Member account hacked

webbouk

webbouk

Well-known member
Late last night we had a new user register and 30minutes later they had requested a change of email address of a regular member, then posted to sell an item which was basically a scam.

The IP address of the 'new user' is 95.153.31.92 which has recently been reported for 'forum spam'
Their email domain is: @conisocial.it

No other accounts have been compromised, but I would be interested to know if anyone else has had similar, and more importantly how they managed to do so.

1618732719780.webp

The hacker's registration email was the same email domain but different account/alias to the one they changed the members to.
The member has had his account security locked pending password reset and email address changed to that of another he used and has access to.
 
Sort by date Sort by votes
We had a similar situation today.

Bad guy got in and posted three fraudulent classifieds ads.

Bad guy did not change the email or the password, but was connecting from a new proxy IP.

The scammer also changed the stated member's location, and turned off all the notices.

This has happened a couple times now. A bad guy gets in, starts posting scam ads. The bad guy is either able to bypass the password, or somehow find the password to the account somehow.

I would be very interested in some professional help on this issue.
 
Upvote 1 Downvote
Brogan said:
Password reuse is the typical cause.
Click to expand...
Or worse is when a staff member uses a password containing the name of a topic he/she is passionate about. Don't ask how we know this.

Paul McM said:
I would be very interested in some professional help on this issue.
Click to expand...
It could be a weak, compromised password.

A password addon might be helpful.

xenforo.com

Password Tools

Password Tools Description Source This modification mostly follows the principles of Dan Wheelers password strength estimator zxcvbn. It does not weight password strength by their combination of upper/lower letters, special characters and...
xenforo.com xenforo.com

One option this addon has is this:

1645311852588.webp

I use that and a security addon which helps us lock down compromised staff accounts:

xenforo.com

[DBTech] DragonByte Security

DragonByte keeps a watchful eye over your forum even when you are not there, and has the capability to alert you of any suspicious activity. Uses DragonByte is the ideal product for forums that are concerned about security, or wish to be alerted...
xenforo.com xenforo.com
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

A
Can someone effectively close their own account?
Replies
12
Views
343
Mendalla
Mendalla
Foxtrek_64
  • Suggestion Suggestion
Connected Account Providers Overhaul
Replies
11
Views
501
MaximilianKohler
M
A
  • Locked
  • Question Question
Your account has been rejected for the following reason: Location does not match connection.
Replies
1
Views
970
Paul B
P
TheDoug
  • Question Question
XF 2.2 Account rejected phrases shown on screen changed?
Replies
4
Views
640
TheDoug
TheDoug
S
Need developer help with integrating Stripe "Customer Portal" into member account
Replies
5
Views
914
Forsaken
Forsaken
Back
Top Bottom