Warnings of hacked accounts

[exxos]

We are starting to see what appears to be hacked user accounts. Accounts here cannot be easily brute forced or hacked in any normal ways. It might be down to those leaked passwords which been talked about in the news this past week.

Today's account had 67 posts in a repair thread which looks legit and the account had been active until a couple months ago. Then started with dating sites spam. The moderation team quickly caught it and deleted the posts and we have forced account reactivation as we think it's a compromised password.

What wasn't so obvious, was the signature had also been altered with dating site spam.

Its getting increasingly hard to weed the fake users from real users lately. Plus fake and old accounts can be used for spamming. I've already removed inactive accounts over a year old just to be on the safe side.

So can all our forum users please keep a eye out for obvious spam, not just in posts but in signatures. Use the report post button if suspect and a moderator will take action if needs be. Some users are on our radar already because of unusual activities already.

:thanksyellow:

[viking272]

Is it possible with phpBB to setup a once a month multi-factor authentication email?
That will protect legitimate users that are inactive, as they will need to authenticate using MFA.
Obviously if the email is hacked too then that presents a problem!

[exxos]

Is it possible with phpBB to setup a once a month multi-factor authentication email?
That will protect legitimate users that are inactive, as they will need to authenticate using MFA.
Obviously if the email is hacked too then that presents a problem!

I'm not aware of it. I can force account reactivations, but a lot of people never changed from hotmail etc, so it wouldn't work :(

I did wonder on the way home, if the user in question password is compromised , the googlemail account could also be compromised.. If the user comes back, spamming again.. then what ? We have no choice but to ban that user.

Its all a bit of a problem, as all the "protections" for a forum are mostly for signup and new users. We get thousands of those every week. Its rare they get as far as signing up.

BUT, humans can sign up, its either to gain a reputation to get off the moderated list, then sometime later start spamming.. as we have seen recently. Or users passwords / accounts become compromised where they are already off the moderation list. Then start spamming.

Its one reason not allowing post edits past 2 days are a must.. If a few regular members accounts got hacked, and had thousands of posts, each one could be edited with spam.. it would destroy the forum very quickly. There is basically no protection, or moderation, for registered users.. That is what's worrying me right now..

I said earlier today in fact, normally when something like this happens, it opens the flood gates to similar happening.. thats whats worrying.. The only workaround is every single user on the forum gets moderated.. but that's a lot of work for the moderators then. Or fall back to a automated service like CleanTalk, but detection isn't perfect and its a bit slow for real time stuff. I think it would overall do more harm than good.

MFA could possible be done, but it would likely involve credit cards. Where for example they, make a £1 donation, so then chances are they are a legit user. But it doesn't solve the hacked accounts issue. It also would cause problems with those who don't have a credit card.

Also we been talking about scanning the database every day for typical spam stuff.. but its likely not going to be perfect either.

I've thought about multiple ways to deal with it all.. but as we are a small forum, I hope things won't progress any more.. and we can just depend on the community to keep itself safe. Then if it starts to become a fulltime job with spam, then more drastic type action will have to be taken..