- Joined
- Apr 25, 2000
- Messages
- 9,942
There’s no if, PM’s between members cannot be viewed unless invited to the conversation.
You do you.
My Account got banned?
- Thread starter p64impp
- Start date
- Joined
- Oct 2, 1998
- Messages
- 15,054
We have knifemakers in Russia, manufacturers in China, and people in the Africa & middle east as well.
On top of that, none of it matters in a world where VPNs exist and users cannot be bothered to update & use unique passwords
I do have the ability to read PMs if I change someone's account password and log in as them. This is not something I do except in the most extreme circumstances, such as after a hack has occurred. It is not something I can do casually as I do not have access to user passwords or the ability to monitor conversations without evidence.
K, just so I have this clear. You sent someone you don't know hundreds of dollars via Paypal friends & family without doing any due diligence, trusting a feedback system that we do not in any way guarantee as a means of security, despite warnings not to do so?
That's not us passing the buck. That's you being foolish and looking to blame others.
- Joined
- Oct 2, 1998
- Messages
- 15,054
As an additional step we've implemented mandatory 2 factor email authorization if a compromised password is used at login. We'll see if that works too. Of course if your email password is also compromised, that's on you.
Tony Nguyen
Gold Member
- Joined
- Jul 20, 2010
- Messages
- 471
The funny thing is that it is trivially easy to stop login while using a VPN. It is also easy to set comparative IP logins. Your emphasis on ease of use vs security on an exchange where money is traded is bad practice. Additionally your methdology is not supported by any best practices I have reviewed in the last 5 years.
I am glad you told me the feedback system is not guaranteed, therefore not worthwhile. Unfortunately this is not the burn you think it is and it further demonstrates that even high feedback members are not to be trusted.
I am sorry you feel like I am trying to blame others. For the purposes of our discussion, how many members have you had send money to hacked accounts in the last 6 months?
My thoughts on the matter are simple. If it happens once that's absolutely the individual's fault. If it happens a lot and no changes are made (besides offering 2FA and not forcing it) then that is a site policy issue. It's like a phishing email. You can train an individual to recognize the bad ones, but email policy and sorting updates are a better solution.
In my experience, lack of significant policy change after multipile security breaches indicates failure at the staff level. I imagine you see it differently.
Last edited:
- Joined
- Oct 2, 1998
- Messages
- 15,054
We do not handle any exchange of money, that is all done via third parties. We are not an escrow, we are not a trading house, we are not collecting funds. We provide a classified ads service, and do not guarantee anything.
As for "trivially easy" we're not banning all VPNs, sorry.
You shouldn't trust anyone you haven't met personally and verified that they have the goods. We've literally seen high profile knifemakers like Steve Corkum and Neil Blackwood and others suddenly run into life then money problems, take people's funds and disappear. I personally have been burned by people who were considered "good guys" until they weren't. "Feedback" is not a guarantee of anything except that past transactions went well. Caveat emptor.
Zero. Your password being compromised is on you, not us. We have no indication that the site has been breached.
We've done what we can - implementing password compromise checks, posting warnings etc. I cannot control what happens off site.
If we were the ones breached, you'd have a point. I don't see any site requiring their entire userbase to update their passwords for an unrelated site's security issues. I've done what I can by implemented compromised password checking, etc. The best security in the world doesn't matter if the user bypasses it and ignores warnings.
John Phillips
Platinum Member
- Joined
- Jan 13, 2020
- Messages
- 1,218
Love this idea!!!!!!! This insures you are dealing with the actual member and then you can absolutely trust the feedback system!!!!!! Great idea!!!!!
- Joined
- May 20, 2022
- Messages
- 36
admins have ability to track users via location etc. I know this because i was hit with a really scary seller last year who ended up getting banned. He tried to go back in and create a new account, they tracked it and banned him immediately.
They have tools in the background that can weed this stuff out to help secure the community. I expect they are going to use the same tools on me to validate hacker activity.
Yes and no.
There is no magic way to take an IP address and definitively establish its location (and besides, they can move). There are databases of IPs but they are based on various non-technical factors such as AS registrations, etc. Maxmind is the best-known example. (Yes, I know about trace route but no company is constantly tracerouting billions of IPs).
