Deleted member querying data removal - GDPR

Slavik said:
Actually I believe if you for example, hash the [...] email using a 1 way algorithm, you can sidestep this rule.
Click to expand...
Ask two lawyers the same question and the chance that you will get three different answers is almost 99% ;)

There has been at least one decision by german authorities that hashing is not sufficient:
www.spiritlegal.com

German court orders deletion of customer lists in Facebook Custom Audiences

E-commerce retailer must not use Facebook Custom Audiences without consent
www.spiritlegal.com www.spiritlegal.com
The “hashing” operation (SHA-256) is not suitable for anonymising personal data.
Click to expand...

I'd therefore be careful and not store hashes of data like email or IP addresses after deleting an account.
 
Kirby said:
Ask two lawyers the same question and the chance that you will get three different answers is almost 99% ;)

There has been at least one decision by german authorities that hashing is not sufficient:
www.spiritlegal.com

German court orders deletion of customer lists in Facebook Custom Audiences

E-commerce retailer must not use Facebook Custom Audiences without consent
www.spiritlegal.com www.spiritlegal.com


I'd therefore be careful and not store hashes of data like email or IP addresses after deleting an account.
Click to expand...
Tend to disagree as if someone is stalking you for example you can give a copy of the banned ip and email list to police.
 
Alvin63 said:
Ok. So a member requested their account was closed. I made a note of their email address before deleting the account and anonymising it as "previous member" so any posts were anonymised. I then emailed them from the forum email confirming their account was closed as requested and their data removed as requested.

They are being awkward and have replied saying - if all my data has been removed, why are all my posts and photos still there.

As far as I'm aware, as long as their content is anonymised, I don't have to remove it do I? I'm in the Uk so subject to GDPR

"Your personal data has been removed from the database and server, your content has been anonymised.

But could do with a bit more than that. Could I say that the terms and conditions are clear that "You are granting us with a non-exclusive, permanent, irrevocable, unlimited license to use, publish, or re-publish your Content in connection with the Service. You retain copyright over the Content."

I guess they could argue - but I'm no longer a member so those terms and conditions don't apply now. What is the best way to handle this because I do not intend to remove all their content and mess up all the threads!

The irony is - if we are emailing then presumably her email address is still on the server! Or does that not count as it's not in the forum database.
Click to expand...

I might be very late to this party but I just want to throw in some insight. I haven't had time to read all the comments here so I don't know if I'll be repeating someone.

You should take into consideration, that you may be dealing with someone that has anxiety, so instead of throwing legalese at them which could cause a standoff and make them less comfortable, I think in the future if someone wants to delete their account just give them the low down first that it's an anonymizing of content functionality.

So, as a response, I would just be understanding such as: "I understand how you feel but to conserve the order of our forums this is how the account deletion system works. If you find any personal data I'll do my due diligence of anonymizing it."

And, you know what, if they want their pet name anonymized it seems simple enough just run a query into the database, that searches in posts by deleted user X and replaces the pet name with "deleted user X's pet". Maybe you'll need a simple python script in case the sql would be too complex, any of us can help you with that.

Even though they wanted to leave you still want to take care of your users right? So it shouldn't matter if they left or not. So basically this was them asking for help feeling comfortable about the account deletion.
 
Pardon my general ignorance on this subject, and apologies for the lengthy post.
(*Figured i need to provide context)

i'm very new to forum ownership/admin and particularly regarding all the legalities—of which, until recently (*~2 weeks), i'd no awareness for.

The forum i run isn't even 6 months old and only has 35 accounts.(*minus 8 "Sock" accounts i've discovered yesterday via checking for shared IPs)

About a month ago a new user joined—and immediately began spamming my DMs(*including veiled/implied threats against another female member), proactively harassing other members, and just basically went about posting utter garbage everywhere.(*some was literally toilet images of human feces).

It's just me alone doing all the Admin/Mod duties and on the first day this particular user had run amok i'd been overwhelmed attempting to get through dozens of his nonsensical DMs & idiotic Reports against other members.

Though at the end of the day i DM'd them several times requesting reasonability and essentially got no coherent response—yet i chose to give them the benefit of the doubt and didn't take any action other than deleting the toilet/feces images.

