And my Fail2ban agrees. Script kiddies and badly behaving adults are different story IF they are using static IP. That isn’t situation too often when used mobiles for example. And you know very well the most used system to hide IP
i don’t disagree generally, but of course FailtoBan helps. but there’s certainly no reason not to block his IP and every reason to do so.
have you seen this yet?
Definitely best they are off the site. As you said they can always create new accounts etc. Although is that suspension reason something you want to ‘advertise’ to new users who wouldn’t know about this rogue admin? If you get what I’m saying?
@Stephen I agreee haha definitely for that username
Most of ISPs recycles IP-addresses. When that bad apple changes his/hers IP next one gets it. Hopefully that customer doesn’t work with Discourse then
Most of the world doesn’t use unchange static IPs.
did you review new accounts for suspicious activity? i would be looking closely at all new accounts created recently. if you haven’t already, review activity of any users associated with his account and the impersonated ones.
there has been an increase in spammers after the ban, and yes we have been looking at new users and especially their emails, we noticed that most of the spammers use weird custom email domains.
Well, THAT part doesn’t sound so unusual, I’ve noticed on other platforms (not Discourse yet) that spammers come in waves of similarity, sometimes the IP addresses are similar, sometimes the email addresses are similar, etc. I think it has to do with spammer dark web sites (wow, that sounds like a cliche) that offer suggestions if not cookbooks about what works on certain sites, or what bypasses the latest spam filters, etc.
Yes, it may cause confusion, and some even may not have access to their email if they registered a long time ago (especially in the case of a forum that was migrated from another platform).
But if their password isn’t changed, I think it’s fair to consider them as compromised (even if it’s potentially).
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.