1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

someone steal my forum users

Discussion in 'Forum Management' started by marioman, Dec 11, 2015.

  1. marioman

    marioman Active Member

    hi,

    i have XenForo 1.3.1 Patched
    i have someone sending URL to users on conversations and steal there password
    this is example of his link used

    <Removed>

    what should i do to stop him ?
    he threatened us because we are using Xenforo
     
    Last edited by a moderator: Dec 11, 2015
  2. wang

    wang Well-Known Member

    Can you restict sending of private messages only to trusted groups. You can make a group promotion based on message count and other criterias and then allow members to send messages in private if they belong to that group. Is there any reason btw, why you are using an older version of xenforo? For security reasons one must always use the latest version.
     
  3. marioman

    marioman Active Member

    only users have 50 posts allowed to send conversation
    but he stolen more than 200 users in past ( as he said in his threat ) and using it to steal more
    he use threads and posts in the forum also
     
  4. Martok

    Martok Well-Known Member

    How exactly is he 'stealing' passwords with these links?

    Why haven't you just banned his account & IP address?
     
  5. wang

    wang Well-Known Member

    I assume that you banned that user 's account? Have you used the censorship option to censor that link?
     
  6. marioman

    marioman Active Member

    i don't know how so i opened this topic to know
    i banned his account but he return every day with a new one from his stolen list

    i did that but i think he will find another domain
    i need to know how this link cause users lost there accounts
     
  7. Dakota Storm

    Dakota Storm Well-Known Member

    You need to tell your users not to click any untrusted links, they should know this anyway, I'd also advise updating your install to the latest version.
     
  8. marioman

    marioman Active Member

    i did that, is there security issues in this version ?
     
  9. Kevin

    Kevin Well-Known Member

    Nobody can answer that until you clarify how he/she is "stealing passwords" by having users click on a link.
     
  10. marioman

    marioman Active Member

    i don't know yet
    i tested the link in another browser and nothing happen
     
  11. Dakota Storm

    Dakota Storm Well-Known Member

    That link redirects to

    Screenshot_2015-12-11-16-21-00.png


    The root of the domain houses a typical click bate site

    Screenshot_2015-12-11-16-23-34.png

    Malware heaven.
     
  12. marioman

    marioman Active Member

    i think he using fishing
    page just like our login page
     
  13. Dakota Storm

    Dakota Storm Well-Known Member

    Link to your site?
     
  14. Amaury

    Amaury Well-Known Member

    Agreed. Being a third-point version or two behind is one thing, but being two second-point versions behind is another.
     
  15. Dakota Storm

    Dakota Storm Well-Known Member

    I know of at least one site that still uses 1.1 or something like that.
     
  16. Infopro

    Infopro Active Member

    The actual URL in the first post should be edited so no one opens it.
     
  17. Dakota Storm

    Dakota Storm Well-Known Member

    No, there's nothing on that link that has anything to do with fishing
     

Share This Page