The following day the same user pretty much repeated this same feral behaviour and also began demanding i—and other members do this & that(*as if he owns the forum & the individuals)—inevitably(*after multiple informal DM warnings) i had to make the call to restrict this user.

So later that night (*after they'd logged off) i did just that.

i moved this feral users account to a restricted User group and set their account permissions in accordance.

Basically meaning the user can freely view the entirety of the forum—but can not directly interact except for within one specific node where i've afforded them(*& all regular users) an optional means to interact with each other voluntarily.
(*Absolutely all users in this unique node are able to post comments, threads, react, etc like normal.)

*Note: i also set this feral users account to require Two Step Verification.
(*It's definitely been a triggering factor as they've repeated ranted about it in subsequent-threatening correspondence.)

•Notable events since applying the restrictions;

Day 1: Heard nothing all day—until later that night the forum suddenly began receiving a flood of registration approval requests from abusively titled accounts—and the site simultaneously began lagging severely.

Fortunately at that moment a technician i'd hired to do installs/set-ups was still busily doing his thing and noticed what was occuring—immediately (*he'd claimed) blocking the IP which all of the 10-20± pending reg approval accounts shared.

The site lagging briefly ceased—but roughly an hour later it began again and got worse to the point where the site basically froze.
(*The technician had logged off by then.)

Day 2: i logged on to find that apparently the tech must've done something to resolve whatever was happening.
(*i asked yet he refused to explain anything unless i pay him for it-so i did and was bluntly-without any details-told it was caused by the restricted user.)

Day 3—til now(*roughly 3-4weeks): We've noticed random minor technical occurrences on & off until about 3 days ago when the first of 4 new accounts registered—to my astonishment-all share the original restricted accounts (*supposedly) blocked IP.

Each of these Sock accounts has immediately begun s###posting false accusations against my account and also threatening legal actions per GDPR requirements.

He demands that i give him full access so they can personally delete all content & personal information—or else he'll continue hacking the forum and will take legal action.

However i've repeatedly checked all these accounts details and (*other than the shared IP range) it's obvious that none of them contain any real-let alone personally identifiable information whatsoever—all have different (*customized-abusively titled) burner email addresses.

The details that this individual has provided are overtly fake and clearly meant to mislead by vaguely portraying different fictional identities so i wouldn't realize it's the same individual.

i've so far responded by restricting each of these accounts like i'd done with the first one.

Yet none have ever continued to interact at all-even though they can within the restricted node.

About 2 days ago (*immediately after approving what turned out to be the 4th Sock account) the forum came under sustained DDoS attack and i had to seek Xenforo assistance.
(*i didn't even know what DDoS was until this moment)

It took a couple of hours for the Xenforo DDoS protection to resolve the attack—though it did work thankfully.
(*And i'm very grateful for the help)

Which brings us to now.

i'm struggling to comprehend all the (*tbh surprise) technical & legal requirements.

Fact is that i'm largely ignorant of computery stuff and currently in the initial learning stages still.
(*no computer, just a smart###phone)

i only set-up the forum because i had-had a guts full of (*imo) ridiculously excessive (*often arbitrarily subjective) censorship impositions upon me & others.

In summary, i'm not really too bothered by any of this, although admittedly i'd be foolish to ignore the feral user's threats of continued hacking attacks combined with their repeated threats of GDPR legalities.

i'm totally unsure what i'm legally required to do here.

Do i delete the user's multiple accounts?

Do i delete all of the content they'd spewed throughout all threads?

i'm concerned that if i do this i would no longer have evidence of this individuals shocking behaviours, and won't be able to check pending registration requests against the range of IPs this feral user employs—and as a result risking another DDoS attack if unwittingly granting approval to this particular individual again.

Additional note: i am actually a registered member on this feral users own forum too, although won't ever login there again.
(*Nope, i never ever behaved badly either.)

Again, apologies for the lengthy post and thank you in advance for any constructive feedback. Certainly will be appreciated.

Cheers.
 
CuriousFiend said:
Pardon my general ignorance on this subject, and apologies for the lengthy post.
(*Figured i need to provide context)

i'm very new to forum ownership/admin and particularly regarding all the legalities—of which, until recently (*~2 weeks), i'd no awareness for.

