Would a scam thread sticky in the classifieds be a good idea?

[MadAsAHatter]

I just saw where Johnny5's account was hacked or whatever scam was going on there. Seems like the scammers are recirculating some of the old scams and upping the game with some new ones. Would it be a good idea to put a sticky at the top of the classifies page as a collection of ongoing scams? In my head I see it as a place to post directly about a scam or link to an existing thread about one instead of having multiple stickies about individual scams or other threads getting lost in the mix.

 

[alund]

I agree. Maybe, only moderators should be able to post the sticky that way it doesn’t get cluttered like the “crazy deal alerts” thread. We have the same type of alert on our gun forums to prevent the exact same issues. Scammers selling fake items “stolen” from the web. Names, pics, how the scam works. Everyone on RT watches for oddities. The more we know how it happens, the easier it is to see it. Johhny5 made the mistake of having too good of a deal…. First red flag. Also on the gun forums to prevent shenanigans, the moderators have the ability to see certain aspects of seller’s identification; if something is hinky, like the IP address is different from the supposed seller’s IP address, postal address, syntax errors etc; the flag is raised. People still get scammed BUT it’s less. These guys are good and getting better. Complex schemes are occurring. Getting scammed sux. Fuckers

 

[Monkey Man]

Would it be a good idea to put a sticky at the top of the classifies page as a collection of ongoing scams? In my head I see it as a place to post directly about a scam or link to an existing thread about one instead of having multiple stickies about individual scams or other threads getting lost in the mix.

Just post in this thread mate; it's what it's for:

Please Read! Beware - Scam Alert!

I agree. Maybe, only moderators should be able to post the sticky that way it doesn’t get cluttered like the “crazy deal alerts” thread.

Only moderators can stick threads.

If you mean posting within a sticky, I'd prefer to keep it open so that responses can be instant - if someone sees something he's sure about, he can post it right-away.

In light of what you're saying 'though, I'll have a look at what can be deleted from the thread - things that offer nothing useful in analysing / tracking / informing about scammers.

 

[Monkey Man]

OK, I've cleaned that thread up big-time - 3 pages down to less than 1. Anything relating directly to possible or known scams / scammers has been removed.

It should serve as the real-time feedback / alert thread it was intended to be in the first place now.

Hope this helps guys.

 

[alund]

OK, I've cleaned that thread up big-time - 3 pages down to less than 1. Anything relating directly to possible or known scams / scammers has been removed.

It should serve as the real-time feedback / alert thread it was intended to be in the first place now.

Hope this helps guys.

Anything to protect us is great. We appreciate you guys

 

[glpg80]

There needs to be a required validation email sent to the original email on file for old accounts not active for some period. I’m seeing a lot of old accounts being compromised the heart of the problem. Not all are but they haven’t updated their accounts to have 2 factor authentication enabled and likely have weak passwords.

 

[Monkey Man]

Agreed that in most cases so far it's been "resurrected" accounts brother.

There needs to be a required validation email sent to the original email on file for old accounts not active for some period.

Sounds good in-theory, but wouldn't most members have different email addresses 15 or more years on?

Talk to me bro' and I'll ask admin to make it happen if necessary.

 

[glpg80]

Agreed that in most cases so far it's been "resurrected" accounts brother.


Sounds good in-theory, but wouldn't most members have different email addresses 15 or more years on?

Talk to me bro' and I'll ask admin to make it happen if necessary.

honestly if you’ve not logged on to update your email in 15 or more years, your account hasn’t been used for 15 years, you haven’t updated your password in 15 or more years, and you don’t have 2FA enabled as well, wouldn’t you argue it’s better to delete the account for safety of those who are actually active? If they want to join they can create a new account following the more strict guidelines?

The second option is just to force mandate 2FA for all users and any accounts that don’t comply have their classified section access removed but they can post everywhere else. That eliminates emails entirely from the picture and accounts that don’t comply are considered inactive or able to be compromised.

We can’t sacrifice the safety of those that are active for those who don’t give a damn or haven’t logged on for so long that it’s a security risk in 2024. The problem begins and ends with the classifieds section so force 2FA and 50 posts to get access to post in the classifieds.

 

[Monkey Man]

2FA typically involves mobile devices doesn't it?

Some, including myself, don't do or own devices, so I don't think it'd be universally-fair.

However, I like this idea:

The problem begins and ends with the classifieds section so force 2FA and 50 posts to get access to post in the classifieds.

Makes sense.

Hopefully my mod status could override the need for 2FA 'cause I need to be able to post there, obviously. That would depend of the granularity of the software's settings options I guess...

 

[glpg80]

There are web browser extensions that can be added to generate 2FA codes. I think you’re good regardless of whether you have a mobile device or not to generate a 2FA code.

Yeah it’s a powerful tool for getting rid of the old compromised account problem. It just needs to be heavily enforced.

 

[Monkey Man]

Thanks bro'.

I'll take this to admin and the other mods.

 

[Monkey Man]

OK, done.

We'll see how they feel about this.

 

[Monkey Man]

OK, the official word is that the granularity necessary to implement this isn't there; only user groups can be tweaked.

There's a user group who qualify for that section, the 50-posters, if you will, and then there's everyone else below 50.

