• Xenforo forums over the past few months have been seeing spam posts from existing user accounts. Bots hitting forums using lists of emails/passwords leaked elsewhere. We strongly recommend that all users change their password ASAP.

Concerned, please advise.

Sunspots

Sunspots

To Wish Impossible Things
Admin
SF Supporter
#3
#3
Hi

Yes, we've had several spam posts from existing members, some of who are still active on the forums, some who haven't posted for a few years.

We're notifying members as soon as we see any spam posts from their account.

But probably best if you change your password just to be safe.
 
Ash600

Ash600

Of dust and shadows
SF Creative
SF Supporter
#7
#7
Harmony said:
Also if Xenforo bots have access to site passwords wouldn't they also have access to emails registered with this site which ultimately enables them to hack into associated accounts? Should emails be changed as well provided a user has a legit one?
Click to expand...
Exactly what I was thinking. Additionally, was access to a member's account details breached? Just asking as some may have uploaded their actual name, real DOB, as well as a "live" email address linked to other accounts rather than a burner address solely used for sites such as this.
 
H

Harmony

Well-Known member
SF Supporter
#8
#8
Ash600 said:
Exactly what I was thinking. Additionally, was access to a member's account details breached? Just asking as some may have uploaded their actual name, real DOB, as well as a "live" email address linked to other accounts rather than a burner address solely used for sites such as this.
Click to expand...
It's worrisome for sure. Cybersecurity tends to be the last thing on people's minds when they come here for help.
 
Angie

Angie

Admin
SF Author
SF Supporter
#9
#9
From what I understand, this problem originated with a data breach(es) outside of SF, and the bot has come here with info collected elsewhere.

Its purpose seems to be solely to post spam about hookers, (in very bad English also) we've not seen any other/heard of any other activity.

Hope this helps a bit, @Freya is working with our tech on the Xenforo side and I'm sure she can explain much better than me.
 
LumberJack

LumberJack

Huggy Bear 🐻
#11
#11
JFC. I just changed my password, hope it doesn’t get leaked later.

Yeah security is always an afterthought. As someone who has training and experience in data protection, privacy, and risk management, I find this endlessly irritating. Imagine being a doctor and having patients who don’t believe infection is caused by germs. 🤦
 
H

Harmony

Well-Known member
SF Supporter
#19
#19
Ash600 said:
Checking the Xenforo community forums, it seems the breach came from Xenforo's end. Which is not for the first time this has happened it seems. Flaws were exploited to allow for these breaches, results of which has been experienced here.
Click to expand...
Yes, but looking into things here on my end I'm seeing that breach, and that my password to this site was compromised 6 months ago. I'm wondering if the most recent upgrade to Xenforo is something that can rectify those shenanigans as well.
 
You must log in or register to reply here.

Please Donate to Help Keep SF Running

Total amount
$20.00
Goal
$255.00
Donate View
Top