Jump to content
Chinese-Forums
  • Sign Up

Viagra Spam


imron

Recommended Posts

Just to let you know it appears there is currently someone spamming the forums with viagra spam, some of which is making it through the moderation queue.

 

My guess is because the spammer is guessing user names from a common list (all the accounts blocked so far have had common names - julie, elizabeth, shane, henry, etc) and trying common passwords against them.  Some of those accounts have been registered for years and therefore already validated as reputable in terms of not making spam posts.

 

Anyway, thanks to all people who have reported this so far, and keep reporting new instances if you see them come up.

 

Thanks.

Link to comment
Share on other sites

It was OK before, but I already changed it to something stronger. No harm in doing that periodically: A change was overdue anyhow, even without this recent flurry of Viagra spam.

Link to comment
Share on other sites

Yeah, looks to be a case of common passwords. Although if my username was abcdefg, I'd want my password to be 1234567 just for the symmetry. If you do have a weak password (dictionary word or sequential numbers or letters, your username, blah blah) you might want to change it. I should maybe also shut down very old dormant accounts.

Link to comment
Share on other sites

It's a door I've never seen anyone walk through in over a decade. IF someone targets you with a man in the middle attack, and IF you're using that same password for something important (I'm fairly sure nobody's desperate to take over Chinese-forums.com accounts) then maybe you have a problem, but otherwise I can't see this as an issue for the site, and none of the similar sites I use encrypt login. If there are risks I'm not aware of here, point 'em out, but I don't see this as a priority at the moment. 

 

Passwords are encrypted in the database - hashed and salted, I believe. 

 

If anyone has changed their password recently and is having trouble getting the site to keep them logged in, you may need to clear cookies for the site - if you can't figure out how to do that let us know what browser you're using. 

Link to comment
Share on other sites

"I'm fairly sure nobody's desperate to take over Chinese-forums.com accounts."

 

But I thought the point of this thread was that someone was in fact doing this.

 

In any event, apart from the possibility that some folks might foolishly use the same password here they use on their bank accounts, there's the more reasonable possibility that other less foolish folks might sometimes absentmindedly try to sign in with the wrong password and thus inadvertently disclose their bank account password or such.

 

Point is, in 2015 if not 2005 it's just basic good web practice for a sign-in page to be encrypted.

Link to comment
Share on other sites

Join the conversation

You can post now and select your username and password later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Click here to reply. Select text to quote.

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...