Silk Road forums
Support => Feature requests => Topic started by: fisher on December 05, 2011, 11:35 pm
-
Black Market admin implemented a second password that is only used for withdrawal of bitcoins after ONE customer who was phished lost money. That's right, ONE person had money stolen, and Black Market's admin jumped into action to protect his patrons from phishers. It took only a couple of hours for him to implement, and it cannot be the same as your login password. I mentioned this along with some others on this forum months ago, after MANY customers had THOUSANDS of dollars stolen from them, and so far, nothing. Less than a day after ONE person lost money over there, it is implemented!
along with your vote, post here if you have had bitcoins stolen, and how many (if you want to) so that Silk can see that it is a real problem, and maybe he will get off his ass and do something about it other than changing the url and fucking up the posts about it, scaring the natives TO the Phishing sites.
-
I sent SR a PM a few weeks ago about this. I'd post his response, but I can't seem to load SR at the moment.
I think it's "in the works."
-
That's right, ONE person had money stolen, and Black Market's admin jumped into action
Well, to be totally fair in a comparison, it's more like 25% of his members had money stolen. 8)
Give him some credit though, he did the change up right. As soon as you sign in, boom - you have to create your withdrawal password. Wanna look around first? Tough, once you sign in you're not going anywhere until you first create that password.
Too bad the guy that runs that site is such a wiener.
-
now I never said the admin of BM was anything other than a wiener, but he really fixed the phisher problem quick! I can't believe people have put up with it this long here. and in the works only took that wiener a few hours, why is it taking months for Silk to do anything about it here?
-
n00bs min lol
-
I can only speak for the site that I used to have up. I took it down in November, but during the month of October, I had around 200 people a day logging in, and I found nearly a 700 bitcoins in those accounts. and remember that the bitcoin price was about $2 higher then. It doesn't take much work to run a phishing site (when SR connection is stable). I bet other phishers have even more success than I did, because I went out of my way to make my site look different from the real Silk road. I had a grey background, captcha pictures from Black Market, and in the before you log in warning, when it says "If you suspect you have ever logged in through a phishing site (especially the hidden wiki)" mine said "If you suspect you have ever logged in through a phishing site (Like this one!). I also didn't put my link on the main HW, but only on a mirror that is on freedom hosting.
All that considered, I still was able to take around $3000, so I bet phishers who look like SR and link on HW, probably take more than I did.
-
Yes! There needs to be another password. My password was recently hacked and somebody withdrew 16.40 bitcoins from my account. Not a huge amount, I know, but it still sucks....
-
Weeks ago I proposed a pgp wrapped captcha idea a feature request. I think it promotes PGP usage and is one less thing for us to remember, reuse, select poorly or get phished. In feature requests title something like "PGP Secure Account".
-
I can only speak for the site that I used to have up. I took it down in November, but during the month of October, I had around 200 people a day logging in, and I found nearly a 700 bitcoins in those accounts. and remember that the bitcoin price was about $2 higher then. It doesn't take much work to run a phishing site (when SR connection is stable). I bet other phishers have even more success than I did, because I went out of my way to make my site look different from the real Silk road. I had a grey background, captcha pictures from Black Market, and in the before you log in warning, when it says "If you suspect you have ever logged in through a phishing site (especially the hidden wiki)" mine said "If you suspect you have ever logged in through a phishing site (Like this one!). I also didn't put my link on the main HW, but only on a mirror that is on freedom hosting.
All that considered, I still was able to take around $3000, so I bet phishers who look like SR and link on HW, probably take more than I did.
To be honest, I think you are a liar - exaggerating your "accomplishments". Secondly - I dont give two shits if some idiot gets fished. How stupid are these people? How hard is it to use a decent password? How hard is it to bookmark the actual site?
Secondly - why would anyone keep any substantial amount of money on SR? The threat of SR getting busted and all the BTC getting lost is far higher than getting fished. Just transfer your coins to your own wallet and keep them on your computer.
