PUBLIC SERVICE ANNOUNCEMENT IMPORTANT WARNING - HACKER SPAMBOTS ON THE LOOSE? SCAN YOUR COMPUTERS AND UPDATE PASSWORDS.

Diana

Diana

LOOK HOW CALM SHE IS
Original poster
ADMINISTRATOR
MYTHICAL MEMBER
Invitation Status
  1. Not accepting invites at this time
Posting Speed
  1. 1-3 posts per week
  2. Slow As Molasses
Online Availability
10AM - 10PM Daily
Writing Levels
  1. Adaptable
Preferred Character Gender
  1. Female
Genres
Romance, Supernatural, Fantasy, Thriller, Space Exploration, Slice of Life
GREETINGS MINIONS!

We've been getting some new kind of spam on the forum - A SCARY KIND OF SPAM.

It's from actual member accounts - or at least we're pretty sure they were real members before the spam posts started, as they were actively participating in roleplays (and not just fake AI posts in weird places). It's happened TWICE so far, which leads me to believe there are new kinds of keyloggers, spyware, and hacker bots on the loose. Ones that get ahold of all your accounts on your computer/phone and then see where they can auto-spam.

We have reset the passwords on these accounts so the members can get them back.

TO BE SAFE: Take this time to run some spyware, virus, and malware programs on your computers and other devices. Likewise, if you haven't changed your passwords in awhile - do so! It's a good habit to keep your accounts safe from potential hackers!

I have no idea what to use on phones, but some of my fav programs (all of which are FREE) on my computer are:

www.malwarebytes.com

Malwarebytes Cyber Security for Home & Business | Anti-Malware

Protect your home and business PCs, Macs, iOS and Android devices from malware, viruses & cyber threats with our comprehensive cyber security solutions. Free trials available.
www.malwarebytes.com www.malwarebytes.com

CCleaner Makes Your Computer Faster & More Secure | Official Website

CCleaner is the number-one tool for cleaning your PC. It protects your privacy and makes your computer faster and more secure! Download it FREE today.
www.ccleaner.com www.ccleaner.com
www.safer-networking.org

Home of Spybot, Your Digital Identity Protection - Spybot Anti-Malware and Antivirus

Spybot offers a unique technology for your security. Far beyond antivirus Spybot searches and destroys unwanted software and protects your privacy.
www.safer-networking.org www.safer-networking.org
www.avast.com

Avast | Download Free Antivirus & VPN | 100% Free & Easy

Join 435 million others and get award-winning free antivirus for PC, Mac & Android. Surf safely & privately with our VPN. Download Avast today!
www.avast.com www.avast.com

And if we have any computer security people in the house that have some better suggestions, post them! Ò◇Ó We want everyone safe on the internet!
 
  • Like
  • Useful
Reactions: BlackStyxx3690, Raxir, iridescent and 10 others
I have now confirmed that this kind of spam is most likely from a "data leak" - meaning some really big website somewhere had a breech of their accounts and that data was sold to spammers. This same things is happening across many other sites, and not just xenforo forums. O:

SO REGULARLY CHANGE YOUR PASSWORDS.

If you are person who uses "repeat passwords" cause they are easier to remember, at the very least NEVER do that on sites that have payment data
 
  • Like
  • Love
Reactions: Reliance, ImaginationGoneWild and XIII
If you use Google to store your passwords, you can easily run a data breach check on your saved passwords. Go to settings. If you are on your phone, look for password management. On the computer, go to autofill > passwords. At the top of the page, there is a "check your passwords" option. Google runs a scan on your passwords and compares it to any known breached data.

It doesn't guarantee your passwords are secure, but it is an easy step to take!
 
