Anyone else notice the strange goings on? Spam posts from previously existing accounts, most all of whom have been absent for a year or more? It's extremely unlikely that the account owners are doing any of this, and even more unlikely that all those accounts have been individually hacked. Somebody's got their slimy mitts on a password file somehow, and if so every single account is at risk. CHANGE YOUR PASSWORDS NOW.
Done. Thank you for the heads up.
We have not noticed any more spam than usual. If you do see spam posts, please report them.
In some cases, bots will register their accounts but not make their first post well into the future.
In other cases, if a user uses the same password across many sites, and one of those sites are breached, attackers may try that same password on other sites as well (like this one).
And to be clear, there is no indication that this site has been breached.
We got this guy Not Sure, ...
Well, there is a definite and odd pattern to the accounts that have been posting the word-for-word identical 'pump' spam. Some accounts are old but never posted, but lots of them are users that were formerly fairly active but have been dormant for a year or more. None of these identical posts (none that I have seen, anyway) has been made by newly-registered accounts, like the regular random spammers do. Seems to me that would indicate one person or one group has gained access all at once to a whole bunch of preexisting accounts.
As I mentioned, there are many registered bot/spam accounts that sit dormant until they are activated.
We got this guy Not Sure, ...
But these are accounts that were created by real humans, who posted about real not-BS HP Tuners topics, and then they drifted away or whatever, and then years later show back up and all post the exact word-for-word same crypto spam message?
They've all been taken down now and I didn't create a file, but there is a very recognizable pattern to these recent posts that is utterly unlike the regular spam that gets posted by newly registered disposable hit-and-run accounts.
Why do you care?
Why do you not?
Because I know how to scroll and use the back button. And It's not my forum.
I'm not seeing your posts anymore, but maybe a better question would be, why do you care that I do care?
Yep, just what this world needs is fewer people who give a shit. Thanks for doing your part.
https://forum.hptuners.com/search.php?searchid=6937732
111 normal on-topic posts over the span of 2 years, then copy-paste cryptospam. The person who made those 111 normal posts no longer has control of that account. It's the same pattern for the other accounts that have been used to post the same cryptospam.
https://forum.hptuners.com/search.php?searchid=6937808
3 legit posts by an actual human, then 4 years inactivity, then copy-paste cryptospam. Same text added to the user's location field, too.
They are hitting Camaro5 forum the same way. Same crypto pump spam.
Same user or different? If it's the same they are probably using the same password across multiple sites and somewhere one was breached. NEVER use the same passwords!!! Spent my long career in Info Security and preached this since the internet started and mostly everyone is/was smarter than me and ignored it until they had problems.
Exact same text, posted by different unrelated old accounts.
What's more likely, that 20-30 different people all decided to post the same spam message, or the same person is using multiple accounts?
I haven't seen a huge increase of spam on this site and read every unread message every day. I could have missed some but saw a couple a few days ago in one of the sub-forums. As before, this was my career since before there was an internet and I've been the head of IT security at several extremely large companies during my career plus advising various levels of governments. Most people don't care until someone is using the same password they use at all sites to start emptying bank accounts. Then it's always 'How can this happen?"
Another possibility is if the person decided to give their old laptop or desktop away without doing either a hard drive removal and destruction or a full security wipe which will need to run for hours to properly erase data to an unrecoverable point for the average person although almost everything can be recovered if you have the time and proper tools. I've seen a lot of companies recycle computers with no safeguards in place and office copy machines received on lease without the previous companies information erased. Passwords are everywhere and if you don't protect them, they are easy to snag.
If you have the links, I'll try to look into the spam and see if I can see anything that stands out or let someone on my team look into where the origination seems to have come from and report back if we find anything.
The overwhelming majority of spam attempts on this site are caught by our filters and never make it to a public post.
We got this guy Not Sure, ...
Thanks Keith!
I wasn't trying to complain about the amount of spam, just trying to point out that there were messages showing a clear pattern of some single individual using a bunch of different real-human-member accounts to post the same message. Which is not the typical spammer pattern. For sure I know the spammers will create lots of burner accounts and leave them for long stretches, then hit a bunch of them all at once to do their stuff. This was something very different. A lot of the accounts used for this were ones that had been active in the past and posting non-AI-generated real on-topic content.
If someone has/had gained access to real user-created (not spammer-created) accounts, that's a problem that won't be solved by removing individual spam posts as they show up.
https://forum.hptuners.com/member.php?41076-Nige
Quick, look at the post history before it all gets deleted!
screenshot.02-02-2023 02.32.34.png
Normal post, normal post, normal post, normal post, a short absence, CRYPTO SPAM. This person has had their account hacked. I still find it really hard to believe that anyone would target individual HPT users with phishing attacks or whatever. There is a password list floating around in the dark parts of the interwebs.
Reply With Quote