activity: 364
Merit: 190


✪FOXBIT | Exchange✪


View Profile
May 07, 2018, 03:06:08 PM
 #3

What if you are not using a valid email address? The forum does not have an email verification feature.
Regardless of whether your email is valid or not, you only need the private key of your wallet to reset the password and also the email address of your account. Wink

I had a different proposal to automate the same thing. Click here. I have seen similar proposal from another user too. I guess theymos has his own idea, may be he does not want this to be automated or may be he is looking for a better solution.
In fact it should have, but what is the idea and when will it be implemented?
Daily, numerous users suffer from slow recovery of their accounts Sad

I heard they are working on new forum software so hopefully we will be seeing a solution for this in the new software.
Sincerely,
I already believe more in Santa Claus than in the new forum. Undecided

My idea is good.
See what currently this is the only way to recover a forum, but the process is all manual.
I am proposing the same thing, but in an automated and simple way.

digaran
Hero Member
*****
Offline Offline

Activity: 910
Merit: 611

111113DUwES2ZNWSJztA3oBuhzfcdmiaG


View Profile
May 08, 2018, 02:05:47 AM
 #4

Sold accounts not stolen, people should stop selling accounts. you want automate the process to farm and sell accounts industrially and then scam people.

HOWEYCOINS   ▮      Excitement and         ⭐  ● TWITTER  ● FACEBOOK   ⭐      
  ▮    guaranteed returns                 ●TELEGRAM                         
  ▮  of the travel industry
    ⭐  ●Ann Thread ●Instagram   ⭐ 
✅    U.S.Sec    ➡️
✅  approved!  ➡️
antifraud01
Newbie
*
Offline Offline

Activity: 21
Merit: 0


View Profile
May 08, 2018, 04:27:05 AM
 #5

Leave your bitcoin address and signature, this method is still available, but the efficiency of recovery is very low.
LoyceV
Legendary
*
Offline Offline

Activity: 1246
Merit: 1992


Let's make Bitcointalk great again!


View Profile WWW
May 08, 2018, 10:54:03 AM
 #6

All very simple for the user, easy to implement, automated and secure.
Why not?
People have their Bitcoins stolen all the time. If someone can't keep a forum password secure, chances are he'll lose other data too. Even worse, phishing sites may start abusing this by convincing people to enter their private key. People are already entering their password on fake Bitcointalk (phishing) sites!

I've never seen any other forum where so many users lose access to their account. It's your own responsibility to keep your computer secure, Admins are already overloaded in work, and I don't think they want to add more features to the forum just for people who can't keep their password secure. Account recovery doesn't have a high priority.

alegotardo
Full Member
***
Offline Offline

Activity: 364
Merit: 190


✪FOXBIT | Exchange✪


View Profile
May 08, 2018, 11:40:58 AM
 #7

Sold accounts not stolen, people should stop selling accounts. you want automate the process to farm and sell accounts industrially and then scam people.
I agree with you, I didn't think that way.
But, don't accuse me of practicing it (I hope it was not your intention).
In any case, if a person buys a bitcointalk account, she needs to f##k herself.

I think this would reduce reduce the sales if the administrator blocks the change of a wallet signature set in the profile.
Whoever buys an account knows that seller can recovery it.

Leave your bitcoin address and signature, this method is still available, but the efficiency of recovery is very low.
I've done this and everyone should do it, the problem lies in the fact that recovery is slow (sometimes impossible).
Apart from the time and hassle that managers spend on recoveries.

People have their Bitcoins stolen all the time. If someone can't keep a forum password secure, chances are he'll lose other data too. Even worse, phishing sites may start abusing this by convincing people to enter their private key. People are already entering their password on fake Bitcointalk (phishing) sites!

I've never seen any other forum where so many users lose access to their account. It's your own responsibility to keep your computer secure, Admins are already overloaded in work, and I don't think they want to add more features to the forum just for people who can't keep their password secure. Account recovery doesn't have a high priority.
It's true, the user will never stop being a user, susceptible to hacking, pishing and viruses. It's unfortunate and I agree with you.
And if he is dumb to give even your wallet private key, then he doesn't deserve to have a recovered account.

About the time of admins, I still think they spend much more time recovering these stolen/sold accounts than they would lose if they were to implement this feature.



Anyway...
My idea was to discuss the technical feasibility of a simple feature, but it seems that everyone thinks that the user does not matter, even if the cost is minimal.