  • Useful
Reactions: kroyote and Diana
Good choices for free programs to protect a computer. Though on a side topic....is it just me, or does running a password through a google check not sound like a security risk itself? If I was a hacker, I would figure out how to access that checker. Though I guess the main way people get passwords is fake links or data breaches rather than actual hacking. *shrug*
 
Shadow_Drake said:
If I was a hacker, I would figure out how to access that checker.
Click to expand...
If a hacker group had penetrated Google's systems to such an extent that they could access that data, then we'd all have much bigger problems to worry about.

That being said, if you want to divest yourself from our Alphabet overlords a little (it is too late there is already a Google inside you) you could potentially look at some of the other Password Managers out there. They're essentially a service that generates and stores long-character passwords that are resistant to brute force attacks, and which can be unique to each account you have. All you have to do is remember the master password to access your password vault, and most of these programs will automatically update any changes to information you make. Helps when you're changing passwords on the reg (which, as Diana points out, we all really ought to be doing more).

Not all Password Managers are created equally, though. A lot of antivirus companies have been bundling their own versions of software into the stuff they offer, and not all of them are great. Norton's password manager service got hit recently, for example, and for the love of whatever god you might believe in do not fuckin use LastPass. Those guys are leakier than the goddamn Bismarck, and when they do get hit? They won't tell you if your account was breached.

I'd instead look at BitWarden, an open source (...ish) alternative to stuff like LastPass and Google Password Manager. It's the one I use, and it's the one that the IT security nerds I'm pals with tend to recommend (when they aren't suggesting you build your own server to host a password vault of your own, IT security nerds are fucking weird okay).
 
  • Like
  • Useful
Reactions: Maximus_Shadow, Diana, Ashi and 1 other person
Weird and slightly paranoid are basic requirements for joining the ranks of the IT security nerds. Source: Am professional IT security nerd.

* Get a password manager and use it. @Hecatoncheires mentioned BitWarden already, and that would be my recommendation too! I also use 1Password for all my work passwords! Reset all your important passwords and never reuse a password. It's not hard to find emails and passwords from previous data leaks - if you've used the same password and email for all your accounts... You might find yourself struggling with hacked accounts and the fallout from it.

* haveibeenpwned.com checks known data breaches for the details that you submit, and will tell you if and what information might have compromised. It doesn't give you the actual password - so you'll have to go elsewhere if you're trying to 'hack' yourself - but it does make for interesting reading. Out of over a dozen emails I have, personal and professional, only my work email, a business email, and two personal are untouched. It's impressive until you realize that my work email is only ever used internally, and I rarely use the other three accounts!

* Be careful what you click on or download. Use a little critical thinking when surfing the web and trust your gut - if it looks a little too good to be true, if you don't quite recognize the email, if your Discord buddy who you usually only share memes with starts linking you articles or playlists... It's probably not legit. Beware short links from people you're not familiar with - bit.ly and shorturl.at for example.

* Get yourself an ad blocker. Shady ads are responsible for more malware infection that you think, and let's face it, nobody really likes ads anyway. You want uBlock Origin - it's lightweight, easy to use, and works right out of the box.

* Don't download pirated material. It's against the law, you could get in trouble with your ISP, and unless you have an excellent source, it's likely full of keyloggers, ransomware or bitminers.

* There's been recommendations for some antivirus, but if you're using a Windows machine - making sure Windows Defender is set up correctly is actually one of the best things you can do, and it's free. Combined with a little common sense, this will stop 99% of internet nasties. Bitdefender is a popular alternative that works with MacOS and Android!

* Be careful what you access on public WiFi and unsecured networks. A good VPN helps if you've absolutely got to do your internet banking, or access work details while at Starbucks - I have been there myself! - but try to avoid it if you can!

* If you're ever concerned about a file or a link, VirusTotal can analyze it for you, and make sure it's safe!
 
  • Useful
  • Like
Reactions: Maximus_Shadow, Hecatoncheires, Dusk and 1 other person
I'd add, too - Spyhunter and Reghunter are excellent programs - you can utilize the free ones (it just requires a small waiting period). The problems have two very thorough scans, one which goes through regular files (similar to malwarebytes) and the other which runs through your registry. I've had them installed for a while now and they've managed to find issues other programs weren't able to suss out.
 
