Anyone know what this is about? Sounds like weird drama

[Anonymous]

Hello Administrator,

The following is an e-mail sent to you through the administration contact

page on “StayLDS.com”.

The message was sent from a guest who specified the following contact

information:

Name: R Lohmeyer

E-mail address: Rrlohmeyer@gmail.com

IP Address: 73.3.132.40

Message sent to you follows

~~~~~~~~~~~~~~~~~~~~~~~~~~~

I was just contacted with a messge from a user that indicated that the

admins of this board had disclosed private information of mine to them. If

my username needs to be changed for beng similar to another, I should have

been contacted by an admin of the board. Nowhere in your terms and

conditions did it say that I was agreeing to my private information being

shared with other members without my permission. How do plan to rectify

this situation and ensure this kind of violtion does not happen again?

[Anonymous]

Hmmmm … hold off doing anything. I looked up this user. They just joined the forums on 03/31/2018, have zero posts and the whole thing stinks of a hacker (or a crazy). I will contact them via email to see what’s up.

[Anonymous]

It sounds like they are confused. Is one of you guys “Justin Snyder?” Sorry if I am forgetting people’s real names here. They said they were contacted by email asking about their registration. It looks like this person registered twice with 2 different similar usernames and 2 similar email accounts from the same IP address. These are both waiting in the newly registered queue. I told them this triggered our security protocol and it was us contacting them to straighten it out.

[Anonymous]

Sounds like one of the admins or moderators contacted the user “Beefster” who is apparently “John Snyder” in real life. His email address for registration is “ifoundthebeef@gmail.com.” That is why this was probably very confusing. “Beefster” is a very active poster on the forums, and it was a good security call to check with him to see if this was a hack. But … he then went and emailed this new registrant to ask them about it directly. They got freaked out because we are “leaking” their private information.

[Anonymous]

Hmmm, this also may answer the rest of Beefster’s story. He mentioned someone had told his parents he was posting here. Things didn’t turn out badly. He had been wanting to “come out” to them about his faith transition. I thought it was weird that someone who knew he posted here would tell his family.

I am sticking with you Brian, weird drama.

Thanks for playing detective.

[Anonymous]

If there’s an issue with folks in the forums outing each other, you guys probably need to look into that.

[Anonymous]

Nobody was outed. I saw the username and didn’t want it to remain as it was, since it reeked of detective work and identified a particular participant by his username.

I checked the email address and saw that it was a generic, last name specific account. Given the username, I sent Beefster a PM asking if he knew anyone with that last name. If it was a friend, no problem, and I would have approved the request; if it was someone who was out to track Beefster down and hassle him, HUGE issue, and I would have deleted the request.

I am amazed he freaked out when Beefster contacted him, since his username mentioned Beefster explicitly. If he didn’t want Beefster to know he had requested to participate, he shouldn’t have chosen that username. Also, if he reacted like that, I am skeptical of activating him as a participant.

Seriously, what the Hell did he expect – that Beefster wouldn’t know with that username?

If you want, Brian, I can contact him and explain – but I am fine with you doing it, since you already have exchanged messages with him. Make sure he knows that his email address is visible to all participants who might want to contact him. Right?

[Anonymous]

Also, given what Beefster said in his post about being outed to his parents, I assume it was this guy who did the outing.

If so, I don’t feel comfortable about approving his participation request.

[Anonymous]

I don’t know if this person is involved with outing Beefster. My interaction with them doesn’t quite have that feel, but this is all very problematic. If it’s a coincidence, then it’s a winning lottery ticket level of probability. I think we just side with caution and part ways with this new person. They could be engaging in sophisticated social engineering to gain access. I don’t like that, and their story about mistakes in registration doesn’t completely add up to what I see in the system logs. In particular, they emailed the admin address way too quickly with this story about being contacted. They made their registration “mistake” sound way more innocent than the two registrations indicate, and those are only separated by 2 minutes in time. It looks like they were trying to see if the forums were mostly automated (and bypass our manual approval).

If they are legit, there are plenty of other places to find support. This stinks just enough to toss it in the trash bin and be done, like extended family drama spilling over into our forum (no fault to Beefster).

[Anonymous]

Technical note on our board setup: moderators and admins can see user email addresses and initiate the email function which opens your default system mail browser and inserts the user’s email in the TO: field automatically. Normal users can not see or use the email functions. They can only send internal private messages to other users.

I just tested this by using an admin function to mimic a normal user’s settings to surf the forums. It appears to be working as intended and is setup correctly.

[Anonymous]

Here’s the email conversation in case you guys need this information later, in case problems with this “outing” continue.

#############################################

#############################################

#############################################

Disclosing private information

Inbox

x

Mormonism/Mormon Admin

x

admin@staylds.com via biz199.inmotionhosting.com

Mar 31 (3 days ago)

to Administrator

Hello Administrator,

The following is an e-mail sent to you through the administration contact

page on “StayLDS.com”.

The message was sent from a guest who specified the following contact

information:

Name: R Lohmeyer

E-mail address: Rrlohmeyer@gmail.com

IP Address: 73.3.132.40

Message sent to you follows

