Accounts hackered?!

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Get Involved
scheccia
Registered User
Posts: 94
Joined: Fri Feb 10, 2017 8:16 am

Accounts hackered?!

Post by scheccia »

In the last days... More users are hackered, we found topic with link to

Code: Select all

te.me/pump_upp
...
I googled this link and there are many phpbb forums with posts with these links, so with hackered account...
is it a coincidence or there is something?
Last edited by Mick on Mon Feb 13, 2023 7:55 pm, edited 1 time in total.
Reason: Solved.
Bigman1971
Registered User
Posts: 1
Joined: Sun Jan 15, 2023 7:49 pm

Re: Accounts hackered?!

Post by Bigman1971 »

Same here... have no clue what is happening.

Used where mostly very rare used user accounts... but how did the manage to get the passwords?

Seems to hit many PHPBB forums...
User avatar
Kailey
Community Team Leader
Community Team Leader
Posts: 3911
Joined: Mon Sep 01, 2014 1:00 am
Location: sudo rm -rf /
Name: Kailey Snay

Re: Accounts hackered?!

Post by Kailey »

We are aware of old accounts being used to post spam links. This is not an issue with phpBB's security. Most likely these accounts were using the same username/password as used on some other websites.
Kailey Snay - Community Team Leader
Knowledge Base | Documentation | Community rules
If you have any questions about the rules/customs of this website, feel free to send me a PM.

My little corner of the world | Administrator @ phpBB Modders
User avatar
[Dimetrodon]
Registered User
Posts: 485
Joined: Tue Aug 30, 2022 3:29 am
Location: Paleozoic Era

Re: Accounts hackered?!

Post by [Dimetrodon] »

I've googled it and found it on boards that are not running phpBB as well, so it isn't specific to phpBB.

As for anyone seeing it, don't click the link. It's another crypto scam.
Avatar by Phoenix-of-Starlight.
bikeridr
Registered User
Posts: 92
Joined: Wed Oct 14, 2020 9:19 pm

Re: Accounts hackered?!

Post by bikeridr »

I reported one this morning, a user with 9 posts since 2015 and it was taken care of within a few minutes.
(I don't use the same password/email configuration in any of my logins).
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26849
Joined: Fri Aug 29, 2008 9:49 am

Re: Accounts hackered?!

Post by Mick »

It looks like this person has been busy, you can choose to ban this IP if you wish.

https://cleantalk.org/blacklists/109.107.166.230
  • "The more connected we get the more alone we become” - Kyle Broflovski© 🇬🇧
User avatar
[Dimetrodon]
Registered User
Posts: 485
Joined: Tue Aug 30, 2022 3:29 am
Location: Paleozoic Era

Re: Accounts hackered?!

Post by [Dimetrodon] »

Mick wrote: Mon Jan 16, 2023 4:42 pm It looks like this person has been busy, you can choose to ban this IP if you wish.

https://cleantalk.org/blacklists/109.107.166.230
I'm surprised they would brute force just to spam. I would expect it to be more worthwhile to take advantage of many sites not having sufficient anti-spam measures and spam with new accounts.

As for phpBB board owners, this looks promising to ensure people like that have a greater difficulty compromising privileged accounts: https://github.com/phpbb-extensions/teamsecurity
Avatar by Phoenix-of-Starlight.
scheccia
Registered User
Posts: 94
Joined: Fri Feb 10, 2017 8:16 am

Re: Accounts hackered?!

Post by scheccia »

crypto.jpg
is very strange, it's very strange, all different users
You do not have the required permissions to view the files attached to this post.
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26849
Joined: Fri Aug 29, 2008 9:49 am

Re: Accounts hackered?!

Post by Mick »

Are they all the same IP though?
  • "The more connected we get the more alone we become” - Kyle Broflovski© 🇬🇧
User avatar
Le_Spirit
Registered User
Posts: 10
Joined: Thu Sep 03, 2015 5:19 pm

Re: Accounts hackered?!

Post by Le_Spirit »

^ no they're not, and most of the ip's are comming thru CloudFlare (CF) anyway. What we've done on our board to discourage the spammers, that effectively seem to use old, dormant accounts is to use the word censor in the Administrator control panel -> Posting -> Word censoring option to make those st**pid posts look even st**pider but harmless:

replaced c.rypto p.umps by stinky socks
replaced @.pump_upp by banned
replaced v.erifpro by stop that scam please
replaced v.erifpro.net by stop that scam please

the dots above should be removed of course :)
scheccia
Registered User
Posts: 94
Joined: Fri Feb 10, 2017 8:16 am

Re: Accounts hackered?!

Post by scheccia »

Mick wrote: Tue Jan 17, 2023 8:17 am Are they all the same IP though?

Code: Select all

109.107.166.230
109.107.166.230
109.107.166.230
yes all 3 post
crypto.jpg
You do not have the required permissions to view the files attached to this post.
User avatar
Le_Spirit
Registered User
Posts: 10
Joined: Thu Sep 03, 2015 5:19 pm

Re: Accounts hackered?!

Post by Le_Spirit »

caught the same spam, with different IP

37.220.87.25
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26849
Joined: Fri Aug 29, 2008 9:49 am

Re: Accounts hackered?!

Post by Mick »

Le_Spirit wrote: Tue Jan 17, 2023 9:58 amdifferent IP
Cleantalk reports that IP too for the same reasons (brute forcing etc) as the first above https://cleantalk.org/blacklists/37.220.87.25
  • "The more connected we get the more alone we become” - Kyle Broflovski© 🇬🇧
User avatar
[Dimetrodon]
Registered User
Posts: 485
Joined: Tue Aug 30, 2022 3:29 am
Location: Paleozoic Era

Re: Accounts hackered?!

Post by [Dimetrodon] »

Banning IPs is a useless endeavor. Criminals of this nature are going to be able to change their IP address.
Avatar by Phoenix-of-Starlight.
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26849
Joined: Fri Aug 29, 2008 9:49 am

Re: Accounts hackered?!

Post by Mick »

I’m well aware of the issues with IP banning but in this case this spammer did all his work in large bursts using the same IP address because he’d accessed username/password information hence the cleantalk report so a quick ban would halt him in his tracks until he changes things.
  • "The more connected we get the more alone we become” - Kyle Broflovski© 🇬🇧

Return to “phpBB Discussion”