Bizarre Banner/Spam Near Header


(Kirupa Chinnathambi) #1

Hi, everyone!
When visiting my discourse forums (http://forum.kirupa.com) a few minutes ago, I see the following:

This is the first time I’ve seen spam displayed like this. Is there something more sinister going on?

Thanks,
Kirupa


(Mittineague) #2

When you go into Admin Staff Actions can you see who Bannered it?


(Kirupa Chinnathambi) #3

Nope. No actions of that sort are showing up there. That’s one of the first places I looked :frowning:


(Rafael dos Santos Silva) #4

http://forum.kirupa.com/t/sell-fresh-cc-cvv-fullz-dumps-bank-login-wu-trf-book-ticket-ship-phones-laptops/323454/2

You should delete the dozens spam topics you have.


(Kirupa Chinnathambi) #5

Thanks! One of our admins pinned this topic, so I sent him an e-mail asking him if someone is accessing his account accidentally. In the admin actions, it shows that this admin also checked the e-mails for about 40-ish people. That doesn’t sound like typical behavior for this person, and the last IP address came from an AWS cluster.

Also, do you know how to quickly detect spam topics? We’ve been deleting them as we see them, and this particular topic is over 5 years old.


(Robby O'Connor) #6

I recommend you install the Akismet plugin


(Mittineague) #7

It looks like you may have imported a bunch you would have been better to not have

http://forum.kirupa.com/users/mizkyxnzce/activity

Search out Banned accounts? Put together a query to Close and Unlist any topics of theirs that exist?

I can’t imagine that it would be a good thing for search engines to find those.


(Kirupa Chinnathambi) #8

Thanks for the suggestion! I’ll do that shortly.

It does seem like somebody accessed the forums through one of our admins’ accounts. They exported the full user list a few hours ago. That can’t be good.


(Alan Tan) #9

It is highly recommended that you follow the steps in

since your instance has most likely been compromised.