~~~~~~~~~~~~~~~~~~~~~~~~~~~

I was just contacted with a messge from a user that indicated that the

admins of this board had disclosed private information of mine to them. If

my username needs to be changed for beng similar to another, I should have

been contacted by an admin of the board. Nowhere in your terms and

conditions did it say that I was agreeing to my private information being

shared with other members without my permission. How do plan to rectify

this situation and ensure this kind of violtion does not happen again?

######################################

######################################

Brian Johnston <brianj.roaming@gmail.com>

Apr 2 (1 day ago)

to Rrlohmeyer

The user account you sent this from just registered on the forums shortly before you sent this private message. You have no posts and we don’t know anything about you except for your email address. I’m not clear about what problem happened. Can you describe it better?

-Brian, Site Admin

######################################

######################################

R.R. Lohmeyer

Apr 2 (1 day ago)

to me

I did provide my name to you along with my email address when i registered. To say you don’t know anything other than my email address is false.

Yes, I can explain more. Someone named Justin Snyder emailed me the following with the subject line:

“Did you just try to join staylds.com ?”

Message:

“The admin contacted me and said someone with the last name of “Lohmeyer” tried to join with the username “I found the Beefster” and he has asked that it be changed to something that doesn’t single me out.”

I never received any emails from the forum other than the initial confirmation stating I had to wait for an admin grant me access. Later I get this email, apparently from a forum member. Again, if the username I chose was similar to someone else, there is no reason my information should have been provided to that member.

######################################

######################################

Brian Johnston <brianj.roaming@gmail.com>

10:12 AM (23 hours ago)

to R.R.

It looks like you registered twice with two different but similar user names and two similar email addresses, both coming in from the same IP address. This triggered our internal security process. They were trying to figure out if you were a legitimate person trying to join our forums, or a hacker or spam bot. It looks like you use your name as your email address. That’s the only way they know. We don’t ask for your real name in the registration process, just a alias (aka username). Some people, like me, use our real names on the site.

######################################

######################################

Brian Johnston <brianj.roaming@gmail.com>

10:13 AM (23 hours ago)

to R.R.

Your email address is only available to administrators and moderators of the site.

######################################

######################################

Brian Johnston <brianj.roaming@gmail.com>

10:15 AM (23 hours ago)

to R.R.

We are pretty selective about approving new people. We want to make sure they are visiting the site to receive and/or provide support for an LDS faith transition and want to discuss that with other pro-staying people. What are you looking for in joining the forums to have access to participate?

######################################

######################################

R.R. Lohmeyer

10:26 AM (23 hours ago)

to me

I was having issues when I first signed up, it said one of my emails was in use, so I was confused and tried a different email of mine. I might have accidentally clicked submit twice that first time. I thought maybe I had tried to join years ago and might have forgotten so I attempted to register with a different email.

I understand you being selective, but I have no desire to join your forum anymore. There are other places that provide similar support that won’t divulge my information. The message I received from this member made it very clear that one of your admins or moderators provided my private information to them, and I was not contacted directly by one of them. I do not trust your admins, mods, nor do I trust you since you don’t seem to understand that one of your mods or admins clearly did something very wrong.

