Toyota GR86, 86, FR-S and Subaru BRZ Forum & Owners Community - FT86CLUB
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

Toyota GR86, 86, FR-S and Subaru BRZ Forum & Owners Community - FT86CLUB (https://www.ft86club.com/forums/index.php)
-   Site Announcements / Questions / Issues (https://www.ft86club.com/forums/forumdisplay.php?f=38)
-   -   The Scammer/Bot Situation is Escalating (https://www.ft86club.com/forums/showthread.php?t=152613)

Tcoat 02-22-2023 08:23 AM
The Scammer/Bot Situation is Escalating
 
The situation with scammer/bots is reaching a boiling point where any and all messages now have to be viewed with a strong element of doubt.
Yesterday there were 6 obvious scammer/bot "members" that joined. They then spent several hours looking at the members lists. Today there are suddenly several older member profiles that are all PMing at this moment. It is not normal and I suspect that these are all hijacked accounts. There are also 5 new "members" all Ronaldsomething that are now viewing the members lists so the process is repeating.
The spam bots are one thing but this new threat is going to cost people money and potentially make this forum a wasteland of distrust! At this moment there are more spammer/bot accounts online than real people.
@Hachiroku @ichitaka05 @Administrator if you care at all anymore you need to do something!

FR-S2GT86 02-22-2023 10:16 AM
Quote:
Originally Posted by Tcoat (Post 3569648)
The situation with scammer/bots is reaching a boiling point where any and all messages now have to be viewed with a strong element of doubt.
Yesterday there were 6 obvious scammer/bot "members" that joined. They then spent several hours looking at the members lists. Today there are suddenly several older member profiles that are all PMing at this moment. It is not normal and I suspect that these are all hijacked accounts. There are also 5 new "members" all Ronaldsomething that are now viewing the members lists so the process is repeating.
The spam bots are one thing but this new threat is going to cost people money and potentially make this forum a wasteland of distrust! At this moment there are more spammer/bot accounts online than real people.
@Hachiroku @ichitaka05 @Administrator if you care at all anymore you need to do something!

How do we know that YOU'RE not a spambot that has taken over Tcoat's account?

Tcoat 02-22-2023 10:27 AM
Quote:
Originally Posted by FR-S2GT86 (Post 3569655)
How do we know that YOU'RE not a spambot that has taken over Tcoat's account?
How do you know I wasn't ALWAYS one?

https://thumbs.gfycat.com/SimilarSho...gu-max-1mb.gif

FR-S2GT86 02-22-2023 11:53 AM
1 Attachment(s)
Attachment 218729

Ultramaroon 02-22-2023 12:04 PM
$$$all$traffic$is$good$traffic$$$

Tcoat 02-22-2023 12:41 PM
Quote:
Originally Posted by Ultramaroon (Post 3569667)
$$$all$traffic$is$good$traffic$$$
I don't expect changes but I feel better for mentioning it. It is getting brutal and this is exactly how I have seen other forums die in the past.

Tcoat 02-22-2023 02:25 PM
Yep there we go. Bunch of members that haven't logged on in years are now suddenly sending PMs out left an right. Today's crop of Body Snatchers are at work.

https://media.tenor.com/3AUnMaJkylkA...erland-pod.gif

ichitaka05 02-22-2023 02:47 PM
Yeah… recently bots have been a bit annoying. Thanks to you & other members reporting all these bots. I hope Hachi got something to fight back these bots

Tcoat 02-22-2023 02:57 PM
Quote:
Originally Posted by ichitaka05 (Post 3569693)
Yeah… recently bots have been a bit annoying. Thanks to you & other members reporting all these bots. I hope Hachi got something to fight back these bots
The ones that are posting are annoying. The ones using old profiles to attempt to scam people are dangerous!

weederr33 02-22-2023 03:31 PM
Bots and spam are why I prefer to sell parts on here vs Facebook marketplace. I posted my parts recently here and on marketplace and it's constant 'is this still available' and then ghosting or it's someone saying they want it but that they will send their wife/cousin/brother/other on FB. Shit, I'm even weary to sell things on here if they don't have a very high post count (sorry lurkers). It's one thing if they post in a thread with an obvious sign, but if they lead you on enough to steal your money or item, that's when it's bad.

Tcoat 02-22-2023 04:05 PM
Quote:
Originally Posted by weederr33 (Post 3569702)
Bots and spam are why I prefer to sell parts on here vs Facebook marketplace. I posted my parts recently here and on marketplace and it's constant 'is this still available' and then ghosting or it's someone saying they want it but that they will send their wife/cousin/brother/other on FB. Shit, I'm even weary to sell things on here if they don't have a very high post count (sorry lurkers). It's one thing if they post in a thread with an obvious sign, but if they lead you on enough to steal your money or item, that's when it's bad.
That's the thing with this new invasion. Post count doesn't mean a thing anymore. Since they are stealing profiles you could get somebody that has been gone for years but has a couple of thousand posts so they look fine. More important now to watch for when they last posted. Even that can be deceiving though.

weederr33 02-22-2023 04:09 PM
Quote:
Originally Posted by Tcoat (Post 3569707)
That's the thing with this new invasion. Post count doesn't mean a thing anymore. Since they are stealing profiles you could get somebody that has been gone for years but has a couple of thousand posts so they look fine. More important now to watch for when they last posted. Even that can be deceiving though.
How are they stealing people's profiles?