The forum i run isn't even 6 months old and only has 35 accounts.(*minus 8 "Sock" accounts i've discovered yesterday via checking for shared IPs)

About a month ago a new user joined—and immediately began spamming my DMs(*including veiled/implied threats against another female member), proactively harassing other members, and just basically went about posting utter garbage everywhere.(*some was literally toilet images of human feces).

It's just me alone doing all the Admin/Mod duties and on the first day this particular user had run amok i'd been overwhelmed attempting to get through dozens of his nonsensical DMs & idiotic Reports against other members.

Though at the end of the day i DM'd them several times requesting reasonability and essentially got no coherent response—yet i chose to give them the benefit of the doubt and didn't take any action other than deleting the toilet/feces images.

The following day the same user pretty much repeated this same feral behaviour and also began demanding i—and other members do this & that(*as if he owns the forum & the individuals)—inevitably(*after multiple informal DM warnings) i had to make the call to restrict this user.

So later that night (*after they'd logged off) i did just that.

i moved this feral users account to a restricted User group and set their account permissions in accordance.

Basically meaning the user can freely view the entirety of the forum—but can not directly interact except for within one specific node where i've afforded them(*& all regular users) an optional means to interact with each other voluntarily.
(*Absolutely all users in this unique node are able to post comments, threads, react, etc like normal.)

*Note: i also set this feral users account to require Two Step Verification.
(*It's definitely been a triggering factor as they've repeated ranted about it in subsequent-threatening correspondence.)

•Notable events since applying the restrictions;

Day 1: Heard nothing all day—until later that night the forum suddenly began receiving a flood of registration approval requests from abusively titled accounts—and the site simultaneously began lagging severely.

Fortunately at that moment a technician i'd hired to do installs/set-ups was still busily doing his thing and noticed what was occuring—immediately (*he'd claimed) blocking the IP which all of the 10-20± pending reg approval accounts shared.

The site lagging briefly ceased—but roughly an hour later it began again and got worse to the point where the site basically froze.
(*The technician had logged off by then.)

Day 2: i logged on to find that apparently the tech must've done something to resolve whatever was happening.
(*i asked yet he refused to explain anything unless i pay him for it-so i did and was bluntly-without any details-told it was caused by the restricted user.)

Day 3—til now(*roughly 3-4weeks): We've noticed random minor technical occurrences on & off until about 3 days ago when the first of 4 new accounts registered—to my astonishment-all share the original restricted accounts (*supposedly) blocked IP.

Each of these Sock accounts has immediately begun s###posting false accusations against my account and also threatening legal actions per GDPR requirements.

He demands that i give him full access so they can personally delete all content & personal information—or else he'll continue hacking the forum and will take legal action.

However i've repeatedly checked all these accounts details and (*other than the shared IP range) it's obvious that none of them contain any real-let alone personally identifiable information whatsoever—all have different (*customized-abusively titled) burner email addresses.

The details that this individual has provided are overtly fake and clearly meant to mislead by vaguely portraying different fictional identities so i wouldn't realize it's the same individual.

i've so far responded by restricting each of these accounts like i'd done with the first one.

Yet none have ever continued to interact at all-even though they can within the restricted node.

About 2 days ago (*immediately after approving what turned out to be the 4th Sock account) the forum came under sustained DDoS attack and i had to seek Xenforo assistance.
(*i didn't even know what DDoS was until this moment)

It took a couple of hours for the Xenforo DDoS protection to resolve the attack—though it did work thankfully.
(*And i'm very grateful for the help)

Which brings us to now.

i'm struggling to comprehend all the (*tbh surprise) technical & legal requirements.

Fact is that i'm largely ignorant of computery stuff and currently in the initial learning stages still.
(*no computer, just a smart###phone)

i only set-up the forum because i had-had a guts full of (*imo) ridiculously excessive (*often arbitrarily subjective) censorship impositions upon me & others.

In summary, i'm not really too bothered by any of this, although admittedly i'd be foolish to ignore the feral user's threats of continued hacking attacks combined with their repeated threats of GDPR legalities.

i'm totally unsure what i'm legally required to do here.

