XF 2.2 Old users are becoming SPAM everyday !

Sadiq6210

Well-known member
Hello

Recently I upgraded our forum from 2.2.8 to latest version and I noticed that many old users are becoming SPAM everyday (5 to 10 old memberships are stolen everyday and posting spam threads). I can't see any relation between the upgrade and the issue, however, this is what happened. Is it a coincidence? Is this a new method of SPAM attacking to steal the users accounts instead of new registration? I mean I am moderating this forum since 2006, moved to Xenforo since 2015 and I didn't face something similar.

Currently I am trying to control the SPAM posts by banning many valuable old users everyday.
Anyone is facing same issue? and advise?
 
I hope also in emails.

Yes, hotlink protection also works in emails.

Yeah, figured as much, but maybe there's a way to have some functionality inside of it (maybe for stock 2.3 @Chris D ?). The way I see it adding a captcha to the admin cp login wouldn't prove that much more secure because a captcha would be missing from the install path anyway (which could/should be renamed or otherwise restricted by htaccess, but I digress) and an attacker could actually do a serious amount of damage there (for example by doing a fresh install). Not saying that couldn't be remedied by restoring from backups, but it'd be damage nonetheless.

Be sure that you're using 2-factor authentication for all accounts with access to your Admin CP. This will provide more security than a CAPTCHA.
 
I don't think this is a good approach:
CAPTCHAs are usually really annoying - forcing them on every login could have a significantly negative impact on usability, especialy for users that like to clear their cookies whenever they close their browser.
Well, I can tell you: Yes, users are a bit annoyed and some complain. No, it does not increase usability. BUT: It does not really decrease activity in our forums. ;)

For me the Pro's overweight the Con's and it is a good solution to protect accounts with weak passwords and also protect the community form spam. Also keep in mind, that an attacker might use private details found in a hacked account against the account holder; not only spam is a possible problem, that matters here.. :-/
 
Discord's been doing a large wave of deleting accounts that have been inactive 2+ years. I also keep seeing older accounts even ones that are being in use being hijacked and used for spamming. This must be why Discord's deleting older inactive accounts. Makes sense.
 
Or this one...

Upload images in the quick editor and never post a reply. Use the URL of those images in an email for various phishing attacks. The URL points to your forum (images are uploaded to your server).
Same thing has happened to me, also contacted by mail. Those attachments are only viewable with the hash and are deleted after 24 hours.

Option to set shorter time would indeed be good idea.
 
I have since added protection to my install page with Cloudflare Access.

Surprised this isn't getting more concern or attention. Am I missing something?
It is overlooked, I agree.

We had an htaccess rule to control it in the past, but I put that under the Cloudflare Access rules now as well, same as with our admin pages. Staff finds it much easier as nobody could ever remember their passwords for htaccess (and/or it was too confusing).
 
Top Bottom