Spammers posting through existing accounts with no need to login?

Goldoff

Member
And, worse, with no need of stealing such account.

The fact is that since a week ago or so I am getting some spam messages posted by users with little or no activity, but registered years ago. All IP's are located next, and the message is tipically a link to a Telegram channel related to crypto.

It is not a flood, and actually doesn't pose a problem by now. The thing that seems scary is that it seems to avoid the pwd system. At least, the spammer doesn't leave track of having reset such pwd in the log...

Is anyone else experiencing this problem?
 
Last edited:
I was about to make a thread on this. Several threads from different established ids were created on our forum as well today.
 
We've had 2 accounts that were created a few years ago that had valid threads but are now posting spam links. Wondering what was going on.
 
I've been getting it on all my vbulletin and Xenforo sites, I quick google of the spam shows it's on every type of comment system, which leads me to believe that it's robot spam using credentials from a huge data breach.
 
Same thing here, mostly dormant but shared IP show also some moderators with 2FA enabled which is alarming !
Server log show some repetitive schema that spammers are using.
 
All my spam came from a single Moldovan IP address (109.107.166.230) so it was fairly easy to find affected users. I set a custom ban message informing the user their credentials were compromised and to contact me for assistance recovering their account. Only 6 so far and 1 on another forum I manage which uses SMF.
 
Last edited:
All my spam came from a single Moldovan IP address (109.107.166.230) so it was fairly easy to find affected users. I set a custom ban message informing the user their credentials were compromised and to contact me for assistance recovering their account. Only 6 so far and 1 on another forum I manage which uses SMF.

Just one here on that IP and I’d already set old accounts to ‘User must reset password’ so he didn’t get anywhere.
 
I've just batch-updated all my dormant accounts on one of the sites being hit to "Locked: User must reset password" state, hopefully, that helps stop some of it.
I just did this one a test user and nothing happened. They were able to continue using the site, log out and log in again. No requirement to rest password.
 
I did a test too and it worked, the user can't interact with the site unless he resets the password. Btw the test user was already logged in.
 
Back
Top Bottom