Compromised Forum Admin

Jagster · June 4, 2023, 1:35pm

And my Fail2ban agrees. Script kiddies and badly behaving adults are different story IF they are using static IP. That isn’t situation too often when used mobiles for example. And you know very well the most used system to hide IP

Lilly · June 4, 2023, 1:41pm

i don’t disagree generally, but of course FailtoBan helps. but there’s certainly no reason not to block his IP and every reason to do so.

Lilly · June 4, 2023, 1:45pm

have you seen this yet?

ondrej · June 4, 2023, 3:37pm

Definitely best they are off the site. As you said they can always create new accounts etc. Although is that suspension reason something you want to ‘advertise’ to new users who wouldn’t know about this rogue admin? If you get what I’m saying?

@Stephen I agreee haha definitely for that username

Jagster · June 4, 2023, 4:07pm

Most of ISPs recycles IP-addresses. When that bad apple changes his/hers IP next one gets it. Hopefully that customer doesn’t work with Discourse then

Most of the world doesn’t use unchange static IPs.

Lilly · June 4, 2023, 5:24pm

did you review new accounts for suspicious activity? i would be looking closely at all new accounts created recently. if you haven’t already, review activity of any users associated with his account and the impersonated ones.

codergautam · June 5, 2023, 1:58am

there has been an increase in spammers after the ban, and yes we have been looking at new users and especially their emails, we noticed that most of the spammers use weird custom email domains.

MikeNolan · June 5, 2023, 4:41am

Well, THAT part doesn’t sound so unusual, I’ve noticed on other platforms (not Discourse yet) that spammers come in waves of similarity, sometimes the IP addresses are similar, sometimes the email addresses are similar, etc. I think it has to do with spammer dark web sites (wow, that sounds like a cliche) that offer suggestions if not cookbooks about what works on certain sites, or what bypasses the latest spam filters, etc.

Canapin · June 5, 2023, 12:33pm

Yes, it may cause confusion, and some even may not have access to their email if they registered a long time ago (especially in the case of a forum that was migrated from another platform).

But if their password isn’t changed, I think it’s fair to consider them as compromised (even if it’s potentially).

system · July 5, 2023, 12:33pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Different password reset for wrong username/email Feature	65	27647	August 4, 2023
Pwned Passwords Validator Plugin	37	4463	October 14, 2019
Can true private messages be implemented? Feature	29	5454	March 9, 2020
Discourse hacked via sophisticated social engineering Site feedback	9	7193	May 21, 2018
Preserving user sessions when migrating between hosts Installation	18	1741	October 8, 2020

Compromised Forum Admin

Related Topics