For Sale BUYER BEWARE Zelle

Please register or login

Welcome to ScubaBoard, the world's largest scuba diving community. Registration is not required to read the forums, but we encourage you to join. Joining has its benefits and enables you to participate in the discussions.

Benefits of registering include

  • Ability to post and comment on topics and discussions.
  • A Free photo gallery to share your dive photos with the world.
  • You can make this box go away

Joining is quick and easy. Log in or Register now!

Geo7:
And the newly created users will fall into a narrow time window,
Click to expand...
I can't answer this question. Historically, most Scuba Forums were spawned off of ScubaBoard. One was created because they wanted to be able to flame each other. One thought we were too this, another too that, and so on. The word would get out and users would go and check out the new guys, often using the same username and password. Almost all of them have now disappeared, only their databases are spread all over who knows where. Someone has found one of these abandoned databases and has back-engineered it, harvesting old usernames and passwords. So, most of the users are "resurrected" and there's simply no way to figure out who's next. The mods were forced to change their passwords, but there's no easy way to do that globally here... yet. Yes, we're working on it. You might have to ask to have your password changed sometime in the future. In the near future at that. Until we figure that out, prudence tells us that you should check your email address, make sure it's right, and then change your password RIGHT NOW. So far, I personally know each and every one of the people he's hacked. It's easy for me to call them and get it right. That won't always be the case, so go protect your account now.
 
Hi, first of all, thank you all for identifying the scumbag in question, and working diligently to frustrate his efforts.

I see from posts #23 and #24 that SB does offer two-factor authentication, which is a great security feature. I just opted into it myself. 2FA is designed to solve the class of problems Pete described in post #51, and would have kept those accounts safe, even if their passwords were leaked.

@The Chairman have you considered making 2FA mandatory for all SB users? Or if that is problematic in some way, perhaps just the admin/mod team, which were targeted for these reputation-dependent attacks? I don't know whether XenForo supports making 2FA mandatory, but the increased security might be worth the inconvenience tradeoff to users. Just a thought, thanks again for all you do around here.

Edit to add: or a third possibility, make 2FA mandatory for accounts posts the classified section. Again, not sure if XenForo supports this, but it might be the least restrictive way to gain the security improvements where it would be most useful.
 
Brett Hatch:
@The Chairman have you considered making 2FA mandatory for all SB users?
Click to expand...
It's not a simple switch... at least not at this point. Or I don't see it. 2-factor verification on some phones is tragic and a lot of our users are in small format. I can't/won't share our final solution as I don't want to give our ahole scammer a heads up, but I do appreciate the suggestions.
 
The Chairman:
It's not a simple switch... at least not at this point. Or I don't see it. 2-factor verification on some phones is tragic and a lot of our users are in small format. I can't/won't share our final solution as I don't want to give our ahole scammer a heads up, but I do appreciate the suggestions.
Click to expand...
100% understood on publicizing your defense strategy, especially before you are ready to actually do it. I have a couple of other ideas here, which I will take to your private DM messages.
 
FWIW for sometime now after I have sold an item I delete the pictures for the advert. And often the description. Doing so might help with pictures getting poached.
 
You must log in or register to reply here.
https://www.shearwater.com/products/teric/

Back
Top Bottom