XF 2.2 New spam activity - what's the best way to fix this?

[Sal Collaziano]

Lately, I've been seeing something new in my forums. Old accounts that haven't been logged into for some time - are being accessed (assuming easily guessed passwords) by spammers to, at this point in time, attempt to post links to "casual dating" websites. I say "attempt" because most are unsuccessful (need approval).

What I'd like to do is prevent those accounts from being accessed by unauthorized users. Not sure if the user's email address has been previously compromised - so sending a new password might not work. Any advice would be appreciated - along with any mention of this happening to other admins...

 

[Paul B]

It's due to a recent data dump and password reuse.

https://xenforo.com/community/threa...isting-accounts-with-no-need-to-login.211713/

 

[Ozzy47]

Use this, https://xenforo.com/community/resources/ozzmodz-security-lock-old-accounts.9372/

 

[Sal Collaziano]

It's due to a recent data dump and password reuse.

https://xenforo.com/community/threa...isting-accounts-with-no-need-to-login.211713/

Thank you...

Use this, https://xenforo.com/community/resources/ozzmodz-security-lock-old-accounts.9372/

Awesome! Thank you...

 

[webbouk]

Is it possible to alter old accounts so that their posts need approval before displaying rather than force a password reset bearing in mind a lot of old accounts might also have old email addresses no longer in use?

Eg: Registered account, last seen >12months (variable?), new post/reply requires moderator approval
Once the post/reply is approved the clock counts down again, if not approved the clock remains as is.

 

[Paul B]

User group promotion.

 

[webbouk]

Excellent, thanks