Spam Alert

DCurrent

DCurrent

Site Owner, OpenBOR Project Leader
Staff member
All,

As I am sure you've noticed, there have been quite a few "Dating" spam posts showing up over the past few weeks. Unfortunately, this is likely to continue for a while. Whenever there's a fresh wave of spam attacks, all we can do is weather the storm and kill them on sight. The strategy behind forum spam is to overwhelm lightly moderated or inactive sites to increase the spammer's SEO. Obviously that doesn't work here, and they do eventually figure out it's a waste of their time/money/bandwidth, at which point they move on to softer targets. It just takes a while.

According to some of my colleagues, this particular wave is due to a massive data breach earlier in the year that dumped about 25 million accounts + passwords onto the dark web.

arstechnica.com

Researcher uncovers one of the biggest password dumps in recent history

Roughly 25 million of the passwords have never been seen before by widely used service.
arstechnica.com arstechnica.com

It is important to note, this breach does not and did not affect Chronocrash. No Chronocrash accounts were directly compromised in any way. However, it's a common habit for members of forums to reuse passwords that were compromised elsewhere. As you can imagine, the spammers were all over this, and have used them to launch an all out assault on any forum they can find. Again, we'll just keep zapping them until they get the message and find easier prey.

Most of the hijacked accounts are just one and done lurkers, but a few are legitimate, active members. For the moment, I am only cleaning the spam from active accounts. However, if the problem becomes severe enough, I may be forced to issue a spam block (meaning the account, its contents, and any of its associates are completely wiped out and sent to a black list on other forums as well). If you want to avoid this, please see below.

Recommendations​

These recommendations will help harden your account from compromise and are best practices in general, not just at Chronocrash.

Password Protection​

I highly recommend all members employ password hardening. Always use unique passwords, utilize a password manager when you can, and old school or not, regular rotation doesn't hurt.

Multi-Factor Authentication (MFA)​

Enable Multi-Factor Authentication. You can do this under Password and Security in your account settings.

1714404249888.png

Avoid Shared Accounts​

Shared accounts are member accounts who's credentials are intentionally made public for others to use, typically to circumvent registration. The most infamous example is Bugmenot. These shared accounts are not just a security breach, but a form of bandwidth theft. For this reason, it is a long standing policy that any shared accounts are spam blocked on sight - no questions asked.

In short, don't use them. Register for a real account.

If you have any questions, please let me know.

DC
 
Last edited:
Just messaged him in one of Blade Master's videos on YouTube because I don't know where I can contact him. Hopefully, he can check this out for restoring his account here.
 
Sadly, my comment got deleted or vanished on YouTube. Maybe someone thought I was spamming? I provided this link in my comment and the video mentions chronocrash.com. Or maybe my comment was not good enough to give a signal.

"Hey, Blade Master. I don't know if you're around and aware of what's happening, but you can take a look at this for your own ChronoCrash account."

I don't get it. Is someone hijacking his accounts on both YouTube and here? The deletion seems obvious/suspicious to me. I'm sure I posted it.
 
I'm guessing they used the same email and password so several accounts have been hijacked, their public youtube videos have been completely deleted/unlisted.
 
Someone hacked my YouTube channel thinking mine was inactive and posting a couple of Fortnite videos which increased a thousand views long time ago. But after I reported that and changed my password, and before I deleted them, a couple of their views dropped into a very few which exposed that they were not real thousand views.
 
We just had another compromised account spam, this time from @Clodex Coelho. Apparently I'm not being clear. Either take better care of your accounts and stop reusing passwords or I will have no choice but to enforce a reset and two factor authentication on everyone.

DC
 
Hello!! :3. Surely nobody knows about me now, I was an active member here before. Yesh my account was Blade Master, which it got hacked together with my Youtube account and named TheGamerXS, then I changed it to Felina Catness animations, and yesh I'm actually a girl lol >.<. Well I used Blade Master simply cuz I liked the nickname and well, unfortunately my files in my online repository got erased cuz account hacked too, I got in control again of yt and github but I lost all my progress with my project Fire Hearts T^T, a really pity. The dead of my little sister affected me a lot and I took a while to recover. But well, I have some ideas now and I want to use again the power of OpenBOR. My real name is Alexa, I'm glad to meet you again guys and let's code <3
 
Felina said:
Hello!! :3. Surely nobody knows about me now, I was an active member here before. Yesh my account was Blade Master, which it got hacked together with my Youtube account and named TheGamerXS, then I changed it to Felina Catness animations, and yesh I'm actually a girl lol >.<. Well I used Blade Master simply cuz I liked the nickname and well, unfortunately my files in my online repository got erased cuz account hacked too, I got in control again of yt and github but I lost all my progress with my project Fire Hearts T^T, a really pity. The dead of my little sister affected me a lot and I took a while to recover. But well, I have some ideas now and I want to use again the power of OpenBOR. My real name is Alexa, I'm glad to meet you again guys and let's code <3
Click to expand...

@Felina

Welcome back Ms. Alexa. I have merged your old account and its content.

DC
 
@xandegraf please change your password when you next log in and contact a member of staff to unban your account.

The rest of you, please take better care of your accounts. As I warned previously, there are no second chances. Accounts appropriated for spam are banned instantly. It's the only way we can keep the bad actors at bay. Enable 2FA and don't use the same password for different forums/media/etc.

DC
 
@jet

please change your password when you next log in and contact a member of staff to unban your account.
 
All, I've seen a few complaints on Reddit about people being spam banned with "no way to contact the administrators."

This is one example (there are others):

https://www.reddit.com/r/BeatEmUps/comments/1potakl/why_is_chronocrash_banning_accounts_for_no_reason

Here's the reality.

If you register with an obviously fake email address, use suspicious registration details, or start posting spam, your account is almost certainly going to disappear. This isn't gatekeeping. It's basic forum administration.

Chronocrash is run by volunteers, and I pay out of pocket for premium software, storage, and bandwidth. I simply do not have the time or resources to perform a deep dive on every one of the dozens of account registrations we receive each day. If the forum software flags an account as suspicious, I'll take a quick look. If I see obvious signs of a fake, generated, or disposable account, I'm not going to spend additional time trying to prove otherwise. The account will be rejected, and in many cases spam blocked.

Similarweb consistently places Chronocrash in the top 500k websites globally, which even by the most conservative math of roughly 200 million active sites easily places us in the top 0.003% of all indexed sites worldwide. As a consequence, we get thousands of spam hits.

The only way to survive that is a layered defense of policy, blacklists, networked detection, algorithms, and human intervention. That blocks most before we ever see it. The small percentage that gets through is still a full-time job to deal with - usually @danno or I zap them before you ever notice. Any gentler approach would get us overrun in days.

This is also why the registration rules ask you to use a real email address. If you're a legitimate member, register with a real account, verify your email, and participate normally. There is no rule against lurking, but accounts that look disposable, never verify properly, or match common spam patterns are not going to receive the benefit of an exhaustive review.

Moderation isn't about catching every spammer with perfect accuracy. It's about protecting the community with the limited time and resources we have. If that means a handful of obviously suspicious accounts are rejected without a full investigation, that's a tradeoff I'm willing to make.

DC
 
All, I've seen a few complaints on Reddit about people being spam banned with "no way to contact the administrators."
Click to expand...
What I see are just ppl complaining of not being able to register 20 bot accounts with fake emails to just spam garbage here.
 
You must log in or register to reply here.
Back
Top Bottom