Do i delete the user's multiple accounts?

Do i delete all of the content they'd spewed throughout all threads?

i'm concerned that if i do this i would no longer have evidence of this individuals shocking behaviours, and won't be able to check pending registration requests against the range of IPs this feral user employs—and as a result risking another DDoS attack if unwittingly granting approval to this particular individual again.

Additional note: i am actually a registered member on this feral users own forum too, although won't ever login there again.
(*Nope, i never ever behaved badly either.)

Again, apologies for the lengthy post and thank you in advance for any constructive feedback. Certainly will be appreciated.

Cheers.
Click to expand...
Ban his ip address.
 
I would make a note of his email address, then close his original account and email him saying "Please note your account has been deleted and all personally identifying data removed as per GDPR requirements".

When you delete the account it removes everything he posted on the forum (although I think conversations remain but instead of his name it will say deleted user 264 or similar. So when you delete the account, opt to choose to replace the name with "deleted user xxxx" - the option comes up to do that. He then has no need to go on the forum and remove his stuff. However his stuff will remain on the forum under the name "deleted user xxxxxxx" so it's anonymised.

He may email back saying - my photos and videos are still showing and those are personally identifying email. To which you reply "Please read the terms and conditions - your email and ip address and any other personally identifying info have been deleted from the database. Your content has been anonymised. If you find anything that personally identifies you, please send me the url and I will remove that photo/post.

You're then left with all the other accounts. I'd stick those in the separate usergroup for now with a view to deleting them later if all goes quiet.

Others will know more about banning IP addresses. Personally I would look at reporting him as a spammer so his Ip address is blacklisted. If he was determined, he could use a VPN and different IP addresses though.

He demands that i give him full access so they can personally delete all content & personal information—or else he'll continue hacking the forum and will take legal action.
Click to expand...

Do you have that in writing? He has confirmed he is hacking the forum and has made threats to continue to do so. You could possibly report him to the police. Whether you'd want to or not is another matter.
 
Alvin63 said:
I would make a note of his email address, then close his original account and email him saying "Please note your account has been deleted and all personally identifying data removed as per GDPR requirements".
Click to expand...
Thanks for sharing your wise insight, really do appreciate the assistance.

Wondering whether i ought to do that with all 5 of his email addresses, as if they're from separate individuals—or just the first one he used?

Alvin63 said:
When you delete the account it removes everything he posted on the forum (although I think conversations remain but instead of his name it will say deleted user 264 or similar. So when you delete the account, opt to choose to replace the name with "deleted user xxxx" - the option comes up to do that. He then has no need to go on the forum and remove his stuff. However his stuff will remain on the forum under the name "deleted user xxxxxxx" so it's anonymised.
Click to expand...
These are really good ideas.

Alvin63 said:
He may email back saying - my photos and videos are still showing and those are personally identifying email. To which you reply "Please read the terms and conditions - your email and ip address and any other personally identifying info have been deleted from the database. Your content has been anonymised. If you find anything that personally identifies you, please send me the url and I will remove that photo/post.
Click to expand...
Definitely going to do all of this.

Alvin63 said:
You're then left with all the other accounts. I'd stick those in the separate usergroup for now with a view to deleting them later if all goes quiet.
Click to expand...
And this too.

Alvin63 said:
Others will know more about banning IP addresses. Personally I would look at reporting him as a spammer so his Ip address is blacklisted. If he was determined, he could use a VPN and different IP addresses though.
Click to expand...
i can appreciate that and yeah him using a VPN is also a concern too.

Alvin63 said:
Do you have that in writing?
Click to expand...
😄Yep, screenshotted all of his nonsensically offensive correspondence from both my forum's DMs & from his forum's DMs too.

Since he's proactively smearing me by repeatedly-falsely throwing around accusations in public on my forum i wanted to show proof that he's lying, so i made a locked thread for members to see some of the correspondence for themselves.
(*Blanked out his Username)

Alvin63 said:
He has confirmed he is hacking the forum and has made threats to continue to do so. You could possibly report him to the police. Whether you'd want to or not is another matter.
Click to expand...
Below is a tiny sample, though i've blanked out the alias i'd given for him as well as swear words.

