Member account hacked

webbouk

Well-known member
Late last night we had a new user register and 30minutes later they had requested a change of email address of a regular member, then posted to sell an item which was basically a scam.

The IP address of the 'new user' is 95.153.31.92 which has recently been reported for 'forum spam'
Their email domain is: @conisocial.it

No other accounts have been compromised, but I would be interested to know if anyone else has had similar, and more importantly how they managed to do so.

1618732719780.png

The hacker's registration email was the same email domain but different account/alias to the one they changed the members to.
The member has had his account security locked pending password reset and email address changed to that of another he used and has access to.
 

Paul McM

Member
We had a similar situation today.

Bad guy got in and posted three fraudulent classifieds ads.

Bad guy did not change the email or the password, but was connecting from a new proxy IP.

The scammer also changed the stated member's location, and turned off all the notices.

This has happened a couple times now. A bad guy gets in, starts posting scam ads. The bad guy is either able to bypass the password, or somehow find the password to the account somehow.

I would be very interested in some professional help on this issue.
 

Wildcat Media

Well-known member
Password reuse is the typical cause.
Or worse is when a staff member uses a password containing the name of a topic he/she is passionate about. Don't ask how we know this.

I would be very interested in some professional help on this issue.
It could be a weak, compromised password.

A password addon might be helpful.


One option this addon has is this:

1645311852588.png

I use that and a security addon which helps us lock down compromised staff accounts:

 
Top