Bot Problem - 2024

[dogluver101]

Doesn't look like I've been affected, and my password is a unique and strong one, but would this activity appear in our account's "Your Content" view?

it would, but once deleted only mods can see.

 

[Uma Oshichi]

Just flagged one!

---

*types:
user: IHO
pass: "a unique and strong one"
* logs in*
?

 

[Mammal-lover]

Wait so there isn't local singles in my area? Damn explains so much

 

[UR20Z]

Dammit! Not again!

I TOLD you to use something better than 123456... Didn't the luggage incident teach you ANYTHING?!?!?

 

[Badgeryiff]

Thanks for keeping this place alive in the background, mods. Really appreciate having it to come back to over the years.

 

[Petergozinyah]

Hello,

So as some of you have already noticed, we seem to being hit by another wave of bots logging into people's accounts and posting spam on the account's behalf, trying to get people to click on a link for a "dating website." This likely isn't targeted at us, nor is it a problem with the Xenforo forum software, as this same bot has also infiltrated forums running on MyBB and Invision Community.

So far I've configuring ZooVille to capture the posts and make them invisible for normal users. It's possible that some posts my still wind up on the forum. If that is the case, please report them.

Here's what we know, and here's what you'll need to do if you can suddenly no longer login:

This bot is only logging into people's accounts. The bot is not changing people's passwords. It pretty much logs in, makes a spam post, then immediately logs out. So most likely this is either from the LastPass breach, or from a computer virus.

Since it's not changing people's passwords, what I'm doing is forcing a password change on the accounts that have been compromised instead of outright banning them. The user will need to log into their email and will need to set a new password by clicking on the password reset link. I'd also advise changing the password on every single account you've used the same password on.

DOWN WITH THE MACHINES THEM SONS OF BITCHES. Oh know they are ZOOPHILES TOO AWWWW

 

[Petergozinyah]

Thanks for telling us this is happening. It also reminds us to keep an eye on our bank accounts and other things just in case a virus or other nasty software steals the password. I am sure too many people out there know the misery that can cause!! Would Yubikeys work on this site? I never had one so I would not know exactly the way they work. I just know that a lot of people seem to use them. Just don't use one and assume all is well. Keep an eye on accounts just incase those pesky hackers come up with something new!

I bank with Huntington they are on everything great bank every action in my account is te t to me prior to paying out

 

[Mesond]

Ever since Stuxnet (a very effective virus everyone got their hands on) it's been causing a big leap in cyber warfare. Stuxnet is the kind of virus that will shut down centrifuges and steal research data from other countries. So yea, more advanced tech for all. Hence the leap in AI tech. Hence more effective bots. Cyber warfare is a reality now.

People get paranoid about showing themselves. But be mindful of bank account details and such. Personally I just go to the bank in person.

 

[p3rv_sub]

I TOLD you to use something better than 123456... Didn't the luggage incident teach you ANYTHING?!?!?

12345?

 

[UR20Z]

12345?

Yes, that was indeed the reference I was making...

 

[KnottedUp99]

I don't know anymore.... what is this world coming to, when you can't even trust the internet. ?

THANK YOU Floofy!

 

[pes]

Looks like it has died down again. At least I have not noticed many bot dating posts recently.

 

[Cookiecaretaker]

Looks like it has died down again. At least I have not noticed many bot dating posts recently.

meet a polar bear near u call : 0900 - POLARPLEASURE

 

[rylie9518]

That sucks

Yeah

 

[zpourquoipas]

Merci pour les information

 

[eN0nym0us]

Guys i have a question i was using yand,ex as my mail for this group but one day this site asked to change my mail provider so i did but now i do not remember what email i used, is there a way to fin my account or is it lost?

 

[dogluver101]

Guys i have a question i was using yand,ex as my mail for this group but one day this site asked to change my mail provider so i did but now i do not remember what email i used, is there a way to fin my account or is it lost?

contact @FloofyNewfie

 

[dirtydancer]

Hallo,

Wie einige von Ihnen bereits bemerkt haben, werden wir offenbar von einer weiteren Welle von Bots heimgesucht, die sich in die Konten anderer Benutzer einloggen und im Namen dieser Benutzer Spam posten, um die Benutzer dazu zu bringen, auf einen Link zu einer „Dating-Website“ zu klicken. Dies zielt wahrscheinlich nicht auf uns ab und ist auch kein Problem mit der Xenforo-Forum-Software, da derselbe Bot auch Foren infiltriert hat, die auf MyBB und Invision Community laufen.

Bisher habe ich ZooVille so konfiguriert, dass die Beiträge erfasst und für normale Benutzer unsichtbar gemacht werden. Es ist möglich, dass einige Beiträge trotzdem im Forum landen. Wenn das der Fall ist, melden Sie sie bitte.

Folgendes ist uns bekannt und Folgendes müssen Sie tun, wenn Sie sich plötzlich nicht mehr anmelden können:

Dieser Bot meldet sich nur bei den Konten der Benutzer an. Der Bot ändert keine Passwörter der Benutzer. Er meldet sich einfach an, erstellt einen Spam-Beitrag und meldet sich dann sofort wieder ab. Dies ist also höchstwahrscheinlich entweder auf den LastPass-Verstoß oder auf einen Computervirus zurückzuführen.