[*These took place via DMs on his forum during his first "hacking" campaign.]
IMG_20230501_152412.webpIMG_20230501_152437.webpIMG_20230501_152458.webp
Difficult to ascertain context from this alone, and frankly i don't know what "refreshing it a few hundred times" means, though suspect its some kind of hacking.

There are much more overt threats, however i just haven't the time to go through hundreds of his hysterical DMs right now.

Anyways, thank you kindly for your very helpful insight and suggestions.

Am going to go note his emails now, and prepare a response email as you've outlined.

🙂Cheers
 
Alvin63 said:
When you delete the account it removes everything he posted on the forum (although I think conversations remain but instead of his name it will say deleted user 264 or similar.
Click to expand...
No it's the other way around. Conversations and profile etc. get deleted (as I stated a few pages ago) and everything he posted will remain with the name "deleted user xxx" next to it as poster name.
 
Last edited:
Black Tiger said:
No it's the other way around. Conversations and profile etc. get deleted (as I stated a few pages ago) and everything he posted will remain with the name "deleted user xxx" next to it as poster name.
Click to expand...
Ummm, i kinda deleted the accounts as was suggested by Alvin63 and i'm still able to see all of the former(*now unidentified) Users posted content.

Like, all of it—DMs and regular posts throughout the forum.

i also just went through another deleted Users DMs & briefly looked over some of their regular public posts too.
 
CuriousFiend said:
Ummm, i kinda deleted the accounts as was suggested by Alvin63 and i'm still able to see all of the former(*now unidentified) Users posted content.
Click to expand...
Yes exactly, that's how it should be working.
Like I said... all users posted content remains present. I explained that on page 2:
xenforo.com

Deleted member querying data removal - GDPR

which can include IP addresses, Careful with that. I purposefully keep IP addresses - even after deletion of accounts - for 30 days, longer if the IP address came up in a ban. The rationale I give for this is because while the spirit of the GDPR is privacy, this does not extend to a miscreant...
xenforo.com xenforo.com

As for the DM's, yes, indeed, I was mistaken about those, confused those with spam cleaning. I just edited my post and put a line through the DM part as that was a mistake on my behalve.
Indeed the DM's stay, because maybe some important info was shared with other users by DM and then they would be losing all information which they got at any time per DM, which would not be fair to them.
So to me this seems working as designed.
 
Black Tiger said:
Yes exactly, that's how it should be working.
Like I said... all users posted content remains present. I explained that on page 2:
xenforo.com

Deleted member querying data removal - GDPR

which can include IP addresses, Careful with that. I purposefully keep IP addresses - even after deletion of accounts - for 30 days, longer if the IP address came up in a ban. The rationale I give for this is because while the spirit of the GDPR is privacy, this does not extend to a miscreant...
xenforo.com xenforo.com

As for the DM's, yes, indeed, I was mistaken about those, confused those with spam cleaning. I just edited my post and put a line through the DM part as that was a mistake on my behalve.
Indeed the DM's stay, because maybe some important info was shared with other users by DM and then they would be losing all information which they got at any time per DM, which would not be fair to them.
So to me this seems working as designed.
Click to expand...
Yep. i can confirm that you're absolutely on point.

i also agree with your perspective too and so took precautionary measures prior to deletion yesterday afternoon—just in case things vanished altogether,...

...and frankly i am certain this individual is doing this merely for fun.

aussiefooty said:
Ban his ip address.
Click to expand...
💥🙂👍
Worked a treat mate, cheers.

Alvin63 said:
I would make a note of his email address, then close his original account and email him saying "Please note your account has been deleted and all personally identifying data removed as per GDPR requirements".

When you delete the account it removes everything he posted on the forum (although I think conversations remain but instead of his name it will say deleted user 264 or similar. So when you delete the account, opt to choose to replace the name with "deleted user xxxx" - the option comes up to do that. He then has no need to go on the forum and remove his stuff. However his stuff will remain on the forum under the name "deleted user xxxxxxx" so it's anonymised.

