Silk Road forums
Support => Technical support => Topic started by: timmysan on December 25, 2012, 01:21 am
-
Hi,
I have an SR account under "timmysan", and am unable to login using my username and password (a combo of letters and numbers). This first occurred the night of the 23rd, coincidentally during this image hack problem issue. I am especially worried because I have just made an order (using PGP) and will not be able to finalize if I cannot login, not to mention making a new account and having to FE etc etc.
It is possible I was victim of a phishing attacking (I was getting the SR url from wikipedia, which is easily edited). I realize this was a bad idea and am no longer doing so. Is anyone else having login issues? If not, will I be able to retain access to this account? I know my PIN which could be used to verify who I am.
Does the SR site and the SR forums use different credentials? If not, I know I haven't be compromised because I can login into the forums. I would really hate to lose my SR account, what can I do?
-
Hi,
I have an SR account under "timmysan", and am unable to login using my username and password (a combo of letters and numbers). This first occurred the night of the 23rd, coincidentally during this image hack problem issue. I am especially worried because I have just made an order (using PGP) and will not be able to finalize if I cannot login, not to mention making a new account and having to FE etc etc.
It is possible I was victim of a phishing attacking (I was getting the SR url from wikipedia, which is easily edited). I realize this was a bad idea and am no longer doing so. Is anyone else having login issues? If not, will I be able to retain access to this account? I know my PIN which could be used to verify who I am.
Does the SR site and the SR forums use different credentials? If not, I know I haven't be compromised because I can login into the forums. I would really hate to lose my SR account, what can I do?
It's entirely possible that you may have been phished. Getting the URL from sitesl like Wikipedia was what led several people, including some vendors, to have their account details phished. Here's what I would do if I were in your shoes...
setup another SR account, and use that new account to message SR support. Encrypt your message with the support staff's key (shown below). If you have a pre-existing PGP key linked to your old SR account, you might wish to consider signing your message with that.
pub 2048R/67B7FA25 2011-04-01
uid Silk Road <staff@silkroadmarket.org>
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQENBE2VWMwBCADcoI5qldde46EI80fHSTCS4CuJn1Py4AQjJvpAqFColeAm9xb1
/hb0ZUsG3vwod7uiPJdMlq3+1o3TSv9JlO3DPf7I50owQ9+S1ixXebouTvfpEKSb
dq1IWAu+O4PtlmFEb76MOmjOzoeV8We8kCRFq8ThoK979A1DR09KsaDfSjCITdsU
mQyVaRN0dCaj33V/QAPQybYAjNDEiNd0e1tV22n1dl6z2oVUgfJiuTVI5C0FhSKP
c3odexbKUSVk9tkUWcfnk8+9HF5jGNHnUSjWxMkG1uZUDdWKl4yJqQhBHdYqcz8A
hcJ6xADbFeoYEO6z5NEjXV0KmoDRCi4C7gdfABEBAAG0JFNpbGsgUm9hZCA8c3Rh
ZmZAc2lsa3JvYWRtYXJrZXQub3JnPokBHAQQAQIABgUCTtQ4xwAKCRBDAM6Cq5F0
PqqRCACB9vizjAvncSsStwUVO3m35yJxseKsn4Gm/tDXwF5dNRZEoUOnmU8SzGep
IF+F5LwRpWXY7lig8JG2s1P0TDfeIqKnKHC7eIU27W6YSJa0VdcYPTmr1jhfxtgm
0gzG37iUESsmSGHA3VINTR/6v+7JN7aYjfc8Bktej7OqqgMHiA8t5gPC+ueLTuKo
F3eZe+de77ol39nPaYGxxW4zw3m/XPSSNT8OuxP9VG+BQ7wLC/PyYgJO16EhAJo7
JlKAZEdXTMy4DxC/KhG84JEEj/DVgfMWQZDqhiy4llq7zTbSVun4/HtChcN4Mca2
SW7obrC++Hn+5tyP5pztRSdYR42JiQEcBBABAgAGBQJO9U+MAAoJELwSfb5jrDZR
GH0IAKfgNFtpsTD5pK37hL240dMTXX43QAyVg8CkT8fbpmYut7uelMHUYi9KA1r2
FPv10u0hQ0rlQSjN72uOr+6vlwPsPetP3uR0WG5bbrJFWoTB+eMMRoh4C1yvARnt
ESlmGz41lyGuZEYo9sz+7auvql+2HkyebUdmCk8mbK7cthRQ2pJrgqe4VJIBbFxx
q6QAN62n5sWJISIgoC6I84ag86NHBDFttC8X3erZYK5vCj2wAeyHaxX5Tul4asRs
edK0UEKbsla00PQV1CKBMQjRSIexiWOU7QMaPgtkPm/HRtWYHxPoYXPnhCNIcYoZ
