Anyone getting any recent spam ? Social Dating sites ?

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Scam Warning
mrix2000
Registered User
Posts: 1279
Joined: Sun Dec 03, 2006 2:23 pm

Anyone getting any recent spam ? Social Dating sites ?

Post by mrix2000 »

Hi all, I had a member join who simply spam posted a Social Dating website about a week ago and today a established members who had not posted for a few months posted a similar dating site topic which is completely off-topic for my forum and out of character for this specific member.
I have sent a email to him but with no reply to date but I am obviously a little more concerned now having 2 similar posts within a week :? :shock:
This maybe not a forum software issue but I thought I would post just in case anyone had similar ?
User avatar
ssl
Registered User
Posts: 2020
Joined: Sat Feb 08, 2020 2:15 pm
Location: Le Lude, Pays de la Loire - France
Name: Fred Rimbert

Re: Anyone getting any recent spam ? Social Dating sites ?

Post by ssl »

Sorry for my English ... I do my best! :anger_right:

:point_right_tone3: phpBB: 3.3.14 | PHP: 8.3.12
:point_right_tone4: [Kill spam on phpBB] - [Some French translation of extensions]
"Mistress, Mistress someone is bothering me in pm"
mrix2000
Registered User
Posts: 1279
Joined: Sun Dec 03, 2006 2:23 pm

Re: Anyone getting any recent spam ? Social Dating sites ?

Post by mrix2000 »

So from my understanding there does appear to be a issue with the software in the fact its possible for someone to somehow hack into another members account and post to it :shock: :?
The post linked seems long and complex, can anyone simplify more basically why this happens ?
Thanks all
User avatar
KevC
Support Team Member
Support Team Member
Posts: 72612
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK

Re: Anyone getting any recent spam ? Social Dating sites ?

Post by KevC »

No.

It seems some other site has been compromised. Account logins are 'out there' and these spammers are exploiting sites (of all kinds of software) where those users have the same username/pw combinations on multiple sites.

They simply log in to long dormant accounts and post the spam.
Although quite how they think no one will notice and delete it I don't know. They're probably hoping to hit a few sites where the admin has disappeared and it'll stay up for a long time giving them SEO backlinks.
-:|:- Support Request Template -:|:-
Image
"Step up to red alert. Sir, are you absolutely sure? It does mean changing the bulb"
User avatar
thecoalman
Community Team Member
Community Team Member
Posts: 6411
Joined: Wed Dec 22, 2004 3:52 am
Location: Pennsylvania, U.S.A.

Re: Anyone getting any recent spam ? Social Dating sites ?

Post by thecoalman »

mrix2000 wrote: Mon Feb 26, 2024 4:28 pm The post linked seems long and complex, can anyone simplify more basically why this happens ?
Thanks all
When a server gets compromised they will download the table from any software that contains user data. From there they will attack the hashed passwords using common passwords and a dictionary attack. There is only about 250K English words so trying them all of them and combinations of them is fairly trivial. That's going to net them about 10 to 30 percent of the passwords. Now they have an associated username, email address and password they can try elsewhere.

This is why it's important to use strong passwords and different ones on different sites.
“Results! Why, man, I have gotten a lot of results! I have found several thousand things that won’t work.”

Attributed - Thomas Edison
mrix2000
Registered User
Posts: 1279
Joined: Sun Dec 03, 2006 2:23 pm

Re: Anyone getting any recent spam ? Social Dating sites ?

Post by mrix2000 »

Huge thanks for both the replies which does explain far more clearly the issue to me :) 8-)
mrix2000
Registered User
Posts: 1279
Joined: Sun Dec 03, 2006 2:23 pm

Re: Anyone getting any recent spam ? Social Dating sites ?

Post by mrix2000 »

Hello all, I have had this issue happen 3 times since I posted this problem and each time I have given the account very secure passwords which appeared to of worked 8-)
However today one of those account had once again been somehow compromised :shock: :? :(

It now appears there is another issue going on ?

I am running the latest software so any idea`s

Thanks for any help / feedback
User avatar
danieltj
Infrastructure Team Member
Infrastructure Team Member
Posts: 609
Joined: Thu May 03, 2018 9:32 pm
Location: United Kingdom
Name: Daniel James

Re: Anyone getting any recent spam ? Social Dating sites ?

Post by danieltj »

In cases where you’ve changed the password to something reasonably secure, it’s likely that the passwords and getting reset and then either a bot or a human is posting the spam.

You could add suspicious user accounts that post these spam links to a group that requires post moderation. That would at least prevent them from public ally spamming the board.
User avatar
KevC
Support Team Member
Support Team Member
Posts: 72612
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK

Re: Anyone getting any recent spam ? Social Dating sites ?

Post by KevC »

I just used the auto groups extension to make a group for people whose last visit was more than 300 days ago. They all go on the mod queue. That has caught the vast majority of these dormant accounts being used to spam.
-:|:- Support Request Template -:|:-
Image
"Step up to red alert. Sir, are you absolutely sure? It does mean changing the bulb"
User avatar
thecoalman
Community Team Member
Community Team Member
Posts: 6411
Joined: Wed Dec 22, 2004 3:52 am
Location: Pennsylvania, U.S.A.

Re: Anyone getting any recent spam ? Social Dating sites ?

Post by thecoalman »

If the password was reset it will be in the user logs. You can just type the username into the search box on user log page.
“Results! Why, man, I have gotten a lot of results! I have found several thousand things that won’t work.”

Attributed - Thomas Edison
mrix2000
Registered User
Posts: 1279
Joined: Sun Dec 03, 2006 2:23 pm

Re: Anyone getting any recent spam ? Social Dating sites ?

Post by mrix2000 »

Hello and and thanks for the feedback, this account had already had genuine posts to it on the theme of metal detecting which is what my forum is about so its not a person register to simply spam my forum, if it was then it would actually be better because I could simply remove the account and ban them, all New accounts at my forum have to first be approved by me and then they have a posting limit of 10 posts before they are no longer approved anymore.
This specific account was from 2018.
I would look closer at the other suggestions :D 8-)
User avatar
KevC
Support Team Member
Support Team Member
Posts: 72612
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK

Re: Anyone getting any recent spam ? Social Dating sites ?

Post by KevC »

They probably use the same account name and password on another site which has been compromised. The spammers then use that to find other sites where they have an account and simply log in and spam.

My suggestion earlier stops that because dormant accounts also go on the mod queue.
-:|:- Support Request Template -:|:-
Image
"Step up to red alert. Sir, are you absolutely sure? It does mean changing the bulb"

Return to “phpBB Discussion”