Spammers posting through existing accounts with no need to login?

Goldoff

Goldoff

Member
Licensed customer
And, worse, with no need of stealing such account.

The fact is that since a week ago or so I am getting some spam messages posted by users with little or no activity, but registered years ago. All IP's are located next, and the message is tipically a link to a Telegram channel related to crypto.

It is not a flood, and actually doesn't pose a problem by now. The thing that seems scary is that it seems to avoid the pwd system. At least, the spammer doesn't leave track of having reset such pwd in the log...

Is anyone else experiencing this problem?
 
Last edited:
I was about to make a thread on this. Several threads from different established ids were created on our forum as well today.
 
We've had 2 accounts that were created a few years ago that had valid threads but are now posting spam links. Wondering what was going on.
 
Me too. Valid but dormant accounts, up to 11 years old, suddenly trying to post spam, last few days.
 
I've been getting it on all my vbulletin and Xenforo sites, I quick google of the spam shows it's on every type of comment system, which leads me to believe that it's robot spam using credentials from a huge data breach.
 
Same thing here, mostly dormant but shared IP show also some moderators with 2FA enabled which is alarming !
Server log show some repetitive schema that spammers are using.
 
All my spam came from a single Moldovan IP address (109.107.166.230) so it was fairly easy to find affected users. I set a custom ban message informing the user their credentials were compromised and to contact me for assistance recovering their account. Only 6 so far and 1 on another forum I manage which uses SMF.
 
Last edited:
Same here, a two year dormant account and yesterday a crypto spam post with a link to telegram..
 
Overscan said:
All my spam came from a single Moldovan IP address (109.107.166.230) so it was fairly easy to find affected users. I set a custom ban message informing the user their credentials were compromised and to contact me for assistance recovering their account. Only 6 so far and 1 on another forum I manage which uses SMF.
Click to expand...

Just one here on that IP and I’d already set old accounts to ‘User must reset password’ so he didn’t get anywhere.
 
Found 4 other old accounts affected searching with the ip mentioned above, will lock them too.
 
z3r010 said:
I've just batch-updated all my dormant accounts on one of the sites being hit to "Locked: User must reset password" state, hopefully, that helps stop some of it.
Click to expand...
I just did this one a test user and nothing happened. They were able to continue using the site, log out and log in again. No requirement to rest password.
 
I did a test too and it worked, the user can't interact with the site unless he resets the password. Btw the test user was already logged in.
 
Mr Lucky said:
I just did this one a test user and nothing happened. They were able to continue using the site, log out and log in again. No requirement to rest password.
Click to expand...
My test account got the following and could do nothing.

1673872027992.webp
 
You must log in or register to reply here.
Back
Top Bottom