+- Drunkard's Walk Forums (http://www.accessdenied-rms.net/forums)
+-- Forum: General (http://www.accessdenied-rms.net/forums/forumdisplay.php?fid=1)
+--- Forum: Fenspace (http://www.accessdenied-rms.net/forums/forumdisplay.php?fid=12)
+--- Thread: Compromised Account on Wiki (/showthread.php?tid=14862)
Compromised Account on Wiki - Bob Schroeck - 04-01-2025
I just discovered that someone using BlackAeronaut's account on the Fenspace Wiki has posted a page containing 300K of what looks like link spam, including some very suspicious-looking links at the back end. It definitely doesn't belong on the site, and I have concerns that his account may be compromised.
Since I have the privileges to do so, I'm going to temporarily block BA's account; I will also delete the page in a few hours -- it's been there since 3/11, it's not going to hurt to leave it up long enough for someone else to look at it and tell me that I'm off base about it (as unlikely as I suspect that to be).
RE: Compromised Account on Wiki? - Bob Schroeck - 04-01-2025
Oh, god, never mind, I just looked back longer than 30 days. Someone's definitely hijacked his account and has been using it for spam.
EDIT: Okay, I'm deleting a mass of spam pages. I've looked back more than half a year, but it appear that it only started on February 4. Thankfully.
EDIT 2: Correction. Recent Changes apparently won't show me further back than three months or so, regardless of how many days I ask it to give me. Looking at BA's contribution history shows that the spam began on September 24, after his account had been moribund for 13 years.
RE: Compromised Account on Wiki? - robkelk - 04-01-2025
Oh, dear. I haven't logged into that wiki for at least that long, either. (And I've forgotten my password there, too.)
EDIT: No, Special:Contributions says I was on in 2020. But I've still lost my password... which means it went away when I lost my hard drive during the pandemic.
RE: Compromised Account on Wiki? - Bob Schroeck - 04-01-2025
Okay. Nuked nearly 250 pages, almost all of them with content that strongly suggested they were intended to funnel the terminally stupid, foolish or innocent to some manner of malware sites, with the later ones blatantly appealing to flat-out illegal goals (allegedly pointing to "generators" that would create working Hulu, Uber Eats or Apple gift cards, for instance).
I then checked every other user's contribution history. Fortunately, we only had 23 or so other users who actually had made contributions to the wiki. BA's account was the only one compromised.
RE: Compromised Account on Wiki? - Dartz - 04-01-2025
I've let him know just in case he tries to log in, or gets a surprise email and thinks he's gotten another kick in the teeth.
That said - last time I looked at recent edits a few weeks back I didn't see anything. Weird.
RE: Compromised Account on Wiki? - Bob Schroeck - 04-01-2025
Thanks for that. I set the block message to tell him that the account was compromised should he attempt to log back in, but good to let him now directly.