Da ich die Passwörter der Benutzer nicht ändere, erzwinge ich eine Passwortänderung für die kompromittierten Konten, anstatt sie direkt zu sperren. Der Benutzer muss sich bei seiner E-Mail anmelden und ein neues Passwort festlegen, indem er auf den Link zum Zurücksetzen des Passworts klickt. Ich empfehle außerdem, das Passwort für jedes einzelne Konto zu ändern, für das Sie dasselbe Passwort verwendet haben.

Danke für die Info,ich habe mich schon gewundert. Ich habe mich nun ganz neu registriert und freue mich wieder dabei sein zu können.

 

[roverslave]

can't get past this page lol

 

[CrossedDestiny]

Really should put CloudFlare on this site, it has some mitigation that make it more difficult for bots to mess with. It makes a significant difference to the security posture. That's how BF survived as long as it did, i know they came under heavy attack in their final years...

 

[pelomilo]

Hello,

So as some of you have already noticed, we seem to being hit by another wave of bots logging into people's accounts and posting spam on the account's behalf, trying to get people to click on a link for a "dating website." This likely isn't targeted at us, nor is it a problem with the Xenforo forum software, as this same bot has also infiltrated forums running on MyBB and Invision Community.

So far I've configuring ZooVille to capture the posts and make them invisible for normal users. It's possible that some posts my still wind up on the forum. If that is the case, please report them.

Here's what we know, and here's what you'll need to do if you can suddenly no longer login:

This bot is only logging into people's accounts. The bot is not changing people's passwords. It pretty much logs in, makes a spam post, then immediately logs out. So most likely this is either from the LastPass breach, or from a computer virus.

Since it's not changing people's passwords, what I'm doing is forcing a password change on the accounts that have been compromised instead of outright banning them. The user will need to log into their email and will need to set a new password by clicking on the password reset link. I'd also advise changing the password on every single account you've used the same password on.

Danke

 

[CarlaG7756]

Steps to Address the Issue: Just friendly advice.. ​

For Users:​

1. Change Passwords Immediately:
   • Use a solid and unique password for the forum account.
   • Change passwords for other accounts where the same credentials might have been used.
   • Avoid reusing passwords across platforms.
2. Enable Two-Factor Authentication:
   • If the forum supports 2FA, it can add an extra layer of security.
3. Check Your Device for Malware:
   • Scan your device for viruses and keyloggers using reputable antivirus software.
   • Keep your operating system and software updated.
4. Be Cautious with Links:
   • Avoid clicking on suspicious or unfamiliar links.
   • Report spam posts immediately to forum moderators.
5. Monitor for Unauthorized Activity:
   • Regularly check the "Your Content" or similar sections in the forum for any unauthorized posts.
   • Review account login activity if the forum provides that feature.

For Forum Administrators:​

1. Strengthen Security Protocols:
   • Enforce more robust password policies.
   • Mandate periodic password changes for users.
   • Consider integrating 2FA or hardware-based security like YubiKeys.
2. Monitor and Block Bots:
   • Use IP filtering to block known bot-friendly data centers.
   • Employ CAPTCHA or similar tools to prevent automated logins.
3. Analyze Deleted Posts:
   • Track links in deleted spam posts to identify potential traps.
   • Notify users who may have interacted with these posts.
4. Regular Security Audits:
   • Periodically audit the forum's security measures and software to ensure it is up-to-date.
   • Assess potential vulnerabilities in third-party plugins or software like XenForo.
5. Community Awareness:
   • Keep users informed about ongoing threats and provide clear guidelines on securing their accounts.

---

Long-Term Recommendations:​

• Forums like Zooville should consider investing in advanced bot detection tools or partnering with cybersecurity experts to address these recurring issues.
• Users should stay vigilant, maintain good cybersecurity habits, and use resources like password managers to create unique and secure passwords.

 

[sexysow]

Hallo,

Zoals sommigen van jullie al hebben opgemerkt, lijken we te worden getroffen door een nieuwe golf van bots die inloggen op accounts van mensen en spam plaatsen namens het account. Ze proberen mensen ertoe te bewegen op een link naar een 'datingwebsite' te klikken. Dit is waarschijnlijk niet op ons gericht en het is ook geen probleem met de Xenforo-forumsoftware, aangezien dezelfde bot ook forums op MyBB en Invision Community is binnengedrongen.

Tot nu toe heb ik ZooVille geconfigureerd om de berichten vast te leggen en ze onzichtbaar te maken voor normale gebruikers. Het is mogelijk dat sommige berichten alsnog op het forum terechtkomen. Als dat het geval is, meld ze dan.

Dit is wat wij weten, en dit is wat u moet doen als u plotseling niet meer kunt inloggen:

Deze bot logt alleen in op accounts van mensen. De bot verandert niet de wachtwoorden van mensen. Hij logt in, maakt een spambericht en logt dan meteen weer uit. Dus dit komt waarschijnlijk door de LastPass-inbreuk of door een computervirus.

Omdat het niet de wachtwoorden van mensen verandert, forceer ik een wachtwoordwijziging op de accounts die zijn gecompromitteerd in plaats van ze volledig te blokkeren. De gebruiker moet inloggen op zijn e-mail en moet een nieuw wachtwoord instellen door op de wachtwoordresetlink te klikken. Ik raad ook aan om het wachtwoord te wijzigen op elk account waarvoor je hetzelfde wachtwoord hebt gebruikt.

I lost a lott at the start of this year, on the zx site im unable to login i did give them the orgin mail and that was verified the right mail, but never did receive any mail, and my old proton to here i probably forgot, do anyone knows any way how to get in contact with any support on zx? I did give it up a while ago, but it would be sooo great if im unable to login again, on zx i am high on the rank list