@Pablo BJB Also as part of your troubleshooting, it might be helpful to take a look at some bot control mechanisms.
CloudFlare Turnstile :
https://www.cloudflare.com/products/turnstile/
And also the CloudFlare free plan: https://www.cloudflare.com/plans/
CloudFlare free plan should help with some website performance issues (DDOS / others). The $20 / month (paid yearly) or $25 per month (paid monthly) might be worth it based on your use case [Your sysadmin will probably have more technical info on this]
While CloudFlare Turnstile doesn't require the user to do anything (like other captcha's make the user select images), I haven't had first hand experience with it. Some reddit reviews say some good things about Turnstile. Since it's free, might be worth trying to see if the bot problem is mitigated. Alternatively you can also consider other popular captcha services. [Again you sysadmin will have latest on the ground reliability and usefulness of these captcha services. If and when you choose to deploy any bot mitigation service, do consider monitoring the end result (website usability, forum users feedback and whether they like it or not, or if the captcha becomes a major friction point / pain for your users) and then re-evaluate.]
Good luck with your troubleshooting.
Hello @Pablo BJB,
1. Kindly take a look at this link:
https://www.conquer-your-risk.com/2022/11/30/4-websites-to-check-if-your-password-is-in-the-darkweb/
https://haveibeenpwned.com/
The above website (have i been pwned) should be helpful in exploring the possibility that your user's accounts were breached as part of various data breaches at various companies and compounded by potential password sharing.
The above website (have i been pwned) allows you to enter the email address and it will show all the breaches for that particular email address (you might have to scroll down a bit to see the detailed breach history).
As part of troubleshooting and diagnosis, kindly consider checking various email addresses of the users you suspect are posting spam (perhaps involuntarily due to things going wrong somewhere and them being a trusted user) in the above website (have i been pwned). If their credentials were breached, you will probably see their email addresses as part of multiple breaches.
2. As part of further troubleshooting and diagnosis effort, you could perhaps contact the user (assuming you have their phone number - sms / call as you deem appropriate, or send a personal email to their registered email - different from the usual forum notification which they might not read) and perhaps convince them to change their password and add in a 2FA and see if the problem goes away. This way you might be able to mitigate the issue. Part of the problem in handling data breaches is that people don't know that their credentials have been breached. And as a friendly suggestion, you might want to word it in a way that doesn't set off panic in the contacted user : (hey, I need your help in troubleshooting an issue with the forum, something along the lines of that, describe the issue and long term trusted users should be more than willing to help you out). And (assuming) that if indeed the user's creds have been breached, your user would need to change the passwords on all affected services.
Good luck with your troubleshooting and do keep us posted.
TwinTurbo got a reaction from Safety1st in Security issue? Bots logs in as an existing forum account and opens a topic
TwinTurbo got a reaction from Pablo BJB in Security issue? Bots logs in as an existing forum account and opens a topic