Tcoat 02-22-2023 04:13 PM
2 Attachment(s)
Quote:
Originally Posted by weederr33 (Post 3569709)
How are they stealing people's profiles?
Don't know but here is one active right this minute. It is at least #10 today alone.
Do you really think somebody that last posted in 2015 is now PMing people?

Tcoat 02-22-2023 04:20 PM
3 Attachment(s)
This is where people are going to get screwed. Right this minute there are 14 old accounts PMing.
This one would easily deceive people. Even has a good trader rating and 1,000 posts.

Clipdat 02-22-2023 05:07 PM
Quote:
Originally Posted by weederr33 (Post 3569709)
How are they stealing people's profiles?
They probably had easy to guess passwords, or they were re-using the same username & password combination from another site that was released on a list somewhere.

Tcoat 02-22-2023 06:13 PM
Quote:
Originally Posted by Clipdat (Post 3569736)
They probably had easy to guess passwords, or they were re-using the same username & password combination from another site that was released on a list somewhere.
I would guess that however they are doing it it is more complex than just guessing passwords. We are looking at 10 to 20 every day not a couple of individuals. These guys work in bulk!

Clipdat 02-22-2023 06:25 PM
A database with a list of username and passwords for the forum may have been compromised and released at some point.

But if that was the case, they'd already have probably taken over yours and mine. I just changed my password to something more complex as a precaution.

Tcoat 02-22-2023 06:52 PM
Quote:
Originally Posted by Clipdat (Post 3569742)
A database with a list of username and passwords for the forum may have been compromised and released at some point.

But if that was the case, they'd already have probably taken over yours and mine. I just changed my password to something more complex as a precaution.
I change mine at random times ever since there was an attempt (very bad one but still an attempt) to hack into my account a few years back. So far all the ones I have found, well over 100, have all been a wide range of join dates and last posts but most are pre 2017. Now, I may have missed some newer ones as I ignore the active users but nobody has ever spoke up so it appears they are all abandoned profiles.

Clipdat 02-22-2023 06:53 PM
Huh. Very strange.

nissanfanatic 02-22-2023 07:02 PM
Could start by running a current version of vBulletin. This version is EOL.

Code:
Powered by vBulletin® Version 3.8.11

Clipdat 02-22-2023 07:03 PM
Well that would be a good start, yes.

nissanfanatic 02-22-2023 07:05 PM
Quote:
Originally Posted by weederr33 (Post 3569709)
How are they stealing people's profiles?
Plenty of publicly released lists and services to look up passwords by email.

Example: https://www.dehashed.com/

weederr33 02-22-2023 07:42 PM
Ok bot

nissanfanatic 02-22-2023 07:52 PM
Quote:
Originally Posted by weederr33 (Post 3569761)
Ok bot
Yep, obviously a bot because I'm suggesting that the forum be updated to software that was released sometime less than seven years ago with who knows how many vulns, and giving you a possibility on how people's passwords are being stolen.

Ultramaroon 02-22-2023 08:06 PM
augh... it's a joke

Ultramaroon 02-22-2023 08:15 PM
butthurt bots smh

whataboutbob 02-22-2023 08:53 PM
Password re-use across platforms + one of those platforms getting pwnd is almost certainly the cause of this issue.

weederr33 02-22-2023 09:00 PM
Quote:
Originally Posted by nissanfanatic (Post 3569765)
Yep, obviously a bot because I'm suggesting that the forum be updated to software that was released sometime less than seven years ago with who knows how many vulns, and giving you a possibility on how people's passwords are being stolen.
Ok bot.

Tcoat 02-22-2023 09:02 PM
Quote:
Originally Posted by nissanfanatic (Post 3569765)
Yep, obviously a bot because I'm suggesting that the forum be updated to software that was released sometime less than seven years ago with who knows how many vulns, and giving you a possibility on how people's passwords are being stolen.
Exactly what a Bot would say!

