fmro

Thank you for your feedback on this. I will do a general logout on all users and force reset pass.

Something similar is happening to me since October, meaning that someone is getting access to accounts, especially old accounts with no posts and is spamming my forum. I tried banning IP's (is using abroad IPs like from US or Germany). I am out of ideas of how to contain this crisis, so as a last resort I decided to switch registrations to email and admin validation. The problem is that everything is up to date, like I am using PHP Version 8.1.20 and Invision Community v4.7.19. I am hosted to a webhosting company on a Ubuntu Linux 18.04.6, where the ftp access is done by putty with a private key, while I can also upload files using the file manager from the webmin interface. Any suggestions on how to fix this?