marklcfc Posted April 28 Share Posted April 28 Last week a new member signed up and posted a spam link to a dating site, then today a member with 15k+ posts made the exact same post. Something not right with this Jelly Belly™ 1 Link to comment Share on other sites More sharing options...
Jelly Belly™ Posted April 28 Share Posted April 28 my site is experiencing the same problem, last night a 10 year member posted his first post and it was similar to yours Link to comment Share on other sites More sharing options...
Sonya* Posted April 28 Share Posted April 28 I do not have an issue, but one question: do you allow signing in with display name? Link to comment Share on other sites More sharing options...
Meris4x4 Posted April 28 Share Posted April 28 simply his password was guessed by the bots. G17 Media and SeNioR- 1 1 Link to comment Share on other sites More sharing options...
TDBF Posted April 28 Share Posted April 28 44 minutes ago, marklcfc said: Last week a new member signed up and posted a spam link to a dating site, then today a member with 15k+ posts made the exact same post. Something not right with this Did you check the user's IP address, Device details etc between this post and their other ones? Not related to this, but congrats on promotion this year. 🙂 Link to comment Share on other sites More sharing options...
marklcfc Posted April 28 Author Share Posted April 28 (edited) 1 hour ago, Sonya* said: I do not have an issue, but one question: do you allow signing in with display name? I do, always have done but never had any problems with it. Don't want to change as have many members that registered over 10 years ago with out of date email addresses that I just know won't be able to sign in. 57 minutes ago, TDBF said: Did you check the user's IP address, Device details etc between this post and their other ones? Not related to this, but congrats on promotion this year. 🙂 The IP address goes to Netherlands. Last time it went to London, and my mistake it wasn't a new member. It was a current member although hadn't been active for a while Both links go to matchlife.now Edited April 28 by marklcfc Link to comment Share on other sites More sharing options...
Jim M Posted April 28 Share Posted April 28 I would recommend reading through this topic here as it is related to this, if not the same issue: Link to comment Share on other sites More sharing options...
marklcfc Posted April 28 Author Share Posted April 28 9 minutes ago, Jim M said: I would recommend reading through this topic here as it is related to this, if not the same issue: Doesn't really help as the suggestions in there seem to be for new accounts, which I already have on mod queue and no new members have actually made this spam posts, its been current members Link to comment Share on other sites More sharing options...
Jim M Posted April 28 Share Posted April 28 8 minutes ago, marklcfc said: Doesn't really help as the suggestions in there seem to be for new accounts, which I already have on mod queue and no new members have actually made this spam posts, its been current members You will want to read through the whole topic, as it discusses how spammers are logging into accounts which have had credentials compromised through other sites and posting spam on yours. Enabling Two Factor Authentication is the best way to combat this for the future. You may also wish to use the force password reset function, which is also discussed in that topic, on all members if you see this happening a ton. SeNioR- 1 Link to comment Share on other sites More sharing options...
TDBF Posted April 28 Share Posted April 28 53 minutes ago, marklcfc said: I do, always have done but never had any problems with it. Don't want to change as have many members that registered over 10 years ago with out of date email addresses that I just know won't be able to sign in. The IP address goes to Netherlands. Last time it went to London, and my mistake it wasn't a new member. It was a current member although hadn't been active for a while Both links go to matchlife.now Sounds like the account has been compromised. Maybe do a check to see if the email address has been leaked/compromised. Link to comment Share on other sites More sharing options...
Sonya* Posted April 28 Share Posted April 28 6 hours ago, marklcfc said: I do, always have done but never had any problems with it. Don't want to change as have many members that registered over 10 years ago with out of date email addresses that I just know won't be able to sign in. I can understand the concerns very well. This is not an easy decision. I hope IPS will give a good and smooth workflow for switching. The reason I have changed it on my 20 years old project was seeing unsuccessful attacks on old accounts. I have seen failed logins spread around the whole world by some user accounts. Sometimes 20 a day from Europe, Asia, and Africa. Nobody can travel this way. 😁 It has stopped after I have switched to the email-login. I assume the bots see the display names. This is a half of the valid login information. Then go and try passwords. If passwords are easy or common, they succeed. Randy Calvert and Marc Stridgen 1 1 Link to comment Share on other sites More sharing options...
marklcfc Posted April 30 Author Share Posted April 30 (edited) On 4/28/2024 at 11:56 AM, Sonya* said: I do not have an issue, but one question: do you allow signing in with display name? Looks like the email addresses have been in a data breach, so looks like username is actually a more secure login not that IPS will change their mind on removing it 🙄 Edited April 30 by marklcfc Link to comment Share on other sites More sharing options...
Jim M Posted April 30 Share Posted April 30 2 minutes ago, marklcfc said: Looks like the email addresses have been in a data breach, so looks like username is actually a more secure login not that IPS will change their mind on removing it 🙄 Odds are their username is also in that breach. G17 Media 1 Link to comment Share on other sites More sharing options...
Recommended Posts