marklcfc Posted April 28 Posted April 28 Last week a new member signed up and posted a spam link to a dating site, then today a member with 15k+ posts made the exact same post. Something not right with this Jelly Belly™ 1
Jelly Belly™ Posted April 28 Posted April 28 my site is experiencing the same problem, last night a 10 year member posted his first post and it was similar to yours
Sonya* Posted April 28 Posted April 28 I do not have an issue, but one question: do you allow signing in with display name?
Meris4x4 Posted April 28 Posted April 28 simply his password was guessed by the bots. SeNioR- and G17 Media 1 1
TDBF Posted April 28 Posted April 28 44 minutes ago, marklcfc said: Last week a new member signed up and posted a spam link to a dating site, then today a member with 15k+ posts made the exact same post. Something not right with this Did you check the user's IP address, Device details etc between this post and their other ones? Not related to this, but congrats on promotion this year. 🙂
marklcfc Posted April 28 Author Posted April 28 (edited) 1 hour ago, Sonya* said: I do not have an issue, but one question: do you allow signing in with display name? I do, always have done but never had any problems with it. Don't want to change as have many members that registered over 10 years ago with out of date email addresses that I just know won't be able to sign in. 57 minutes ago, TDBF said: Did you check the user's IP address, Device details etc between this post and their other ones? Not related to this, but congrats on promotion this year. 🙂 The IP address goes to Netherlands. Last time it went to London, and my mistake it wasn't a new member. It was a current member although hadn't been active for a while Both links go to matchlife.now Edited April 28 by marklcfc
Jim M Posted April 28 Posted April 28 I would recommend reading through this topic here as it is related to this, if not the same issue:
marklcfc Posted April 28 Author Posted April 28 9 minutes ago, Jim M said: I would recommend reading through this topic here as it is related to this, if not the same issue: Doesn't really help as the suggestions in there seem to be for new accounts, which I already have on mod queue and no new members have actually made this spam posts, its been current members
Jim M Posted April 28 Posted April 28 8 minutes ago, marklcfc said: Doesn't really help as the suggestions in there seem to be for new accounts, which I already have on mod queue and no new members have actually made this spam posts, its been current members You will want to read through the whole topic, as it discusses how spammers are logging into accounts which have had credentials compromised through other sites and posting spam on yours. Enabling Two Factor Authentication is the best way to combat this for the future. You may also wish to use the force password reset function, which is also discussed in that topic, on all members if you see this happening a ton. SeNioR- 1
TDBF Posted April 28 Posted April 28 53 minutes ago, marklcfc said: I do, always have done but never had any problems with it. Don't want to change as have many members that registered over 10 years ago with out of date email addresses that I just know won't be able to sign in. The IP address goes to Netherlands. Last time it went to London, and my mistake it wasn't a new member. It was a current member although hadn't been active for a while Both links go to matchlife.now Sounds like the account has been compromised. Maybe do a check to see if the email address has been leaked/compromised.
Sonya* Posted April 28 Posted April 28 6 hours ago, marklcfc said: I do, always have done but never had any problems with it. Don't want to change as have many members that registered over 10 years ago with out of date email addresses that I just know won't be able to sign in. I can understand the concerns very well. This is not an easy decision. I hope IPS will give a good and smooth workflow for switching. The reason I have changed it on my 20 years old project was seeing unsuccessful attacks on old accounts. I have seen failed logins spread around the whole world by some user accounts. Sometimes 20 a day from Europe, Asia, and Africa. Nobody can travel this way. 😁 It has stopped after I have switched to the email-login. I assume the bots see the display names. This is a half of the valid login information. Then go and try passwords. If passwords are easy or common, they succeed. Randy Calvert and Marc 1 1
marklcfc Posted April 30 Author Posted April 30 (edited) On 4/28/2024 at 11:56 AM, Sonya* said: I do not have an issue, but one question: do you allow signing in with display name? Looks like the email addresses have been in a data breach, so looks like username is actually a more secure login not that IPS will change their mind on removing it 🙄 Edited April 30 by marklcfc
Jim M Posted April 30 Posted April 30 2 minutes ago, marklcfc said: Looks like the email addresses have been in a data breach, so looks like username is actually a more secure login not that IPS will change their mind on removing it 🙄 Odds are their username is also in that breach. G17 Media 1
marklcfc Posted May 8 Author Posted May 8 (edited) It's not just spam posts, I've had two account deletion requests in the past 24 hours from regular members and I almost deleted the account, but I checked the IP they came from one was from Kenya and the other was from Russia Edited May 8 by marklcfc
marklcfc Posted May 8 Author Posted May 8 And just realised I did delete an account a few days ago that may well have been hacked now😔
marklcfc Posted May 9 Author Posted May 9 Update - confirmed with one of the members that it was a genuine request, so maybe the other one is too, awaiting confirmation but if so the above can be ignored
Recommended Posts