aSx5u87G3dhzwRYw8fc3M7LgkweJATgEEwECACIFAk2VWMwCGw8GCwkIBwMCBhUI
AgkKCwQWAgMBAh4BAheAAAoJEAIiQjtnt/olX88H/3YOsI+mp/MXoQ+7WDozG3/f
0QCiwqvhjCZUTkO5j6DqlHZ060N++S3dDFCRREFB7Joo5A25e6zi8NCLiRybMcPc
MuZzQDTBDMY7KXRr4vB2pQ61yQvhIg9sTNIM/16w5k7B4aQGRIMHXcoGRbh8VsMa
QRxgdnJS3+MWDF+Uwu2fECSxHV8fQ1uZmdSvV7gvun5DKVG5c6EYs5s5NTSfsoNu
5mKOCooMrJXrIRd8skOtmrOWqaiH4MmKyf7ncGuCUPC3uncwdHd6PJq6w16h0rsU
nSxjS4dQe5Q6YXbEMa8dVv+OvBLmxvuTxH9gy6qm1GCwwsUt5uAzeOsKDvyDbeQ=
=lMu4
-----END PGP PUBLIC KEY BLOCK-----
NC
-
Thank you very much for your response. I created a new account and messaged the seller(the one whom I just placed a order from a few nights ago) informing him in hopes of....something. I do indeed still have my PGP key, and it is linked to my "timmysan" account. I will login using the new account and send a message to the mods like you suggested.
Thank you for providing their public key, I will start writing up that message now. Assuming my account was phished, is it possible for him to withdrawal BTC from my wallet without using the PIN? If not, THANK YOU SR for setting up the PIN even though at first I hated setting it up.
Again, thank you for your quick response/suggestion and kind demeanor.
-
I'm having problems with my account too on SR. I can't figure if it is Tor or SR.
Barbie10
-
Barbie,
Were you using the link from wikipedia everytime you logged onto SR? If so, you might have have been phished. I know very little at this point in time, but I'd suggest exactly what was suggested above.
Make a new account, send a message to support (encrypted via the PGP key above), and hope for the best. I dont know how many people are having this problem but if its only a couple, I doubt it had anything to do with the Image Hack issue.
I will try to update this thread if anything new comes of this. For now, I will simply have to wait.
-timmysan
-
Thank you very much for your response. I created a new account and messaged the seller(the one whom I just placed a order from a few nights ago) informing him in hopes of....something. I do indeed still have my PGP key, and it is linked to my "timmysan" account. I will login using the new account and send a message to the mods like you suggested.
Thank you for providing their public key, I will start writing up that message now. Assuming my account was phished, is it possible for him to withdrawal BTC from my wallet without using the PIN? If not, THANK YOU SR for setting up the PIN even though at first I hated setting it up.
No withdrawals are possible without the PIN. Therefore, phishing sites that I have seen look just like the SR site, except that a third field is also listed, i.e. your PIN. That should be a dead giveaway, if one is paying attention, however a number of people have fallen for it, and given up not only their user-ids, but the passwords and PINs to boot.
If someone does manage to get ahold of your userid and password, but NOT your PIN, they can make only so many withdrawal attempts before the pin is locked and has to be reset by the staff. This is to protect against precisely this type of scenario.
Again, thank you for your quick response/suggestion and kind demeanor.
You're welcome. I hope you and yours have a very Merry Christmas and a very happy, healthy and prosperous New Year.
NC
-
I'm having problems with my account too on SR. I can't figure if it is Tor or SR.
Barbie10
If you're having trouble accessing the site, or logging-in, my advice is to keep trying. Only rarely do I manage to login to the main site on the first try. Sometimes it takes several attempts.
NC
-
I gave up, something happen to it. Maybe SR will notice it, I did contact them about 7 hours ago, lol. Merry Christmas and thanks! :-)