-
but if you can only set your withdrawal password in your account page, the phisher will never get a chance to get your password. the phishing sites are just log in screens. and if you have to be actually logged in and click your account tab to set your withdrawal password, the phishing sites would have to be just as functional as the real SR, allowing you to log in, access your orders and accounts screens, send and check your PMs, I guess it would be better for a phisher who goes through that much trouble to just put up a competing site, and collect commission profits instead of stealing.
-
I think there should be a second password, BUT ONLY AS AN OPTION. This shouldn't be forced upon someone who doesn't want to have 2 passwords. I would personally use the second password though as this just adds an extra layer of security.
Its kind of like cell phone authentication, its an option if you want it, but it's not forced upon you.
-
done!!!!
-
That's right, ONE person had money stolen, and Black Market's admin jumped into action
Well, to be totally fair in a comparison, it's more like 25% of his members had money stolen. 8)
Give him some credit though, he did the change up right. As soon as you sign in, boom - you have to create your withdrawal password. Wanna look around first? Tough, once you sign in you're not going anywhere until you first create that password.
Too bad the guy that runs that site is such a wiener.
Note 1: 1 is 25% of 4, BMR has about 50,000 users. I took action swiftly as soon as I knew there was a phishing site targeting BMR, because I want to prevent further damage.
Note 2: I don't know why many here seams to have no other way to deal with BMR other than cheap bashing... actually I deleted a topic yesterday out of some anti-SR entries, it's a path I never needed to take or will take. I leave such for losers who can't find other way around.
Still I can't blame SR admin on their forumer's behavior. Thus they probably should take some care of his mods, I'd NEVER PMed ANY SR seller or customer to bring him to BMR, what I did in the early beginning was to take action on remove scammers taking over SR sellers usernames. A thing I though to be needless, after all nobody is meant to think that john_doe@hotmail.com is the same guy as john_doe@yahoo.com, in the same way that users shouldn't come to believe that john_doe@SR is the same guy as john_doe@BMR, but some customers did...
From your point of view, as users, you should look towards BMR as a backup of SR and SR as a backup of BMR, if one of us go down at least the thing keeps floating.
Peace!
-
To be fair, you just quoted a post from December 5 last year, and one that obviously was meant as a humorous exaggeration in terms of membership numbers. At the time, BMR had about 20 or 30 listings, and no forum posts in 8 or 10 days. (50k isn't a real number either, but rather a reflection of how many people have went to the site at least once, as you have to register to view it, same as SR. SR doesn't have 200k active users, I assure you.)
If I had listed all my stock there back then, the front page would have been full of pictures of my seed listings, with an occasional appearance from one of the other listings. I had sent you a message there months ago asking if a vendor came in with a comparatively massive amount of listings, would it be possible to limit the number of image listings shown each rotation, per vendor each time on the front page. (My thinking was I'd consider listing there if I could have way LESS listings show on the front page, but still have images available for each listing.) You very curtly replied that you wouldn't change listing rotations, as it would give me an unfair advantage. So you think having listings show up only 10% as often is asking for unfair advantage? That's why I said you're a wiener; you never bothered to read carefully or comprehend the request, and show a distinct lack of people skills on your forums.
From a technical point, you seem very qualified and responsive to site issues. The site is much improved now, both in layout and number of offerings, and seems to be getting a fairly active user base. There are quite a few vendors from here that also vend at BMR now. I wish you nothing but the best, and agree we need more sites like SR and BMR, not less.
-
Well, I don't come here often, spend most of the time at my own yard. So sorry if I take long to respond. Yet now you get me here 2 days in a row, as I'm collecting intel to sort on an escrow dispute where the seller is attempting to use his "SR good name" to vouch for him.
Yes, 50K isn't either unique or active users, as SR's 180K aren't, but bottom line we both have quite a fair amount of people checking in, thus probably mostly curious still "unbelieving" what they're seeing.
Sorry for not recall that entry or PM. I was probably distressed over other issues and I always have quite a fair amount of mail to read. Still the algorithm has changed, now it shows 1 random list of the top 6 sellers by feedback.