Accounts hackered?!

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Scam Warning
User avatar
[Dimetrodon]
Registered User
Posts: 438
Joined: Tue Aug 30, 2022 3:29 am
Location: Paleozoic Era
Contact:

Re: Accounts hackered?!

Post by [Dimetrodon] »

If this is a large scale operation, they probably have botnets doing this, and I would guess that he is using multiple computers at the same time, and thus, has many different IP addresses at his disposal. We're probably only seeing the tip of the iceberg to be honest.
Avatar by someone named AdmiralRA on Reddit. (No, I don't have a Reddit account)
When seeking support, please consider filling out the Support Request Template. It makes it easier for anyone trying to help.
User avatar
killerbees19
Registered User
Posts: 2
Joined: Wed Sep 06, 2006 5:58 pm
Location: Vienna (Austria)
Name: Christian
Contact:

Re: Accounts hackered?!

Post by killerbees19 »

- Deleted, wrong assumption after reviewing all informations again. -
» Real programmers don't comment. If it was hard to write, it should be hard to understand!
vnznz
Registered User
Posts: 3
Joined: Wed Jan 18, 2023 8:35 am

Accounts hackered?!

Post by vnznz »

Usually this kind of account hijacks can be prevented be requiring email authentication for accounts with long periods of inactivity and/or integrating with a breached passwords checker like Pwned Passwords.

Is there something similar for phpBB?
User avatar
[Dimetrodon]
Registered User
Posts: 438
Joined: Tue Aug 30, 2022 3:29 am
Location: Paleozoic Era
Contact:

Re: Accounts hackered?!

Post by [Dimetrodon] »

Maybe stricter password requirements than average. I don't think there needs to be in any integration with password checkers.
Avatar by someone named AdmiralRA on Reddit. (No, I don't have a Reddit account)
When seeking support, please consider filling out the Support Request Template. It makes it easier for anyone trying to help.
User avatar
P_I
Community Team Member
Community Team Member
Posts: 2353
Joined: Tue Mar 01, 2011 8:35 pm
Location: Western Canada 🇨🇦
Contact:

Re: Accounts hackered?!

Post by P_I »

On all my phpBB boards the phpBB • Password Strength - Contribution Details is a core installed extension.
Normal people… believe that if it ain’t broke, don’t fix it. Engineers believe that if it ain’t broke, it doesn’t have enough features yet. – Scott Adams
vnznz
Registered User
Posts: 3
Joined: Wed Jan 18, 2023 8:35 am

Re: Accounts hackered?!

Post by vnznz »

P_I wrote: Wed Jan 18, 2023 2:07 pm On all my phpBB boards the phpBB • Password Strength - Contribution Details is a core installed extension.
Is this just for sign-ups or can you check password strength on every login? Because for us these hijacks target old accounts.

Also password complexity doesn't necessarily indicate if a login is done using leaked credentials. Some people simply re-use their complicated password everywhere.
User avatar
P_I
Community Team Member
Community Team Member
Posts: 2353
Joined: Tue Mar 01, 2011 8:35 pm
Location: Western Canada 🇨🇦
Contact:

Re: Accounts hackered?!

Post by P_I »

Did you check out the contribution page as it provides the details.

You are correct that password strength alone isn't sufficient but it helps at least remind the user about the need to think about their password security.
Normal people… believe that if it ain’t broke, don’t fix it. Engineers believe that if it ain’t broke, it doesn’t have enough features yet. – Scott Adams
vnznz
Registered User
Posts: 3
Joined: Wed Jan 18, 2023 8:35 am

Re: Accounts hackered?!

Post by vnznz »

Yes I checked the page and that's why I asked, because I don't see how it can help me prevent hijacks happening right now for old accounts.
User avatar
[Dimetrodon]
Registered User
Posts: 438
Joined: Tue Aug 30, 2022 3:29 am
Location: Paleozoic Era
Contact:

Re: Accounts hackered?!

Post by [Dimetrodon] »

vnznz wrote: Wed Jan 18, 2023 3:34 pm Yes I checked the page and that's why I asked, because I don't see how it can help me prevent hijacks happening right now for old accounts.
It won't but it will help future users not make the same password mistakes.

If an old account gets hacked, the only real thing you can do is delete the spam posts and disable the account.
Avatar by someone named AdmiralRA on Reddit. (No, I don't have a Reddit account)
When seeking support, please consider filling out the Support Request Template. It makes it easier for anyone trying to help.
User avatar
alex75
Registered User
Posts: 509
Joined: Sun Jun 10, 2012 9:09 am
Location: Italy
Name: Alessandro
Contact:

Re: Accounts hackered?!

Post by alex75 »

Same thing happened to me too, on 2 different forums. same spam link, same ip. I blocked the ip

Code: Select all

5.61.55.218
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26505
Joined: Fri Aug 29, 2008 9:49 am

Re: Accounts hackered?!

Post by Mick »

[Dimetrodon] wrote: Wed Jan 18, 2023 3:47 pmdisable the account
You could always change the password, at least that would thwart the spammer and the owner of the account could then request a new password, no harm done.
  • "The more connected we get the more alone we become" - Kyle Broflovski©
  • "The good news is hell is just the product of a morbid human imagination.
    The bad news is, whatever humans can imagine, they can usually create.
    " - Harmony Cobel
User avatar
alex75
Registered User
Posts: 509
Joined: Sun Jun 10, 2012 9:09 am
Location: Italy
Name: Alessandro
Contact:

Re: Accounts hackered?!

Post by alex75 »

Exactly. I did too. I initially banned the user, but when I figured out what happened, I re-enabled him and changed the password. on his return he can re-enter by changing the password.
bidouille
Registered User
Posts: 17
Joined: Fri Sep 15, 2006 3:27 pm
Location: France

Re: Accounts hackered?!

Post by bidouille »

Kailey wrote: Sun Jan 15, 2023 8:02 pmThis is not an issue with phpBB's security. Most likely these accounts were using the same username/password.
Are you sure?
Because allowing same datas for username/password is a security issue for me.
I open this https://tracker.phpbb.com/browse/PHPBB3-17096
User avatar
Kailey
Community Team Leader
Community Team Leader
Posts: 3732
Joined: Mon Sep 01, 2014 1:00 am
Location: sudo rm -rf /
Name: Kailey Snay
Contact:

Re: Accounts hackered?!

Post by Kailey »

bidouille wrote: Fri Jan 20, 2023 1:45 pm Because allowing same datas for username/password is a security issue for me.
I think you misunderstood me. I was referring to someone using the same username/password on a site unrelated to phpBB.
Kailey Snay - Community Team Leader
Knowledge Base | Documentation | Community rules

If you have any questions about the rules/customs of this website, feel free to send me a PM.
User avatar
Scanialady
Registered User
Posts: 421
Joined: Thu Jan 17, 2013 7:09 pm
Location: Germany
Name: Annette
Contact:

Re: Accounts hackered?!

Post by Scanialady »

Mick wrote: Mon Jan 16, 2023 4:42 pm It looks like this person has been busy, you can choose to ban this IP if you wish.

https://cleantalk.org/blacklists/109.107.166.230
It seems to be a known network of spammers and attackers with this addresses (and may be more) = PONYNET (nice name for trojans...)

https://networksdb.io/ip-addresses-of/f ... -solutions

View: https://threatresearch.ext.hp.com/mappi ... n-network/
My 2 cents: Whether an extension is in the CDB says nothing about its quality. It is more important to read the support topics for it. Better to avoid authors who do not answer support questions themselves, who do not update their stuff, and who do not fix bugs for years.
Post Reply

Return to “phpBB Discussion”