Today several members reported receiving spam PM's sent by another member who hasn't been active in the forum for a long time:
This is exactly what happened.Someone may have hijacked this guy's profile. Looks like he hasn't really been active for 3 years otherwise.
How? Because he used a weak password on his account and a "hacker" guessed it, and then used the hacked account to send out spam PM's.
In the last week or so, the forum has been under a pretty steady "brute force attack", where someone (or some bot) was going through usernames and trying to access the account by guessing the passwords.
This is actually a common occurance on forums, and it's the reason the forum software locks your account for 15 minutes if you enter the wrong password 5 times in a row. (We've also had members contacting us this week saying they were notified in an automated forum email about the 5 times/lock event affecting their account, even though they hadn't done anything. This is because the bot/person was trying to access their account... and failed.)
We can't block this kind of thing via IP address, because they are coming from multiple addresses which are regularly changing.
THE SIMPLE WAY TO DEAL WITH THIS is to make sure your account has a strong password:
EG:
>>> How to Create a Strong Password (and Remember It) <<<
Don't get caught using one of the most common weak passwords:
- Has 12 Characters, Minimum A longer password would be even better.
- Includes Numbers, Symbols, Capital Letters, and Lower-Case Letters
- Isn’t a Dictionary Word or Combination of Dictionary Words: Stay away from obvious dictionary words and combinations of dictionary words. Any word on its own is bad. Any combination of a few words, especially if they’re obvious, is also bad. For example, “house” is a terrible password. “Red house” is also very bad.
- Doesn’t Rely on Obvious Substitutions: Don’t use common substitutions, either — for example, “H0use” isn’t strong just because you’ve replaced an o with a 0. That’s just obvious.
More tips for creating an even stronger password that's easy to remember: How to Create a Strong Password (and Remember It)
Strengthen your password:SplashData has announced its annual list of the 25 most common passwords found on the Internet – thus making them the "Worst Passwords" that will expose anybody to being hacked or having their identities stolen.
- 123456
- password
- 12345
- 12345678
- qwerty
- 12345678
- 1234
- baseball
- dragon
- football
- 1234567
- monkey
- letmein
- abc123
- 111111
- mustang
- access
- shadow
- master
- michael
- superman
- 696969
- 123123
- batman
- trustno1
More: "123456" Maintains the Top Spot on SplashData's Annual "Worst Passwords" List
If you want, update your password with a better one via the user control panel: http://www.aveoforum.com/forum/profi...o=editpassword