He may email back saying - my photos and videos are still showing and those are personally identifying email. To which you reply "Please read the terms and conditions - your email and ip address and any other personally identifying info have been deleted from the database. Your content has been anonymised. If you find anything that personally identifies you, please send me the url and I will remove that photo/post.

You're then left with all the other accounts. I'd stick those in the separate usergroup for now with a view to deleting them later if all goes quiet.

Others will know more about banning IP addresses. Personally I would look at reporting him as a spammer so his Ip address is blacklisted. If he was determined, he could use a VPN and different IP addresses though.



Do you have that in writing? He has confirmed he is hacking the forum and has made threats to continue to do so. You could possibly report him to the police. Whether you'd want to or not is another matter.
Click to expand...
Again, i'm genuinely appreciative for the wisdom and advice.

🙂Thank you to each of you.

All five of his accounts were deleted as of yesterday avo.

Shortly thereafter a notice was sent to his main (*¿real?) email address. (*which i'd received when registering at his ######## forum.)

[*Screenshots]
IMG_20230502_185823.jpg
[*and he responded.]
IMG_20230502_192155.png
[🤔 - "but to chill? I can go undercover." ?]
👇[*His 5—now deleted—accounts.]
IMG_20230502_192210.png
IMG_20230502_192219.png
[*😒aaaand yet he tried sneaking back in again earlier today,...

...pretending to be Australian this time.
IMG_20230502_192232.png
[*Immediately deleted.]
 
CuriousFiend said:
Thanks for sharing your wise insight, really do appreciate the assistance.

Wondering whether i ought to do that with all 5 of his email addresses, as if they're from separate individuals—or just the first one he used?


These are really good ideas.


Definitely going to do all of this.


And this too.


i can appreciate that and yeah him using a VPN is also a concern too.


😄Yep, screenshotted all of his nonsensically offensive correspondence from both my forum's DMs & from his forum's DMs too.

Since he's proactively smearing me by repeatedly-falsely throwing around accusations in public on my forum i wanted to show proof that he's lying, so i made a locked thread for members to see some of the correspondence for themselves.
(*Blanked out his Username)


Below is a tiny sample, though i've blanked out the alias i'd given for him as well as swear words.

[*These took place via DMs on his forum during his first "hacking" campaign.]
View attachment 285392View attachment 285393View attachment 285394
Difficult to ascertain context from this alone, and frankly i don't know what "refreshing it a few hundred times" means, though suspect its some kind of hacking.

There are much more overt threats, however i just haven't the time to go through hundreds of his hysterical DMs right now.

Anyways, thank you kindly for your very helpful insight and suggestions.

Am going to go note his emails now, and prepare a response email as you've outlined.

🙂Cheers
Click to expand...
Not me you should be thanking - I picked all this up from others earlier in this thread!
 
CuriousFiend said:
Yep. i can confirm that you're absolutely on point.

i also agree with your perspective too and so took precautionary measures prior to deletion yesterday afternoon—just in case things vanished altogether,...

...and frankly i am certain this individual is doing this merely for fun.


💥🙂👍
Worked a treat mate, cheers.


Again, i'm genuinely appreciative for the wisdom and advice.

🙂Thank you to each of you.

All five of his accounts were deleted as of yesterday avo.

Shortly thereafter a notice was sent to his main (*¿real?) email address. (*which i'd received when registering at his ######## forum.)

[*Screenshots]
View attachment 285433
[*and he responded.]
View attachment 285434
[🤔 - "but to chill? I can go undercover." ?]
👇[*His 5—now deleted—accounts.]
View attachment 285435
View attachment 285436
[*😒aaaand yet he tried sneaking back in again earlier today,...

...pretending to be Australian this time.
View attachment 285437
[*Immediately deleted.]
Click to expand...
Quick update just found a 7th Sock account awaiting approval and😬 the nzfsf site is also currently under DDoS attack—yet again.

Xenforo support has enabled DDoS protection thankfully.
 
Alvin63 said:
Is there any way you can find the source of these DDos attacks?
Click to expand...
Well tbh i don't know how to do stuff like that aye, but i did try admin IP tracing thing we can do—as well as using the WHOIS IP website.

Apparently the IPs are known VPNs.

