Member account hacked

webbouk

webbouk

Well-known member
Late last night we had a new user register and 30minutes later they had requested a change of email address of a regular member, then posted to sell an item which was basically a scam.

The IP address of the 'new user' is 95.153.31.92 which has recently been reported for 'forum spam'
Their email domain is: @conisocial.it

No other accounts have been compromised, but I would be interested to know if anyone else has had similar, and more importantly how they managed to do so.

1618732719780.webp

The hacker's registration email was the same email domain but different account/alias to the one they changed the members to.
The member has had his account security locked pending password reset and email address changed to that of another he used and has access to.
 
Sort by date Sort by votes
We had a similar situation today.

Bad guy got in and posted three fraudulent classifieds ads.

Bad guy did not change the email or the password, but was connecting from a new proxy IP.

The scammer also changed the stated member's location, and turned off all the notices.

This has happened a couple times now. A bad guy gets in, starts posting scam ads. The bad guy is either able to bypass the password, or somehow find the password to the account somehow.

I would be very interested in some professional help on this issue.
 
Upvote 1 Downvote
Brogan said:
Password reuse is the typical cause.
Click to expand...
Or worse is when a staff member uses a password containing the name of a topic he/she is passionate about. Don't ask how we know this.

Paul McM said:
I would be very interested in some professional help on this issue.
Click to expand...
It could be a weak, compromised password.

A password addon might be helpful.

xenforo.com

Password Tools

Password Tools Description Source This modification mostly follows the principles of Dan Wheelers password strength estimator zxcvbn. It does not weight password strength by their combination of upper/lower letters, special characters and...
xenforo.com xenforo.com

One option this addon has is this:

1645311852588.webp

I use that and a security addon which helps us lock down compromised staff accounts:

xenforo.com

[DBTech] DragonByte Security

DragonByte keeps a watchful eye over your forum even when you are not there, and has the capability to alert you of any suspicious activity. Uses DragonByte is the ideal product for forums that are concerned about security, or wish to be alerted...
xenforo.com xenforo.com
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

A
Merged accounts and lost email login
Replies
6
Views
192
Alvin63
A
A
What exactly does banning prevent?
2 3 4
Replies
63
Views
2K
philmckrackon
philmckrackon
R
  • Question Question
XF 2.1 Frustrating email problems - New account confirmation and Contact form
Replies
6
Views
609
Black Tiger
Black Tiger
woody
  • Question Question
XF 2.2 Rejected member approval issue
Replies
8
Views
375
woody
woody
Ludachris
  • Question Question
XF 2.2 Question about the 2FA process in XF
Replies
1
Views
917
Kirby
K
Top Bottom