Credential stuffing spammers
#1
For some time now, I’ve had inactive accounts where a spam is suddenly posted. I originally thought these were just patient spammers who created accounts and sometimes waited YEARS to post. However, several recent cases have involved accounts that had previous on-topic posts. Then I read about credential stuffing attacks (which work because too many people use the same password in many places – probably especially on forum accounts) and it occurred to me that that’s probably what’s happening to me as well. I’ve also noticed some even subtler ones where some old account with legit posts suddenly gets a signature, bio or website selling Viagra.

So, could delete the account (Not purge - I assume a simple account delete leaves the posts?) but if the “victim” ever comes back he might be disappointed.

I could reset the account password – it looks like I would have to do this via SQL? And if so, I’m not sure if a password change logs the user out? (Perhaps I would also need to delete any rows matching his UID in the sessions table?) Is there a feature or plug-in that does this?

And if I did this, I could alert the user by email – but that brings up another question: Can I tell if the email address currently on the account is the one the user originally registered with? (Without looking at an old DB backup?) I’d hate to send an email to a spammer telling him he needs to reset his password because a spammer is in his account. (And I guess the spammer would be able to reset it in this case.)

Any thoughts on how people are handling this sort of thing?
Reply
#2
If you like I suggest my reCAPTCHA for Login plugin ,Prevent Users to login with bot software and insert threads
Reply
#3
Ban the users and wait for them to contact you.
Soporte en Español

[Image: signature.png]

Discord at omar.gonzalez (Omar G.#6117); Telegram at @omarugc;
Reply
#4
This simple plugin may also help: https://github.com/dvz/mybb-breachshield
devilshakerz.com/pgp (DF3A 34D9 A627 42E5 BC6A 6750 1F2F B8AA 28FF E1BC) ▪ keybase.io/devilshakerz
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)