So either these people sold their accounts to spammers (highly unlikely) or the forum/server/database-server was hacked and someone got access to login data or the accounts were hacked.
I tried contacting Willis (since he is in #qc) to ask if he used a strong password but got no reply yet.
These hacks happened a while ago so no need to panic now.
You used a unique strong password for this site anyways, didn't you?
Maybe its indeed time for a captcha atleast in the user registration allthough its probably to late for the acc's allready hacked.
i can live with a small annoyance as the beforementioned if it means
we can get rid of the bulk of these spammers.
Oh wow. There was the potential for a security breach when Telefragged upgraded the server a few years ago. Authentication was broken and someone could have got access to a list of usernames and crypt() hashes for your passwords - It might explain some of this. I didn't think anyone got through though. It could also be a hack to this particular version of phpBB. I will get to the upgrade soon, though now that I think some users may have been compromised, might want to start fresh.
well i changed my password as a precaution allthough as far as i can see im unaffected atm.
Good advise to passwords is using numbers + letters preferably with case changes (makes them somewhat harder to crack) but also a bit harder to remember, so keep your logins on a paper and far away from anything with network access.
Unless the hacked accounts have had there passwords changed this might be enough else the affected users might have to register anew and PM the board admin that there previous acc has been compromised.
If the server is clean one could simply fiddle with all password hashes so no one could login anymore but would have to create a new password. Dunno how phpBB2 handles this but newer forums surely do reset passwords instead of mailing the user his current one.
If you need a backup place i got plenty space on my PC feel free to email me. I will keep the drive disconnected untill needed so as to avoid anyone messing with the content.
nice.. me either. If we do start fresh, i may change my user name.