Security Working Group meeting - Wednesday October 12

James Bottomley jejb at linux.ibm.com
Tue Nov 22 02:14:02 AEDT 2022


On Mon, 2022-11-21 at 08:59 -0600, Patrick Williams wrote:
> On Mon, Nov 21, 2022 at 09:31:31AM -0500, James Bottomley wrote:
> > On Mon, 2022-11-21 at 07:19 -0600, Patrick Williams wrote:
[...]
> > > The only one that requires a verified phone number is "Highest".
> > > 
> > > To test out what you are describing I did the following:
> > > 
> > >    - Navigated to our invite link under Incognito (to avoid
> > > Discord
> > >      seeing my normal login):
> > >          https://discord.openbmc.org (or)
> > >          https://discord.gg/69Km47zH98
> > > 
> > >    - Clicked "Register".  Filled out "myemail+burner at gmail.com",
> > > a
> > >      username, password, and an arbitrary date of birth that is
> > > more
> > >      than 18 years old.
> > > 
> > >    - Dealt with the captchas.
> > 
> > Actually, no, this doesn't work either.  It brings me to the same
> > account creation screen on discord.com and then demands phone
> > number verification again.
> 
> > I've no idea why this doesn't work for me.  I suppose it could be
> > source IP address (I am on comcast cable and discord.com seems to
> > be IPv4 only).
> 
> I don't really have any other ideas either.  Maybe it doesn't like
> the domain name you've used for the email address?

I was using this one.  However, now it doesn't ask for email, it asks
for user name which doesn't have an account

>   Did it give you a captcha?  I assume you're "passing" that.

Yes, the account verification screen is after the captcha.

>   I suspect there is something Discord is detecting in your account
> signup that they are triggering a "higher probability of being spam"
> setting, but I don't know what that would be.

I tried using a socks proxy to the IBM network and that doesn't work
either, so it's likely some browser or OS test (I tried with both
chrome and firefox, with the same results, I've even tried a user agent
switcher).

Regards,

James

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20221121/70edcabe/attachment.sig>


More information about the openbmc mailing list