IOW, to implement 2FA for that section would require everyone with 50 posts or more to use it. Admin doesn't feel this is fair and as I said earlier, I don't either.

Thanks again for the logical suggestion mate.

 

[alund]

Just continue to watch out for eachother and “see something, say something”, Even if it makes you look like a dick.
I guess I’d rather be saved by a dick than feel like püxxy!

 

[Monkey Man]

Yup, it might be the old-fashioned way but it works bro'.

Communititty!

 

[glpg80]

OK, the official word is that the granularity necessary to implement this isn't there; only user groups can be tweaked.

There's a user group who qualify for that section, the 50-posters, if you will, and then there's everyone else below 50.

IOW, to implement 2FA for that section would require everyone with 50 posts or more to use it. Admin doesn't feel this is fair and as I said earlier, I don't either.

Thanks again for the logical suggestion mate.

You can use 2FA and have it remember the authentication in 30 day periods so you’re not forced to authenticate too often. Considering it resolves the old account problem I’m out of ideas if there’s nothing else you can do…

 

[Monkey Man]

You can use 2FA and have it remember the authentication in 30 day periods so you’re not forced to authenticate too often.

The problem is the "you're" part unfortunately; it'd inconvenience every member and AFAIA I'm not a member of any audio forum that requires this, so yeah, it'd effectively act as a deterrent rather than attractant for peeps who're thinking about joining, not to mention those who might leave 'cause they couldn't be bothered.

Thanks again bro'.

Honestly, I think that as long as peeps report their suspicions post-haste, we as a community should be able to handle things OK.

 

[glpg80]

The problem is the "you're" part unfortunately; it'd inconvenience every member and AFAIA I'm not a member of any audio forum that requires this, so yeah, it'd effectively act as a deterrent rather than attractant for peeps who're thinking about joining, not to mention those who might leave 'cause they couldn't be bothered.

Thanks again bro'.

Honestly, I think that as long as peeps report their suspicions post-haste, we as a community should be able to handle things OK.

It’s not the 2FA itself that opens the doors to inhibiting any members at all - it’s the way the groups are currently setup it would inconvenience everyone by being the haves and have nots which is not a problem of 2FA but rather how the admin planned to poorly implement it. Remember I said and suggested it should be implemented for those that want to post in the classifieds section which could be a different group completely where others wouldnt need it at all and could still join, chat, and search the classifieds.

As far as inconveniences go, other forums require subscription payment to use the classifieds to deter crime - how is just having 2FA enabled a deterrent when other locations require money which is even moreso of a deterrent? The logic isn’t there and I argue if you couldn’t be bothered to increase your account security for the safety of everyone just in case your account goes inactive then it setting everyone else up for risk of theft is selfish.

The 2FA needing done 12 times a year is not that often and it takes 2 seconds if you own the account. I think you and the mods and the admin need to sit down and evaluate truthfully the safety it would provide and do so freely. If the admin needs that much traffic both good or bad for increased ad content payment to keep the lights on then that’s a different problem all together but there’s no need for anyone to blame it on 2FA. Remember there are current people including myself who use 2FA and it’s not a deterrent at all.

 

[Monkey Man]

The logic isn’t there and I argue if you couldn’t be bothered to increase your account security for the safety of everyone just in case your account goes inactive then it setting everyone else up for risk of theft is selfish.

Bro. C'mon. My account needs to be able to post, edit, delete, move and create threads / stickies there.

Ensuring I can do my job for zero pay isn't exactly selfish.

Remember I said and suggested it should be implemented for those that want to post in the classifieds section which could be a different group completely where others wouldnt need it at all and could still join, chat, and search the classifieds.

Please confirm that I understand this correctly bro':

We create a new group specifically for thread / ad creators, not plain ol' posting.
We add members to this group upon-request (something the mods cannot currently do 'cause we don't have access to the back end).

Thank you again for your feedback Brother M.

Oh, and tell you what, I'll invite admin over to talk with you directly...
Calling [edit] no longer required, at least not just yet.

 

[glpg80]

Bro. C'mon. My account needs to be able to post, edit, delete, move and create threads / stickies there.

Ensuring I can do my job for zero pay isn't exactly selfish.

Bro I wasn’t talking about you or staff. Talking about everyone else the admin is concerned about with ad traffic. Mod groups can be modified to not require 2FA but still create threads in the classifieds. Seems like a security risk itself but I don’t see why it isn’t possible.

Please confirm that I understand this correctly bro':

We create a new group specifically for thread / ad creators, not plain ol' posting.
We add members to this group upon-request (something the mods cannot currently do 'cause we don't have access to the back end).

Yeah exactly. I admined a gaming forum long ago and had a team of moderators. I do recall creation of groups needed admin privileges but assigning groups could be done by mods. Of course that was back in phpbb days - nothing like this platform so there’s a good chance I’m going by outdated experience.

I think you’d be able to PM after 50 posts like currently setup but if you’re creating new threads in the classifieds for sale on the site then that is a one time group invite the first time that requires 2FA and 50 posts. If their account goes inactive once in the group the rest of us are protected because the account can’t be password hacked and people posting on their behalf.

Thank you again for your feedback Brother M.

Oh, and tell you what, I'll invite admin over to talk with you directly...
Calling [edit] no longer required, at least not just yet.