Dunno if it would help but i do know the guy is Dutch and i know the website he runs because i'm a member of his deserted discussion forum.

However i must also add an update here;

Discovered new info late last night while trying to find my websites domain name information...

...turns out a certain technician i'd hired & recently fired—logged in to my Xenforo customer account yesterday, which got me thinking and wondering how can he do that—& why.

Eventually i found the DNS registrar for my forums name,...

😕...my websites domain name is currently listed with the technician named as the registrant.

i don't know if the tech could use that control to cause the more recent issues we've experienced.

Though i'm starting to think that he probably can—and may be trying to do it in a way so i think it's still caused by the hacker.

Really not sure what's going on now aye, i'm kinda lost about how to deal with it and i only just woke up so haven't checked my forum yet—although i did notice a couple of members emails appear to suggest nzfsf.nz(*my actual forum) may have been completely shut down last night...

...tbh i'm not eager to check😨
 
CuriousFiend said:
Well tbh i don't know how to do stuff like that aye, but i did try admin IP tracing thing we can do—as well as using the WHOIS IP website.

Apparently the IPs are known VPNs.

Dunno if it would help but i do know the guy is Dutch and i know the website he runs because i'm a member of his deserted discussion forum.

However i must also add an update here;

Discovered new info late last night while trying to find my websites domain name information...

...turns out a certain technician i'd hired & recently fired—logged in to my Xenforo customer account yesterday, which got me thinking and wondering how can he do that—& why.

Eventually i found the DNS registrar for my forums name,...

😕...my websites domain name is currently listed with the technician named as the registrant.

i don't know if the tech could use that control to cause the more recent issues we've experienced.

Though i'm starting to think that he probably can—and may be trying to do it in a way so i think it's still caused by the hacker.

Really not sure what's going on now aye, i'm kinda lost about how to deal with it and i only just woke up so haven't checked my forum yet—although i did notice a couple of members emails appear to suggest nzfsf.nz(*my actual forum) may have been completely shut down last night...

...tbh i'm not eager to check😨
Click to expand...
To be honest, your tech is also a member here, maybe it’s time to reveal his name so this can be put to an end. I’ll help you - PM me on AJ.
 
CuriousFiend said:
Well tbh i don't know how to do stuff like that aye, but i did try admin IP tracing thing we can do—as well as using the WHOIS IP website.

Apparently the IPs are known VPNs.

Dunno if it would help but i do know the guy is Dutch and i know the website he runs because i'm a member of his deserted discussion forum.

However i must also add an update here;

Discovered new info late last night while trying to find my websites domain name information...

...turns out a certain technician i'd hired & recently fired—logged in to my Xenforo customer account yesterday, which got me thinking and wondering how can he do that—& why.

Eventually i found the DNS registrar for my forums name,...

😕...my websites domain name is currently listed with the technician named as the registrant.

i don't know if the tech could use that control to cause the more recent issues we've experienced.

Though i'm starting to think that he probably can—and may be trying to do it in a way so i think it's still caused by the hacker.

Really not sure what's going on now aye, i'm kinda lost about how to deal with it and i only just woke up so haven't checked my forum yet—although i did notice a couple of members emails appear to suggest nzfsf.nz(*my actual forum) may have been completely shut down last night...

...tbh i'm not eager to check😨
Click to expand...
Sounds like you need to change your password.
Also let the guys from xenforo know about this via a support ticket. They might be able to prevent the DDOS attacks from going ahead.
 
You must log in or register to reply here.

Similar threads

alfaNova
GDPR Compliance
Replies
8
Views
167
Mr Lucky
Mr Lucky
H
GDPR Terms and Conditions
Replies
4
Views
703
HBOB
H
Shion
  • Question Question
XF 2.1 Deleted Member Posts Break
Replies
1
Views
251
Chris D
Chris D
Stuart Wright
  • Question Question
XF 2.1 GDPR SAR subject access request queries
2 3
Replies
51
Views
5K
Chris D
Chris D
R
  • Suggestion Suggestion
Lack of interest GDPR: Data retention for banned accounts
Replies
3
Views
711
Alpha1
Alpha1
Back
Top Bottom