Spam post / possible hack?

marklcfc · April 28

Last week a new member signed up and posted a spam link to a dating site, then today a member with 15k+ posts made the exact same post. Something not right with this

Jelly Belly™ · April 28

my site is experiencing the same problem, last night a 10 year member posted his first post and it was similar to yours

Sonya* · April 28

I do not have an issue, but one question: do you allow signing in with display name?

Meris4x4 · April 28

simply his password was guessed by the bots.

TDBF · April 28

44 minutes ago, marklcfc said:

Last week a new member signed up and posted a spam link to a dating site, then today a member with 15k+ posts made the exact same post. Something not right with this

Did you check the user's IP address, Device details etc between this post and their other ones?

Not related to this, but congrats on promotion this year. 🙂

marklcfc · April 28

1 hour ago, Sonya* said:

I do not have an issue, but one question: do you allow signing in with display name?

I do, always have done but never had any problems with it. Don't want to change as have many members that registered over 10 years ago with out of date email addresses that I just know won't be able to sign in.

57 minutes ago, TDBF said:

Did you check the user's IP address, Device details etc between this post and their other ones?

Not related to this, but congrats on promotion this year. 🙂

The IP address goes to Netherlands. Last time it went to London, and my mistake it wasn't a new member. It was a current member although hadn't been active for a while

Both links go to matchlife.now

Edited April 28 by marklcfc

Jim M · April 28

I would recommend reading through this topic here as it is related to this, if not the same issue:

marklcfc · April 28

9 minutes ago, Jim M said:

I would recommend reading through this topic here as it is related to this, if not the same issue:

Doesn't really help as the suggestions in there seem to be for new accounts, which I already have on mod queue and no new members have actually made this spam posts, its been current members

Jim M · April 28

8 minutes ago, marklcfc said:

Doesn't really help as the suggestions in there seem to be for new accounts, which I already have on mod queue and no new members have actually made this spam posts, its been current members

You will want to read through the whole topic, as it discusses how spammers are logging into accounts which have had credentials compromised through other sites and posting spam on yours. Enabling Two Factor Authentication is the best way to combat this for the future. You may also wish to use the force password reset function, which is also discussed in that topic, on all members if you see this happening a ton.

TDBF · April 28

53 minutes ago, marklcfc said:

I do, always have done but never had any problems with it. Don't want to change as have many members that registered over 10 years ago with out of date email addresses that I just know won't be able to sign in.

The IP address goes to Netherlands. Last time it went to London, and my mistake it wasn't a new member. It was a current member although hadn't been active for a while

Both links go to matchlife.now

Sounds like the account has been compromised. Maybe do a check to see if the email address has been leaked/compromised.

Sonya* · April 28

6 hours ago, marklcfc said:

I do, always have done but never had any problems with it. Don't want to change as have many members that registered over 10 years ago with out of date email addresses that I just know won't be able to sign in.

I can understand the concerns very well. This is not an easy decision. I hope IPS will give a good and smooth workflow for switching.

The reason I have changed it on my 20 years old project was seeing unsuccessful attacks on old accounts. I have seen failed logins spread around the whole world by some user accounts. Sometimes 20 a day from Europe, Asia, and Africa. Nobody can travel this way. 😁

It has stopped after I have switched to the email-login. I assume the bots see the display names. This is a half of the valid login information. Then go and try passwords. If passwords are easy or common, they succeed.

marklcfc · April 30

On 4/28/2024 at 11:56 AM, Sonya* said:

I do not have an issue, but one question: do you allow signing in with display name?

Looks like the email addresses have been in a data breach, so looks like username is actually a more secure login not that IPS will change their mind on removing it 🙄

Edited April 30 by marklcfc

Jim M · April 30

2 minutes ago, marklcfc said:

Looks like the email addresses have been in a data breach, so looks like username is actually a more secure login not that IPS will change their mind on removing it 🙄

Odds are their username is also in that breach.

marklcfc · May 8

It's not just spam posts, I've had two account deletion requests in the past 24 hours from regular members and I almost deleted the account, but I checked the IP they came from one was from Kenya and the other was from Russia

Edited May 8 by marklcfc

marklcfc · May 8

And just realised I did delete an account a few days ago that may well have been hacked now😔

marklcfc · May 9

Update - confirmed with one of the members that it was a genuine request, so maybe the other one is too, awaiting confirmation but if so the above can be ignored

Invision Community 4: SEO, prepare for v5 and dormant account notifications

Invision Community 5: Beta testing and latest updates

Invision Community 4: A more professional report center

Invision Community 5: A video walkthrough creating a custom theme and homepage

Spam post / possible hack?

Recommended Posts

marklcfc

Jelly Belly™

Sonya*

Meris4x4

TDBF

marklcfc

Jim M

marklcfc

Jim M

TDBF

Sonya*

marklcfc

Jim M

marklcfc

marklcfc

marklcfc

Recently Browsing 0 members

More