Haha, hopefully this should be fixed soon, but lemme laugh very loud for a couple of seconds, Nick

Well, on the bright side, you've missed 0 MT's.  

Nick14578 wrote on 06/15/13 at 01:34:12:

Dammit, I never thought I would read this from you.

^ Maybe so, but I'm not taking anything for granted.  
Right now I'm glad I was just able to snap up this emergency account quickly and use it today.

Though a true Board "God" really can do anything, I think they've unbanned people in the past as well as artificially promoted them in rank. It could be as simple as changing the account's status back to "active" though I might have shortsightedly thrown in a monkey wrench by using the same e-mail to make this account (in which case it'll have probably to be deleted for the old one to come back, if it can at all, unless my old and new accounts can somehow be "merged".) But I'm not an admin, I know nothing about this, so...

At any rate, just be careful to click the "Change profile" button and not "Delete user", you're usually given confirmation for the later but not all browsers have the Javascript enabled to produce that dialog box...
It also helps if you can actually read those buttons, at 3 AM on a Saturday morning without my glasses, I really have to squint  

Well we need to try this again...

Well, Shadow and I tested a few things about a week ago. I wanted to make sure everything works perfect now, plus I'm also discovering a few glitches and oddities along the way. (Could be just how YaBB works, though) Shadow was online a few minutes ago so we could check this stuff quickly, but he happened to step out right when I pressed Delete  

I just don't want to pollute the boards with alternate accounts just so I can find bugs...

This should hopefully work out for everyone in the end... in case there's someone else around here who wants their account back.  
Dunno if all bugs can be fixed if they are simply part of the YaBB template.

Everything I have found so far is minor though, maybe not worth so much trouble. I guess the boards are find the way they are...

I know I'm not the most computer-savvy person here to be getting into this stuff, but who else wants to be the guinea pig?  

Well, my old account is definitely still there. Its old posts all link to my correct profile with the correct creation time and number of posts, but with the avatar and displayed name it had when Shadow created the backup in 2010 (at Christmas time). I don't know if Shadow already restored it that quick (and just forgot to give me a correct password to log back in), or if deleting the profile I had simply caused it to automatically revert to this archived state. Either way it's better than being "Ex Member"... Though I really LOL'ed at the Delete User button basically turning me into Santa Claus in June  

All I have to do now is log back into my other account now and update the profile, right? Though I tried the password reset and that did not work, it still says "Username/Password Mismatch". I guess my main account is like Schrödinger's Cat at the moment-- both alive and dead at the same time  

I'll call it a "Frankenaccount".  

Old PMs disappear (though I seem to have encountered another glitch involving those), and the "most recent posts" feature won't work properly with a Frankenaccount, at least until you make 50 of them to overwrite the ones it shows (which don't seem to simply be the last 50 ones made before the backup data was made... last time it was showing different ones from 2010 through 2012, while this time, it's only showing the one post I made with it in this thread)
I'll never understand, computers are very strange things.

Still not as cool as posting with a delete account a la Cromwell.

Harvey Kartel wrote on 06/26/13 at 22:29:40:


I actually made and deleted an alternate account to try and test this theory (something I was dying to do), unfortunately it proved incorrect. You get an error message about "form spoofing" if you attempt to post using an account that was just deleted in a different window. Not sure exatly what form spoofing means but I assume it's a security feature YaBB uses to prevent potential hacking of other people's accounts. Otherwise you could possibly vandalize (or delete) someone else's account just by changing the right characters in a URL. (though I have already known for a while that these alphanumeric URLs are dynamic anyway, as an added layer of protection... even though an old URL you've been assigned still seems to work even after you've been assigned a new one)

So what Cromwell managed to do is still eluding me, unless an admin simply gave him that ability.

EDIT: Speaking of security, AOL seems to use dynamic URLs as well, but if you try to, say, cancel an AOL account that you aren't logged in to by copy-pasting an old cancellation URL from it, you'll get the same message saying the account will be canceled, but trying to do anything else with the account will instead give you a message saying that "unusual activity" was detected on it, and you can't log back into it. So apparently AOL cannot completely stop you from marking another person's account as pending cancel (unless I missed something else) but that person will be locked out of the account when they try to log into it, and told to contact AOL. They might even punish the person who tried to hack, by tracking the IP address, but in my case the "victim" account in this experiment was made with the same computer.
I know that contacting AOL can take an account off of the pending-cancel status but you can also just wait and restore it when it's actually cancelled at the end of the billing period. But I just gave cancellation as an example, as someone may use the same method to try to send or receive e-mails with another person's account, potentially leading to identity theft. So if Renzetti's AOL account actually got hacked, via URL modification, then he should be locked out of it due to "unusual activity" and be told to contact AOL, unless someone actually guessed his password, in which case AOL thinks it's just him logging in from somewhere away from home. The hacker would not be able to cancel or make changes to Renzetti's account this way though, unless he also knew the answer to Renzetti's security question.
Yep, I made an alternate AOL account (actually several) so I could make an alternate forum account, why not look for bugs on both...

...Sorry if I'm starting to sound like I'm turning into an amateur hacker here. But if I do find any kind of real security fault on any site, I'll report it, not exploit it. I only test on accounts I've made myself, anyway. I'll be a good hacker  
(and I hear that the U.S. government employs those kinds, and probably pays them a good chuck of change!)
I'm kinda scared to try anything like this with GameFAQs though, I have a 12-year-old account there and I know for a fact that they will track your IP and are very good about punishing people who try to mess around like this.

...You mean like this?  

^ Well, I'll try to make it shorter this time. Basically if you try to do anything with an account after you've logged out of it (or deleted it) in a different browser window, it will present the "Form Spoofing" error, and display the IP it came from. This includes creating or editing posts, or changing the account's profile or settings. This is a security feature implemented by YaBB to prevent vandalism of other users' profiles.

And trying something similar with an AOL account will cause it to be suspended (not usable) until AOL is contacted to unlock the account. But this doesn't happen if the hacker got the right password, only if they modified a URL. In Nicholas Renzetti's case, if his account was not locked then someone guessed his password or used spyware to steal it, in any case he should have contacted AOL any way he could.

EDIT: You can "Call Back" a PM sent by an account even when you aren't logged into it.  
I don't think this is can be used maliciously though, since the URL to do so seems to be randomly generated.

Also any post made by a deleted account will show whatever displayed name that the account was using when it made the post, even if it was changed later. So apparently YaBB records and saves the displayed name under which every post is made, when it is made.
This only applies to the threads themselves; on the board page where it lists the last user to post, it will show the account's registered username (which cannot be changed) instead, as well as on the page where you make a new post (and it's showing the last few posts and the names of their posters). This still does not explain why the General Discussion board page showed one of my "last posts" as being from "Blaitherskite Buddha" back when I had deleted my main account the first time. Actually clicking on this post at that time would have pulled up the thread page where it would have correctly credited said post to "Who Dat Harvey - Ex Member".  

Is there an easy way to get a zombie account?