Ultramaroon 02-22-2023 09:17 PM
Quote:
Originally Posted by weederr33 (Post 3569789)
Ok bot.
lol :clap:

pope 02-22-2023 09:48 PM
One of the forums I was on *check notes* almost 20 years ago combated spam/scam accounts through a variety of measures:

1. New account registrations required:
a. Completing a registration questionnaire
b. Waiting for a mod/admin to review the answers and approve account and issue temporary password
i. Mods verified IP matched users claimed region of residence
ii. Mods verified questionnaire answers were not duplicates
iii. Mods verified prospective new users were not connecting from the same IP as a previously banned account
c. Restricted new users to a new users section until they verified acknowledgment of the rules by following the instructions in the last rule to create an introduction post that told the forum about themself
2. All users accounts inactive for 90 days had permissions set to read only until contacting a mod and having permissions restored

3. Mod accounts were stripped of elevated permissions after 30 days of inactivity

4. Forum software was kept up to date

5. Ownership of forum, assets, administration accounts, etc. was turned over to parties interested in maintaining the site when current owners lost interest

NoHaveMSG 02-22-2023 09:56 PM
Quote:
Originally Posted by pope (Post 3569800)
One of the forums I was on *check notes* almost 20 years ago combated spam/scam accounts through a variety of measures:
A forum I still check a couple times a year, and have been on for the last 15-20 years did it by asking you to answer a question on registration that you would only know the answer to if you had any actual interest in the subject. Something like "Who is the drift king?" Never saw a scammer or bot. Some hackers did get into it through an issue in the software and locked the admin out of the site unless they paid a ransom in bitcoin. They ended up just redoing the whole forum and losing tons of historical data :(

Spuds 02-22-2023 10:21 PM
I recall my roommate in college was blacklisted by Google for having a monetized website with too much obviously non-human traffic. Him personally, not just the website. Then again I really didn't care much about his side gig so maybe I don't know what I am talking about.

Ultramaroon 02-22-2023 10:23 PM
Quote:
Originally Posted by pope (Post 3569800)
One of the forums I was on *check notes* almost 20 years ago combated spam/scam accounts through a variety of measures:

1. New account registrations required:
a. Completing a registration questionnaire
b. Waiting for a mod/admin to review the answers and approve account and issue temporary password
i. Mods verified IP matched users claimed region of residence
ii. Mods verified questionnaire answers were not duplicates
iii. Mods verified prospective new users were not connecting from the same IP as a previously banned account
c. Restricted new users to a new users section until they verified acknowledgment of the rules by following the instructions in the last rule to create an introduction post that told the forum about themself
2. All users accounts inactive for 90 days had permissions set to read only until contacting a mod and having permissions restored

3. Mod accounts were stripped of elevated permissions after 30 days of inactivity

4. Forum software was kept up to date

5. Ownership of forum, assets, administration accounts, etc. was turned over to parties interested in maintaining the site when current owners lost interest
https://funhouseradious.files.wordpr.../04/angtft.jpg

pope 02-22-2023 11:43 PM
That’s the point

Ultramaroon 02-23-2023 12:20 AM
Quote:
Originally Posted by pope (Post 3569816)
That’s the point
oh. oops. :D

spike021 02-23-2023 02:01 PM
Quote:
Originally Posted by weederr33 (Post 3569709)
How are they stealing people's profiles?
people reuse passwords, passwords get stolen in breaches, people don't update them everywhere, and these forums are hardly modern and admins are kinda out of touch, so theyre not gonna do a force password reset for affected people.

spike021 02-23-2023 02:02 PM
Quote:
Originally Posted by pope (Post 3569800)
One of the forums I was on *check notes* almost 20 years ago combated spam/scam accounts through a variety of measures:

1. New account registrations required:
a. Completing a registration questionnaire
b. Waiting for a mod/admin to review the answers and approve account and issue temporary password
i. Mods verified IP matched users claimed region of residence
ii. Mods verified questionnaire answers were not duplicates
iii. Mods verified prospective new users were not connecting from the same IP as a previously banned account
c. Restricted new users to a new users section until they verified acknowledgment of the rules by following the instructions in the last rule to create an introduction post that told the forum about themself
2. All users accounts inactive for 90 days had permissions set to read only until contacting a mod and having permissions restored

3. Mod accounts were stripped of elevated permissions after 30 days of inactivity

4. Forum software was kept up to date

5. Ownership of forum, assets, administration accounts, etc. was turned over to parties interested in maintaining the site when current owners lost interest
https://media4.giphy.com/media/6UFgd...OJyN/giphy.gif

Ultramaroon 02-23-2023 02:08 PM
Quote:
Originally Posted by Spuds (Post 3569809)
I recall my roommate in college was blacklisted by Google for having a monetized website with too much obviously non-human traffic. Him personally, not just the website. Then again I really didn't care much about his side gig so maybe I don't know what I am talking about.
https://imagenes.t13.cl/images/origi....jpg?width=800

Spuds 02-23-2023 03:32 PM
Quote:
Originally Posted by Ultramaroon (Post 3569894)
I apparently need to check my office for hidden cameras...


All times are GMT -4. The time now is 09:14 AM.
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.
User Alert System provided by Advanced User Tagging v3.3.0 (Lite) - vBulletin Mods & Addons Copyright © 2024 DragonByte Technologies Ltd.


Garage vBulletin Plugins by Drive Thru Online, Inc.