• All, I am currently in the process of migrating domain registrations. During this time there may be some intermittent outages or slowdowns. Please contact staff if you have any questions.

Spam Alert

DCurrent

Site Owner, OpenBOR Project Leader
Staff member
All,

As I am sure you've noticed, there have been quite a few "Dating" spam posts showing up over the past few weeks. Unfortunately, this is likely to continue for a while. Whenever there's a fresh wave of spam attacks, all we can do is weather the storm and kill them on sight. The strategy behind forum spam is to overwhelm lightly moderated or inactive sites to increase the spammer's SEO. Obviously that doesn't work here, and they do eventually figure out it's a waste of their time/money/bandwidth, at which point they move on to softer targets. It just takes a while.

According to some of my colleagues, this particular wave is due to a massive data breech earlier in the year that dumped about 25 million accounts + passwords onto the dark web.


It is important to note, this breech does not and did not affect Chronocrash. No Chronocrash accounts were directly compromised in any way. However, it's a common habit for members of forums to reuse passwords that were compromised elsewhere. As you can imagine, the spammers were all over this, and have used them to launch an all out assault on any forum they can find. Again, we'll just keep zapping them until they get the message and find easier prey.

Most of the hijacked accounts are just one and done lurkers, but a few are legitimate, active members. For the moment, I am only cleaning the spam from active accounts. However, if the problem becomes severe enough, I may be forced to issue a spam block (meaning the account, its contents, and any of its associates are completely wiped out and sent to a black list on other forums as well). If you want to avoid this, please see below.

Recommendations​

These recommendations will help harden your account from compromise and are best practices in general, not just at Chronocrash.

Password Rotation​

I highly recommend all members periodically reset their passwords. 90 days is a good rotation.

Two Party Authentication​

Enable Two Party Authentication. You can do this under Password and Security in your account settings.

1714404249888.png

Avoid Shared Accounts​

Shared accounts are member accounts who's credentials are intentionally made public for others to use, typically to circumvent registration. The most infamous example is Bugmenot. These shared accounts are not just a security breech, but a form of bandwidth theft. For this reason, it is a long standing policy that any shared accounts are spam blocked on sight - no questions asked.

In short, don't use them. Register for a real account.

If you have any questions, please let me know.

DC
 
Last edited:
Just messaged him in one of Blade Master's videos on YouTube because I don't know where I can contact him. Hopefully, he can check this out for restoring his account here.
 
Sadly, my comment got deleted or vanished on YouTube. Maybe someone thought I was spamming? I provided this link in my comment and the video mentions chronocrash.com. Or maybe my comment was not good enough to give a signal.

"Hey, Blade Master. I don't know if you're around and aware of what's happening, but you can take a look at this for your own ChronoCrash account."

I don't get it. Is someone hijacking his accounts on both YouTube and here? The deletion seems obvious/suspicious to me. I'm sure I posted it.
 
I'm guessing they used the same email and password so several accounts have been hijacked, their public youtube videos have been completely deleted/unlisted.
 
Someone hacked my YouTube channel thinking mine was inactive and posting a couple of Fortnite videos which increased a thousand views long time ago. But after I reported that and changed my password, and before I deleted them, a couple of their views dropped into a very few which exposed that they were not real thousand views.
 
We just had another compromised account spam, this time from @Clodex Coelho. Apparently I'm not being clear. Either take better care of your accounts and stop reusing passwords or I will have no choice but to enforce a reset and two factor authentication on everyone.

DC
 
Back
Top Bottom