Dan
Contributor
Beside making the password unique and complex, how about enabling Email Confirmation in “Two-Factor Verification”?
It's a bit of PIA, but I hope it would deter some hackers.
Welcome to ScubaBoard, the world's largest scuba diving community. Registration is not required to read the forums, but we encourage you to join. Joining has its benefits and enables you to participate in the discussions.
Benefits of registering include
Beside making the password unique and complex, how about enabling Email Confirmation in “Two-Factor Verification”?
Did you figure out who it was that hacked the SB account? Do you know the email address he used when he took the SB account over?
The problem with this is by the time you read the notice, you can’t login to your SB account anymore and the damage is done, i.e., that “too good to be true” BCD could be sold to an unsuspecting buyer by the time the administrator did something about it.I don't know who, but the system did shoot me an e-mail at my real address telling me the password had been changed. Here's part of that:
"Your email at ScubaBoard was recently changed to seqecyxa@thichanthit.com. If you made this change, you may ignore this message.
If you did not request this change, please log in and change your password and email address. If you are unable to do this, please contact an administrator.
Your email was changed by the IP 181.215.176.103."
If I did as shown below, would I be alerted to my email for any “For Sale” posts in SB and for any thread title with “For Sale” on the title?Hmmm. That has some interesting possibilities, but every active moderator would have to set the "Keyword Alerts" individually. Any innocent use of a particular word might trigger so many Alerts (like the upper right corner "Alerts" that it could be overwhelming.
You (meaning all our members) is our first line of defense. You sniffed this impostor our before Staff could brew our first cup in the morning. Using the Report function is great but fleshing a suspicious poster out when something doesn't smell right is even faster.
I'm not suggesting that you accuse someone at the first hint, especially since you could be mistaken, but there is nothing wrong with pointing out that using an unprotected payment method has been used in scams before.
My employer (Verizon) sprung for "Allstate Identity Protection" for employees. It's very comprehensive. Unfortunately, maybe a bit too much so as they seem to notify me frequently about my credentials being found somewhere or some other problem. I'm still pretty new to using the service. A week or so ago I got notified about a hack on the local parking app (where you pay for parking spots at the local beach). Apparently my credentials were included in the hack and subsequently turned up somewhere.It wasn't anything guessable. Had to be one of those 'data leaks' we hear about. IIRC (since my computer and phone logged me on automatically so I didn't have to enter it often), this was an old password I'd used in other places, and had for a long time. Most of my other site passwords had gotten changed over time, as some sites have demanded more complex passwords, etc...
IMHO this sounds like a laborious work around for something there should be a quick way to email/message the board admins. The amount of time spent trying to understand this function is not going to be spent by a regular user.If I did as shown below, would I be alerted to my email for any “For Sale” posts in SB and for any thread title with “For Sale” on the title?
What the “Keyword Set” entry is for?
View attachment 656886
Try an email to support@scubaboard.comHowever, if I am locked out and unable to post or PM anyone on the board and suspect a foul play, what should be the the next step?
However, if I am locked out and unable to post or PM anyone on the board and suspect a foul play, what should be the the next step?