XF 2.2 Old users are becoming SPAM everyday !

S

Sadiq6210

Well-known member
Hello

Recently I upgraded our forum from 2.2.8 to latest version and I noticed that many old users are becoming SPAM everyday (5 to 10 old memberships are stolen everyday and posting spam threads). I can't see any relation between the upgrade and the issue, however, this is what happened. Is it a coincidence? Is this a new method of SPAM attacking to steal the users accounts instead of new registration? I mean I am moderating this forum since 2006, moved to Xenforo since 2015 and I didn't face something similar.

Currently I am trying to control the SPAM posts by banning many valuable old users everyday.
Anyone is facing same issue? and advise?
 
Sort by date Sort by votes
It has nothing to do with upgrading XenForo.

First post approval is one way. I use this on one of my forums and it works fine. Also, old accounts may have been hacked.
 
Upvote 0 Downvote
BassMan said:
It has nothing to do with upgrading XenForo.

First post approval is one way. I use this on one of my forums and it works fine. Also, old accounts may have been hacked.
Click to expand...
Yes I fully understand and as mentioned don’t see any link between the issue and the upgrade, however, there is something abnormal 😑 I didn’t notice any exist membership becoming spam in last 19 years and now suddenly there are more than 5 users everyday! Unless there is new spam technique or our forum under spam attack
 
Upvote 0 Downvote
There have been some major password breaches recently. I did a forced password reset to ALL users a couple years back (drastic measure) and have also forced complex passwords.
 
Upvote 0 Downvote
I would try to figure out a pattern and still tried manually banning them for a few days. It is obvious those accounts are controlled by spammers and not the "real" users.
 
Upvote 0 Downvote
What last visit cutoff date are people using for the password reset? <2015? Right now I have 200k members this would affect. Will this process kill my server like deletion does?
 
Upvote 0 Downvote
I did a forced reset to all users in Aug 2021...at that point, 150,000 total accounts. 6 months later, over 25,000 accounts had completed the reset. Dealing with the users who no longer have access to their registration email is a PITA...I still deal with that every week.

Good luck "reaching" those users....
woody

Thread 'Announcement when accounts are security locked'

What options should I select for users to see an Announcement when accounts are security locked? Currently, User Criteria includes: Usergroups...unregistered and registered (which covers EVERY member account....unless they are in a state of security locked....so....)

I have played with a few settings, and EVERY combo I try fails to display it to members when their account is locked.

Brogan said:
If you reset all accounts isn't that everyone?
Click to expand...
 
Upvote 0 Downvote
James said:
Force password resets
Force two factor authentication
Click to expand...
If it is an issue with password reuse, using a haveibeenpwned integration (aka my free add-on) and enforce 2fa on login with a compromised password helps alot. This add-on can also force password resets if they have a compromised password.

Resource icon X

Password Tools

Cause safer passwords are better passwords.
 
Last edited:
Upvote 1 Downvote
You must log in or register to reply here.

Similar threads

billybatz9
Spam! Everyday
2 3
Replies
43
Views
6K
Paul B
Paul B
Top Bottom