MX Simulator

Discover the world of uninhibited dating.
Legitimate Girls
Exemplary Сasual Dating

How in the world did you get your mx sim forum account hacked.

I have a script for banning password guessing bots but it's looking like it needs to be more aggressive.

Why the sudden targeting though? Was this a leak from phpBB or just a bot discovered old, unused password treasure trove and alerted all of its friends?

I have no idea why they started now. They just continuously crawl the site guessing passwords. There were so many it was actually slowing the site down a few months ago. Seems like they have bots with lots of different IP addresses doing the guessing and then they hold on to the passwords they find and post the spam through a VPN.

Like today there was a spam post from 38.152.246.94 which is apparently a 24Shells Inc. VPN. But the crawling is from 136.243.228.194 which is DataforSEO OU.

All I can do is continue blocking the crawlers. I wish people would use stronger passwords.

So they are brute force guessing on here? Couldn't you just have a max attempts limit or time delay on multiple reset requests? Or is it literally just people who are using 'password'?

Not exactly brute force. I think it guesses things like numbers and your username plus a number first. Probably dictionary words too. This is just based on what people have told me their password was before it was guessed and I've only had a handful tell me.

There is a max attempt limit in phpBB but it just goes to the spambot question to reset it. I'd rather not bother trying to fix it in phpBB since it'll just be lost in the next upgrade. Easier to just make a script that scans the http access log and blocks the IP addresses that are hitting the login page. I should probably update the spambot question though.