XF 2.2 Old users are becoming SPAM everyday !

Sadiq6210 · Feb 13, 2024

Hello

Recently I upgraded our forum from 2.2.8 to latest version and I noticed that many old users are becoming SPAM everyday (5 to 10 old memberships are stolen everyday and posting spam threads). I can't see any relation between the upgrade and the issue, however, this is what happened. Is it a coincidence? Is this a new method of SPAM attacking to steal the users accounts instead of new registration? I mean I am moderating this forum since 2006, moved to Xenforo since 2015 and I didn't face something similar.

Currently I am trying to control the SPAM posts by banning many valuable old users everyday.
Anyone is facing same issue? and advise?

DeltaHF · May 16, 2024

BassMan said:
I hope also in emails.

Yes, hotlink protection also works in emails.

SeToY said:
Yeah, figured as much, but maybe there's a way to have some functionality inside of it (maybe for stock 2.3 @Chris D ?). The way I see it adding a captcha to the admin cp login wouldn't prove that much more secure because a captcha would be missing from the install path anyway (which could/should be renamed or otherwise restricted by htaccess, but I digress) and an attacker could actually do a serious amount of damage there (for example by doing a fresh install). Not saying that couldn't be remedied by restoring from backups, but it'd be damage nonetheless.

Be sure that you're using 2-factor authentication for all accounts with access to your Admin CP. This will provide more security than a CAPTCHA.

BassMan · May 16, 2024

DeltaHF said:
Be sure that you're using 2-factor authentication for all accounts with access to your Admin CP. This will provide more security than a CAPTCHA.

Don't worry, I use it anywhere I can.

SeToY · May 16, 2024

DeltaHF said:
Be sure that you're using 2-factor authentication for all accounts with access to your Admin CP. This will provide more security than a CAPTCHA.

Already have that (even for mods), but this doesn't work on the install login form, or does it? not sure honestly

nocte · May 16, 2024

Kirby said:
I don't think this is a good approach:
CAPTCHAs are usually really annoying - forcing them on every login could have a significantly negative impact on usability, especialy for users that like to clear their cookies whenever they close their browser.

Well, I can tell you: Yes, users are a bit annoyed and some complain. No, it does not increase usability. BUT: It does not really decrease activity in our forums.

For me the Pro's overweight the Con's and it is a good solution to protect accounts with weak passwords and also protect the community form spam. Also keep in mind, that an attacker might use private details found in a hacked account against the account holder; not only spam is a possible problem, that matters here.. :-/

DeltaHF · May 17, 2024

SeToY said:
Already have that (even for mods), but this doesn't work on the install login form, or does it? not sure honestly

Good catch. I just tested it out and it does not ask for 2-factor authentication on the install page.

⭐ Alex ⭐ · May 17, 2024

Discord's been doing a large wave of deleting accounts that have been inactive 2+ years. I also keep seeing older accounts even ones that are being in use being hijacked and used for spamming. This must be why Discord's deleting older inactive accounts. Makes sense.

JOGARA · May 17, 2024

Been hit by a lot of spam over the past 2 weeks on a forum I manage.
Looks to be the use of password sharing between sites...

DeltaHF · May 17, 2024

DeltaHF said:
Good catch. I just tested it out and it does not ask for 2-factor authentication on the install page.

I have since added protection to my install page with Cloudflare Access.

Surprised this isn't getting more concern or attention. Am I missing something?

dutchbb · May 18, 2024

BassMan said:
Or this one...

Upload images in the quick editor and never post a reply. Use the URL of those images in an email for various phishing attacks. The URL points to your forum (images are uploaded to your server).

Same thing has happened to me, also contacted by mail. Those attachments are only viewable with the hash and are deleted after 24 hours.

Option to set shorter time would indeed be good idea.

⭐ Alex ⭐ · May 19, 2024

dutchbb said:
Same thing has happened to me, also contacted by mail. Those attachments are only viewable with the hash and are deleted after 24 hours.

Option to set shorter time would indeed be good idea.

Are they basically getting banned from image sharing websites and using random forums as media servers?

DeltaHF · May 21, 2024

⭐ Alex ⭐ said:
Are they basically getting banned from image sharing websites and using random forums as media servers?

Good question.

I would guess using URLs with good reputations makes them less likely to be filtered as spam by major email services, too.

Wildcat Media · Wednesday at 4:51 PM

DeltaHF said:
I have since added protection to my install page with Cloudflare Access.

Surprised this isn't getting more concern or attention. Am I missing something?

It is overlooked, I agree.

We had an htaccess rule to control it in the past, but I put that under the Cloudflare Access rules now as well, same as with our admin pages. Staff finds it much easier as nobody could ever remember their passwords for htaccess (and/or it was too confusing).

XF 2.2 Old users are becoming SPAM everyday !

Sadiq6210

Well-known member

DeltaHF

Well-known member

BassMan

Well-known member

SeToY

Well-known member

nocte

Well-known member

DeltaHF

Well-known member

⭐ Alex ⭐

Well-known member

JOGARA

Member

DeltaHF

Well-known member

dutchbb

Well-known member

⭐ Alex ⭐

Well-known member

DeltaHF

Well-known member

Wildcat Media

Well-known member

Similar threads

We value your privacy