Sorry again for my english and excuse my stubbornness Tongue

mdayonliner
Sr. Member
****
Offline Offline

Activity: 294
Merit: 282


Over 13BTC http://bit.ly/BTCLoan


View Profile
May 08, 2018, 11:43:03 AM
 #8

Even worse, phishing sites may start abusing this by convincing people to enter their private key. People are already entering their password on fake Bitcointalk (phishing) sites!

You know what I think of the reasons for all these account hack and stuffs? Most probably it's for that (.to) phishing site. How come these people do not see that it's not .org it's .to


Click here if unable to see image

Please people, wake up!!!


       █
      ██
     ██
   ██ ██
 █ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
   
       █
      ██
     ██
   ██ ██
 █ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
  B

          ▄▄▄▄▄▄
     ▄▄████████████▄▄
   ▄█████▀▀    ▀▀█████▄
  ████▀            ▀████
 ████                ████
▐███                  ███▌
███▌                  ▐███
▐███           ▄▄     ███▌
 ████         ▀███▄  ▐███
  ████▄         ▀███▄███
   ▀█████▄▄     ▄█████▀
     ▀▀████████████▀▀
          ▀▀▀▀▀▀
T 
Better. Quick.

Transparent.






             ▄████▄▄   ▄
█▄          ██████████▀▄
███        ███████████▀
▐████▄     ██████████▌
▄▄██████▄▄▄▄█████████▌
▀████████████████████
  ▀█████████████████
  ▄▄███████████████
   ▀█████████████▀
    ▄▄█████████▀
▀▀██████████▀
    ▀▀▀▀▀






▄█████████████████████████▄
███████████████████████████
███████████████▀       ████
██████████████      ▄▄▄████
██████████████    ▐████████
██████████████    ▐████████
██████████            ▐████
██████████            █████
██████████████    ▐████████
██████████████    ▐████████
██████████████    ▐████████
▀█████████████    ▐███████▀






                   ▄▄████
              ▄▄████████▌
         ▄▄█████████▀███
    ▄▄██████████▀▀ ▄███▌
▄████████████▀▀  ▄█████
▀▀▀███████▀   ▄███████▌
      ██    ▄█████████
       █  ▄██████████▌
       █  ███████████
       █ ██▀ ▀██████▌
       ██▀     ▀████
                 ▀█▌
LoyceV
Legendary
*
Offline Offline

Activity: 1246
Merit: 1992


Let's make Bitcointalk great again!


View Profile WWW
May 08, 2018, 11:56:28 AM
 #9

You know what I think of the reasons for all these account hack and stuffs? Most probably it's for that (.to) phishing site. How come these people do not see that it's not .org it's .to
I fell for it, until I realized I wasn't logged in. The main problem is that Google shows many links to the phishing site, instead of banning them.
I don't normally look at tiny details in the top-bar when I'm just reading websites.

I have added this line to /etc/hosts
Code:
127.0.0.1       bitcointalk.to
Now my computer can't access that phishing site anymore.

Now it looks like this:
Loading no phishing screenshot...

Thirdspace
Hero Member
*****
Offline Offline

Activity: 742
Merit: 582


Mixing reinvented for your privacy | chipmixer.com


View Profile
May 08, 2018, 12:24:55 PM
 #10

All very simple for the user, easy to implement, automated and secure.
Why not?
as I said before in another thread, I believe theymos doesn't want automation on account recovery
he needs to review case by case and determine if account recovery should be granted

See what currently this is the only way to recover a forum, but the process is all manual.
I am proposing the same thing, but in an automated and simple way.
sometimes for certain things automated process is bad and vulnerable to abuse
and doing it manually can discover something that an automated process cannot apprehend

alegotardo
Full Member
***
Offline Offline

Activity: 364
Merit: 190


✪FOXBIT | Exchange✪


View Profile
May 08, 2018, 12:43:01 PM
 #11

All very simple for the user, easy to implement, automated and secure.
Why not?
as I said before in another thread, I believe theymos doesn't want automation on account recovery
he needs to review case by case and determine if account recovery should be granted

See what currently this is the only way to recover a forum, but the process is all manual.
I am proposing the same thing, but in an automated and simple way.
sometimes for certain things automated process is bad and vulnerable to abuse
and doing it manually can discover something that an automated process cannot apprehend
We'll find a middle ground then...

First, the user do it the process automated (described in the first topic), and this triggers an alert for the theymos to will check the request.

So, Theimos isn't wasting time with fake requests and can still analyze if it recovers or not the account, based on its criteria.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!