The problem is that anyone with an ounce of sophistication (or even without it now) can appear in whatever country they choose by using a VPN. Go pick any of the major VPN companies, subscribe, and when you connect you can pick from a hundred countries. If I'm in Kenya, I can effortlessly appear with a US IP. Banning VPNs would be wrong and immediately exclude a chunk of readers, including me when I'm on the road or mobile.
I'm not sure banning countries is the way to go, either. There are knife users around the world. As long as you can live with some false positives, banning countries is technically "easy"...but still requires some server-level expertise (I'm thinking of the CSF firewall or similar, though maybe XenForo has this built-in now).
There are certainly more sophisticated solutions but a small forum is not going to be able to afford them, plus they add to the admin burden, potentially very substantially.
I have not conducted a transaction on this forum, but I wouldn't let one bad experience sour you on forums in general. I've done deals over the Internet since (quite literally) before the Web existed (USENET back in the early 90s) and have had very few bad experiences. Heck, I've had more problems buying things on eBay or GunBroker than I have on forums.
It's an unprotected transaction, of course. I see nothing wrong with asking for a phone number if I'm about to send someone a substantial sum of money, and would have no problem giving mine to someone or talking over the phone. This isn't Amazon - it's a person-to-person swap meet.
There are semi-technical solutions such as requiring sellers to be verified first, etc. but that is a huge administrative burden. I am an admin on a very large international forum and we do that (though they're companies selling, not individuals), but we also charge for the privilege of selling.
I'm curious about PayPal and knives because I paid for a Microtech OTF from DLT using PayPal, and that's got to be the most legally offensive knife possible. I mean, it's an option right in their checkout, so I'm sure I'm not outing any secret.
Other well-known knife vendors have offered PayPal checkout as well, and you can buy a bajillion knives on eBay which offers PayPal. I think you can even use PayPal on Amazon now, though I could be wrong.
So...what's the deal with PayPal and knives?
I'm just going to put this out there.... It's automatically presumed that my data was hacked from another company, and therefore bladeforums was a result of said hack. I use a unique password for bladeforums, so i'm not sure how that could be. Nor did any of my other accounts get exploited. Only here.
Could it be that BF got compromised some how and some of the user data leaked out?
Could it be that BF got compromised some how and some of the user data leaked out?
p64imp
Gold Member
- Joined
- May 5, 2021
- Messages
- 412
So 2 things here, this deal thread was very short and to the point. There was no discussion after you posted your address. So i'm curious again at what point did you determine this was a scammer?
And i just now realized the dam scammer changed pricing on the thread to $190.... did this really not make you skeptical? Selling a brand new in box knife for 1/2 the list? Sorry, but if it were me, i'd have
1. asked all sorts of questions
2. got in to it with him if i already paid and believed he was a scammer
I don't see anything posted other than the neg feedback. super weird exchange...
p64imp
Gold Member
- Joined
- May 5, 2021
- Messages
- 412
hacker tried to get 2 other members too. One guy is a pretty established member of the BF community - asked for pics - realized they were posted by some other dude somewhere, challenged him, and backed out. Smart guy.
Second guy was about to send funds when the acct got shut down. Thankfully no pp email was sent.
Second guy was about to send funds when the acct got shut down. Thankfully no pp email was sent.
- Joined
- Oct 2, 1998
- Messages
- 15,054
Well considering that we have the forums up to date, they logged into your account with no failed attempts, and there's no listing for my profile password on any of the breach sites for my account or any of the alts I use for testing here? I don't think our db has been compromised. I could be wrong. But there's no indication of it.
p64imp
Gold Member
- Joined
- May 5, 2021
- Messages
- 412
second deal thread. Note how he's using multiple payment accounts...
One suggestion for mods... can we have a thread where all known scammer payment accounts are posted? A nice quick little second check before sending payment over to make sure the acct isnt on the known scammer list?
Not sure how effective it would be as i'm guessing they create accounts left and right, but it's something.
Here an idea...a mandatory picture from the seller of the knife with a piece of paper next to it with date, username and a recent newspaper from the city this will be ship . I know this will not guarantee 100% that a scam will happen BUT will cut in some % the ability of the scammer of using stolen pictures of a knive they dont have.
- Joined
- Oct 2, 1998
- Messages
- 39,531
They can go to time.gov and take an image of the knife with the date and time on the screen in the background.