  • Useful
  • Like
Reactions: Maximus_Shadow and Diana
I prefer good old fashion paper and pen. That way if someone wants to steal it, they a least have to be in the same house. Only really a issue if you need to use the password at another location as then your at risk of someone stealing your notebook/bag.

I would think the password managers will be another obvious target for criminals in the future. (Though I am sure the companies are trying to create ways to avoid that problem...but it goes both ways with security improving around the password vaults, and then criminals figuring out ways to deal with it)

Though like most people, I did give in a little, and sites i use daily (but are not things like the bank) are saved to the browser...I suppose I should upgrade to a proper manager though.

Mmm...though I will comment....we probably do got bigger problems as I doubt google will be or is secure as everyone thinks....

But most people do not really need to worry about that, I guess.

But lots of useful tips and suggestions here. Keep up the great work everyone. I especially like that suggestion about building our own password vault, but I would be too worried about not getting the security settings right and someone getting access to it all. I looked up handheld devices...but one on Amazon had a review saying putting a new password erases the last one on the list....or issues like that which make it questionable. Then things like a phone...they connect to the phone towers, and cant really be considered secure either.

This topic kind of reminds me of another security issue. Not myself, but a related mention to me that they had an alert by one of the credit companies that their email and password was leaked by a company. Normal, right? Except it was related to one of those DNA ancestor family websites....and that is exactly why I never sign up for those things. Or put my fingerprint on a phone. We eventually reach the point where someone will just copy that data, and recreate it at a crime scene to frame people....or maybe I am just thinking too far ahead. Not to mention sci-fi concerns such as cloning...

As for extra things to add to the discussion/tips.

Mmm, I guess just some of the other basic things like being careful abut any USB you connect to your computer, or visitors getting on your guest network and it possibly infecting your network. And I will repeat that ad-blocker...especially if your internet has data limits.

More medium-level stuff...for the typical person, would be to change your router login info.

I also like to do a fresh install of windows from scratch. If nothing else it may help get rid of unused programs that get left behind even after 'uninstalling them' and make the computer run better.

That, and for phones....just remember the more games and apps you install, the more ...code there is for a security hole to appear in... plus it slows down the performance of the phone.
 
Thieves are gonna Thief and Hackers are gonna Hack! This will continue until the end of time until we evolve out of those kind of behaviors - if we ever do! O: So no method will ever be 100% effective for the average person.

Just practice safe internet usage and it reduces your chances a ton <3
 
  • Like
Reactions: Maximus_Shadow
Diana said:
Thieves are gonna Thief and Hackers are gonna Hack! This will continue until the end of time until we evolve out of those kind of behaviors - if we ever do! O:
Click to expand...

You have a lot of faith in humans...... I am surprise you actually even suggested we would evolve out it. (I am joking with you in case this needs to be said)
 
+1 for using haveibeenpwned or something like firefox monitor to see if there have been any leaks associated to your primary email addresses

+1 to using virustotal to scan files you aren't quite certain about

+1 for bitwarden as a password manager

Suggest increasing the KDF iterations to 350,000 which is the current minimum recommended by OWASP, and using a master password that is 20+ characters long as length is a primary driver of entropy which is a major factor in password security

LastPass is a large password manager which has pretty recently suffered a large data breach, which usually isn't a problem if the build is audited to confirm it is zero trust and other best practices are followed. For LastPass the issue is there are users who have not had their KDF iterations upgraded from 500 or 5000, which were previously recommended values that LastPass had. So the worst case scenario is that people's vaults with low iterations and small master passwords were compromised and gave access to all account information, and that this may be behind behavior like what you're seeing here

Let me also suggest the usual routine of adding 2FA / MFA to accounts where possible
 
  • Like
Reactions: Maximus_Shadow
You must log in or register to reply here.
Top Bottom
Back