imron Posted April 6, 2015 at 02:51 PM Report Share Posted April 6, 2015 at 02:51 PM Just to let you know it appears there is currently someone spamming the forums with viagra spam, some of which is making it through the moderation queue. My guess is because the spammer is guessing user names from a common list (all the accounts blocked so far have had common names - julie, elizabeth, shane, henry, etc) and trying common passwords against them. Some of those accounts have been registered for years and therefore already validated as reputable in terms of not making spam posts. Anyway, thanks to all people who have reported this so far, and keep reporting new instances if you see them come up. Thanks. Quote Link to comment Share on other sites More sharing options...
roddy Posted April 6, 2015 at 03:36 PM Report Share Posted April 6, 2015 at 03:36 PM That's a new one. Keep sending in the post reports folks, and me and Imron will work hard for hours and hours. Quote Link to comment Share on other sites More sharing options...
imron Posted April 6, 2015 at 11:19 PM Author Report Share Posted April 6, 2015 at 11:19 PM I wonder how far down 'roddy' is on the list. I hope you have a strong password ;-) Quote Link to comment Share on other sites More sharing options...
abcdefg Posted April 7, 2015 at 12:01 AM Report Share Posted April 7, 2015 at 12:01 AM Should we change passwords to keep our accounts from being abused or highjacked? (Dumb question. I will just do it.) Quote Link to comment Share on other sites More sharing options...
imron Posted April 7, 2015 at 01:18 AM Author Report Share Posted April 7, 2015 at 01:18 AM Only if your password is abcdefg or 123456 or something easily guessable such as a dictionary word or a word on lists such as this. Quote Link to comment Share on other sites More sharing options...
abcdefg Posted April 7, 2015 at 02:43 AM Report Share Posted April 7, 2015 at 02:43 AM It was OK before, but I already changed it to something stronger. No harm in doing that periodically: A change was overdue anyhow, even without this recent flurry of Viagra spam. Quote Link to comment Share on other sites More sharing options...
roddy Posted April 7, 2015 at 07:50 AM Report Share Posted April 7, 2015 at 07:50 AM Yeah, looks to be a case of common passwords. Although if my username was abcdefg, I'd want my password to be 1234567 just for the symmetry. If you do have a weak password (dictionary word or sequential numbers or letters, your username, blah blah) you might want to change it. I should maybe also shut down very old dormant accounts. Quote Link to comment Share on other sites More sharing options...
889 Posted April 8, 2015 at 02:32 PM Report Share Posted April 8, 2015 at 02:32 PM Am I correct passwords are not encrypted here? If so, that leaves a door open. http://www.chinese-forums.com/index.php?app=core&module=global§ion=login&do=process Quote Link to comment Share on other sites More sharing options...
roddy Posted April 9, 2015 at 11:57 AM Report Share Posted April 9, 2015 at 11:57 AM It's a door I've never seen anyone walk through in over a decade. IF someone targets you with a man in the middle attack, and IF you're using that same password for something important (I'm fairly sure nobody's desperate to take over Chinese-forums.com accounts) then maybe you have a problem, but otherwise I can't see this as an issue for the site, and none of the similar sites I use encrypt login. If there are risks I'm not aware of here, point 'em out, but I don't see this as a priority at the moment. Passwords are encrypted in the database - hashed and salted, I believe. If anyone has changed their password recently and is having trouble getting the site to keep them logged in, you may need to clear cookies for the site - if you can't figure out how to do that let us know what browser you're using. Quote Link to comment Share on other sites More sharing options...
889 Posted April 9, 2015 at 01:44 PM Report Share Posted April 9, 2015 at 01:44 PM "I'm fairly sure nobody's desperate to take over Chinese-forums.com accounts." But I thought the point of this thread was that someone was in fact doing this. In any event, apart from the possibility that some folks might foolishly use the same password here they use on their bank accounts, there's the more reasonable possibility that other less foolish folks might sometimes absentmindedly try to sign in with the wrong password and thus inadvertently disclose their bank account password or such. Point is, in 2015 if not 2005 it's just basic good web practice for a sign-in page to be encrypted. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and select your username and password later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.