Why would I receive a message from a board member specifically stating that an admin had provided them with my information if it was untrue? Like you said “Your email address is only available to administrators and moderators of the site”, meaning it is absolutely possible for that information to be given out by one of them to anyone they feel like.

######################################

######################################

R.R. Lohmeyer

10:30 AM (23 hours ago)

to me

My private email was obviously given out to a member. Completely unacceptable by any standards.

######################################

######################################

Brian Johnston <brianj.roaming@gmail.com>

10:33 AM (23 hours ago)

to R.R.

Can you forward the email to me? The one you received? I can’t look people up in the forum database by their name. I can look it up via email.

######################################

######################################

R.R. Lohmeyer

10:35 AM (23 hours ago)

to me

Absolutely.

######################################

######################################

Brian Johnston <brianj.roaming@gmail.com>

10:57 AM (22 hours ago)

to R.R.

This will take a little longer to track down. I posted details in our private back channel asking the other admins and moderators about this. I only run the servers and tech side. I don’t participate regularly on the forums anymore. It will take some time for them to see it and respond. They all live in different time zones and this is just a small volunteer group.

But for right now, it looks like our security protocols were tripped by your double registration and the coincidence of your username and other details. Then one of the people who help run the site started trying to track it down because your username is very similar to an active participant on the forums. It looked like a hacking attempt from our perspective. I will have to wait for others to respond in our back channel to find out more.

######################################

######################################

Brian Johnston <brianj.roaming@gmail.com>

10:59 AM (22 hours ago)

to R.R.

But if you are not comfortable participating on the site, that’s OK. I understand. That’s your call to make.

######################################

######################################

R.R. Lohmeyer

11:02 AM (22 hours ago)

to me

Well thank you for finally taking this seriously. Regardless if it was viewed as a hacking attempt, there is no reason my information should have been given out and no attempt to contact me to verify details. I hope you are able to hold the guilty admin/mod responsible.

######################################

######################################

Brian Johnston <brianj.roaming@gmail.com>

9:26 AM (20 minutes ago)

to R.R.

I heard back from a couple of the admins/mods. They are dealing with a situation leading to a heightened level of security on the forums. I’m sorry if you are a legitimate person randomly looking for support for a faith transition, and you got caught up into this problem. It could be a weird statistical coincidence. But the technical details we have access too from our server logs, the details about your registration, and communications raise too much suspicion. It’s better for all of us that we just part ways. Like you said, there are other places to receive and give support. I wish you all the best.

[Anonymous]

Those messages don’t ring true, particularly since Beefster told me he thinks it was his brother-in-law who is highly manipulative and emotionally aggressive to the point of abusive. That description matches the messages perfectly.

I think he got caught and was upset about it. It is kind of like the “outer” got outed to the person he outed and had a meltdown because he got caught. I think he was kind of bragging with the first username, realized he shouldn’t have done that, changed his request username to avoid detection without realizing the first attempt would not be eliminated, then freaked out when his first (mocking) attempt was discovered.

Thanks for doing the heavy lifting on this, Brian. I don’t want him anywhere near the forum as an active participant.

Did you just delete the requests? Will you ban his email addresses, usernames, and IP address, as well?

[Anonymous]

Wow – That doesn’t even sound like any of our team here. I feel for Beefster if this person is actually connected to him. That is Drama on steroids.

Thank you Brian. What a day that was.

Come on by sometime when nothing is going on. We love to see you, anytime.

[Anonymous]

Seeing the first request with the username Ifoundthebeefster, I just left it. I agree with Curt’s assessment – I think he’s just upset that we’re more diligent than he expected and got caught. I did not out the outer, but I think he deserved it.

[Anonymous]

I didn’t know about the drama going on with Beefster (poor guy!). Thanks for being awesome guys! Having that other half of the picture leads me to believe that our security protocols were effective, and this was a hostile attempt to bust in and cause problems for the forum and users. Good job being vigilant. If these addresses and IP address aren’t already banned, I will do that.

[Author]

Posts