2024-05-03, 09:45 PM
For some time now, I’ve had inactive accounts where a spam is suddenly posted. I originally thought these were just patient spammers who created accounts and sometimes waited YEARS to post. However, several recent cases have involved accounts that had previous on-topic posts. Then I read about credential stuffing attacks (which work because too many people use the same password in many places – probably especially on forum accounts) and it occurred to me that that’s probably what’s happening to me as well. I’ve also noticed some even subtler ones where some old account with legit posts suddenly gets a signature, bio or website selling Viagra.
So, could delete the account (Not purge - I assume a simple account delete leaves the posts?) but if the “victim” ever comes back he might be disappointed.
I could reset the account password – it looks like I would have to do this via SQL? And if so, I’m not sure if a password change logs the user out? (Perhaps I would also need to delete any rows matching his UID in the sessions table?) Is there a feature or plug-in that does this?
And if I did this, I could alert the user by email – but that brings up another question: Can I tell if the email address currently on the account is the one the user originally registered with? (Without looking at an old DB backup?) I’d hate to send an email to a spammer telling him he needs to reset his password because a spammer is in his account. (And I guess the spammer would be able to reset it in this case.)
Any thoughts on how people are handling this sort of thing?
So, could delete the account (Not purge - I assume a simple account delete leaves the posts?) but if the “victim” ever comes back he might be disappointed.
I could reset the account password – it looks like I would have to do this via SQL? And if so, I’m not sure if a password change logs the user out? (Perhaps I would also need to delete any rows matching his UID in the sessions table?) Is there a feature or plug-in that does this?
And if I did this, I could alert the user by email – but that brings up another question: Can I tell if the email address currently on the account is the one the user originally registered with? (Without looking at an old DB backup?) I’d hate to send an email to a spammer telling him he needs to reset his password because a spammer is in his account. (And I guess the spammer would be able to reset it in this case.)
Any thoughts on how people are handling this sort of thing?