SIGforum
I WAS HACKED!!!!!! BE CAREFUL IN THE CLASSIFIEDS, That was not my classified ad!!!!!!

This topic can be found at:
https://sigforum.com/eve/forums/a/tpc/f/320601935/m/4380086715

October 13, 2025, 11:18 AM
architect
I WAS HACKED!!!!!! BE CAREFUL IN THE CLASSIFIEDS, That was not my classified ad!!!!!!
I'm curious as to just how the account was compromised. Please post details if you can figure them out so the rest of us can take proper precautions. I doubt it was a successful random guess at a weak password, this technique has fallen by the wayside in recent times.

It might also be useful to see the logs of the offender's attempts. I wonder if Social Strata offers a fail2ban-type service (fail2ban monitors logs for unusual activity and locks out the associated IP address).
October 13, 2025, 11:19 AM
ensigmatic
quote:
Originally posted by Black92LX:
quote:
Originally posted by Pipe Smoker:
Just curious. Was your original PW long and strong? My PW manager generates passwords of specified length using upper and lower case letters, numbers, and special characters.
Apparently not.
Thought it would be as I changed it when we had that last issue and Para suggested the password change a little while back.
Assuming that, by "long and strong" you had something like Pipe Smoker suggested and it was at least 10 characters long, and given that you also posted...
quote:
Originally posted by Black92LX:
My guess is the PayPal email has been hacked too.
I am not Charles.
and you mean your PayPal account has been compromised, I'd be concerned your PC is compromised with either a credentials-stealing program or key-logger.

I've account credentials on Internet-facing systems that haven't had their passwords changed in 10-20 years and they've never been "hacked" unless the site's own user account databases were compromised.

Here's the reality: A brute-force attack on user account credentials by password-guessing, assuming a reasonably strong password, would take, on average, literally hundreds of thousands of years even at the unrealistic rate of a million login attempts/second. (I can supply the math if you'd like.)

Another possibility was you accessed both Sigforum and PayPal from an insecure network which had been compromised by a Man-In-The-Middle (MITM) attack and the attackers snagged your login credentials on-the-fly.

I think that latter somewhat less likely than a compromised PC.
quote:
Originally posted by architect:
I wonder if Social Strata offers a fail2ban-type service (fail2ban monitors logs for unusual activity and locks out the associated IP address).
Sadly, such mechanisms are becoming increasingly less effective as the Bad Guys increasingly move to distributed attacks using 'bot farms.

ETA: For everybody: For PayPal and other sensitive sites/on-line accounts that offer it: Enable 2-Factor Authentication using an authenticator. They usually refer to it as "Google Authenticator", but they all work the same. Personally, I use 2FAs on my iThings devices.


"America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe
"If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher
October 13, 2025, 11:29 AM
wcb6092
Would an escrow service put a stop to these scammers?

Escrow receives funds from buyers and holds it until buyer receives items from sellers.


_________________________
October 13, 2025, 05:25 PM
Black92LX
quote:
Originally posted by ensigmatic:
quote:
Originally posted by Black92LX:
quote:
Originally posted by Pipe Smoker:
Just curious. Was your original PW long and strong? My PW manager generates passwords of specified length using upper and lower case letters, numbers, and special characters.
Apparently not.
Thought it would be as I changed it when we had that last issue and Para suggested the password change a little while back.
Assuming that, by "long and strong" you had something like Pipe Smoker suggested and it was at least 10 characters long, and given that you also posted...
quote:
Originally posted by Black92LX:
My guess is the PayPal email has been hacked too.
I am not Charles.
and you mean your PayPal account has been compromised, I'd be concerned your PC is compromised.


No not my PayPal. He logged into my Sigforum account DID NOT change my password.
He then changed the viewable email in my profile to black92lx@gmail.com (SCAM EMAIL. This is not me and has never been me) people were responding to him through that email and he was providing charlesford27@yahoo.com (SCAM EMAIL PAYPAL Account) for people to pay for the items.

I was referring to the likelihood that the Charlesford PayPal account was also hacked as I presume he is not dumb enough to use an account with his name on it.

I have NEVER used either of those accounts my PayPal account is under an email address that is never used for forums. And my viewable email on forums is used for nothing but forums.

All my email account passwords have been changed and none have been accessed as I get a security alert when a new device accesses them.


————————————————
The world's not perfect, but it's not that bad.
If we got each other, and that's all we have.
I will be your brother, and I'll hold your hand.
You should know I'll be there for you!