Increase in Spam from old accounts

Dkf

Active member
Hello everyone,

I've noticed an increase in spam from old accounts over the past few days. These are accounts that haven't posted on the forum for many years. All the spam is advertising "Top-notch Casual Dating".

After analyzing other forums, I've noticed the same thing happening there too. But the most interesting part is that these forums operate on different platforms.

XenForo - https://pika-network.net/threads/top-notch-sasual-dating-verified-maidens.390411/
Vbulletin - https://www.nissan-club.org/board/showthread.php?t=53559
Invision Community - https://ecuforum.ru/topic/9982-genuine-damsels-top-notch-sasual-dating/

How does this spammer manage to simultaneously hack into forums that use different software?
 
I've come up with an idea to develop a plugin for XenForo. It will utilize the API of the service https://haveibeenpwned.com/API/v3 to check if a user's password has been compromised. If it has, the user will be notified via email and either be blocked or prompted to change their password in some way...
 
Hello everyone,

I've noticed an increase in spam from old accounts over the past few days. These are accounts that haven't posted on the forum for many years. All the spam is advertising "Top-notch Casual Dating".

After analyzing other forums, I've noticed the same thing happening there too. But the most interesting part is that these forums operate on different platforms.

XenForo - https://pika-network.net/threads/top-notch-sasual-dating-verified-maidens.390411/
Vbulletin - https://www.nissan-club.org/board/showthread.php?t=53559
Invision Community - https://ecuforum.ru/topic/9982-genuine-damsels-top-notch-sasual-dating/

How does this spammer manage to simultaneously hack into forums that use different software?
Another way is to delete the old users and send them an email about their accounts being banned and how they have to sign up again with a new one.
 
There was a massive data breach leak recently.
I think there have been some other massive breach recently which hasn't found it's way into haveibeenpwned, as I've been seeing this 'casual dating' spam my own sites and only a few of them are being caught by the Password Tools forcing email 2fa if the password is detected as compromised.

Another way is to delete the old users and send them an email about their accounts being banned and how they have to sign up again with a new one.
This isn't enough. I'm seeing active accounts being compromised with this.
 
The spammers usually get access to these old accounts by working through big databases of compromised email/password or username/password combinations. Of course this is done automatically with bots; each request a new ip address. That is why you cannot get rid of them by banning IP addresses or user accounts after X login attempts.

A good add-on, that can mitigate this issue is this one by @DragonByte Tech


It has a feature, that adds a CAPTCHA to the login form. This will stop practically all such login attempts by bots.
 
This isn't enough. I'm seeing active accounts being compromised with this.
Hence why I suggested that we need a third security lock option :)

 
I think there have been some other massive breach recently which hasn't found it's way into haveibeenpwned, as I've been seeing this 'casual dating' spam my own sites and only a few of them are being caught by the Password Tools forcing email 2fa if the password is detected as compromised.


This isn't enough. I'm seeing active accounts being compromised with this.
Oh ok.
Hence why I suggested that we need a third security lock option :)

Maybe that might help if it's added in.

Along with sending out an email to those that still use the account saying that their account will be nuked in 24 hours if it's misused.
 
Top Bottom