Increase in hacked accounts posting advertising content

[Camel]

1. Install Authy on your phone

2. Every month, Codex tells you to enter the code from Authy

3. Enter the code from Authy

4. Go back to 2.

Me trying to use this advice...

I had exactly the same phone at home.

 

[†††]

Just use different usernames and passwords on every site and have a healthy selection of emails to register. Using 2FA is cucked beyond belief, I seriously hope you guys don't do this.

 

[Black Plague]

It is Soros.

 

[Zlaja]

I never pull out log off.

 

[Konjad]

Nobody's gonna steal my password. Even I don't remember what it was.

 

[ERYFKRAD]

Nobody's gonna steal my password. Even I don't remember what it was.

Probably: Gib pls thx

 

[Melcar]

You would think all the millions of $$$ in Codex simp donations would afford top notch forum security and service reliability.

 

[CHEMS]

You would think all the millions of $$$ in Codex simp donations would afford top notch from security and service reliability.

Codex can't stop dumb people from clicking in weird links that promises you a bigger wang

 

[Infinitron]

Add Meme Knight to the list.

I remember Musaab i think, definitely not a plant, proper user. So yeah, most likely hacked accounts (if not a coincidence).

Perhaps you can if possible 'freeze' the accounts, but not delete them? In case the rest of them have been hacked too; sooner or later, we all return to the codex after all.

We're banning these users, not deleting them. If they care, they can contact us and ask to be unbanned after securing their accounts.

 

[King Crispy]

Nobody's gonna steal my password. Even I don't remember what it was.

Probably: Gib pls thx

My guess would be: "I<3CrispySoMuch69!"

 

[mediocrepoet]

Nobody's gonna steal my password. Even I don't remember what it was.

Probably: Gib pls thx

My guess would be: "I69CrispySoMuch<3!"

Ftfy

 

[†††]

Crispy be like "How can I make this thread about myself?"

 

[Ontopoly]

I can only hope that one day after I'm sick enough of this place that i leave forever my account can continue to make even a single person here even slightly inconvenienced. If the account was able to scam someone of their life savings? Even better

 

[throwaway69420]

pls sirs do the needful and be of deposit 50.0 $ into my account to debt correction thank you ! Or IRS arrest you in 5 days !!

 

[Bigg Boss]

Since the start of this year, we've noticed an increasing number of accounts of users posting out-right advertising content. Usually the accounts are a bit older (a few years) and haven't posted for a while since their registration.

Accounts affected so far:
Bishamonten (visit website and win smartphone!)
Ghost Creations (best crypto pumps on telegram Make 1000% and more within 1 day, join channel)
OrcHeart
Musaab
Torian Kel
YanBG

It's possible they're some kind of long-term advertising strategy but we highly suspect these users use the same username / password combo on other websites which have been hacked, and bots are trawling the web for their accounts and trying to log in with them to post advertising content.

We encourage people to enable 2 factor authentication before your account ends up advertising crypto, or whatever the latest ponzi scheme is the cool kids are getting into these days. And also don't re-use passwords you nubs.

This isn't related to yesterday's down-time. We haven't been hacked in any way.

This is happening at NMA too so I guess they learned a new method.

 

[Melcar]

It happens on many boards. A couple that I also frequent had a similar problem a few months ago. People would come back from the dead and spam with advertisements. Spam zombies.

 

[OSK]

My guess would be a reverse brute-force attack.

You take a list of common passwords and then iterate through all the users trying those passwords on each account. You're bound to get a few idiots on any decently sized message board.

 

[LostHisMarbles]

Spam zombies

Of so many variants.. already.
Give it another decade and we'll make Huxley look like an optimist.

 

[Tarkleigh]

I can only hope that one day after I'm sick enough of this place that i leave forever my account can continue to make even a single person here even slightly inconvenienced. If the account was able to scam someone of their life savings? Even better

I am sure pictures of your butthole will play a role in this scheme

 

[Jonathan "Zee Nekomimi]

I can only hope that one day after I'm sick enough of this place that i leave forever my account can continue to make even a single person here even slightly inconvenienced. If the account was able to scam someone of their life savings? Even better

I am sure pictures of your butthole will play a role in this scheme

 

[LostHisMarbles]

By the way, just saw this: https://www.techspot.com/news/97325...unts-breached-credential-stuffing-attack.html
Now that's scary. Fortunately however -according to Paypal- they only took names, births, social secs, cc details and emails! Phew!

* Seriously:
i) one email, one registration. Always. New registration anywhere, anywhere else? New email.
ii) emails' names and passwords cannot contain names, hints, habbits or items that can link to our real person.
iii) different email, different name, different password; i mean different, not marbles1@mymail.com and marbles2@mymail.com
iv) never use same pass (say for email here, website there)
v) use the password logic i outlined before.
vi) if until now you've been a retard, change your basic email now. At the cost of then changing it everywhere yes, but.. you follow the above, you're in for that anyhow.

Don't be a lazy Panamerican, don't trust randoms with your credentials because bacon(TM).
And wheel chairs for fat people, how could i forget. Also weapunz, such shooting, much freedom.

** lazy Panamericans also tend to go to websites "checking" your email, in order to tell you if it's been "used" or "leaked" in the wild. Do not do that, lol. See above about trusting randoms.

 

[Ontopoly]

I can only hope that one day after I'm sick enough of this place that i leave forever my account can continue to make even a single person here even slightly inconvenienced. If the account was able to scam someone of their life savings? Even better

I am sure pictures of your butthole will play a role in this scheme

Way better positioning than I i had. Next one i post will be more like this, I promise

 

[rusty_shackleford]

Guide for setting up TOTP locally:
https://rpgcodex.net/forums/threads/how-to-setup-2fa-on-your-desktop.139952/

you can skip the QR code part because codex provides the key needed directly, just copy-paste it

 

[Ontopoly]

Not setting up 2fa because I'm not a faggot

 

[Taluntain]

Guide for setting up TOTP locally:
https://rpgcodex.net/forums/threads/how-to-setup-2fa-on-your-desktop.139952/

you can skip the QR code part because codex provides the key needed directly, just copy-paste it

If you just want to set up 2FA on the forums here, it's not nearly as convoluted as in rusty's guide. It's basically this:

The Comprehensive Guide to Avoiding Getting Your Codex Account Hacked:

1) Enable 2FA: https://rpgcodex.net/forums/account/two-step
2) Install Authy on your smartphone and add the Codex.
3) ????
4) PROFIT!!!!

Don't use the e-mail option, it's less secure and prone to issues for some reason. Install Authy.

 

[rusty_shackleford]

Guide for setting up TOTP locally:
https://rpgcodex.net/forums/threads/how-to-setup-2fa-on-your-desktop.139952/

you can skip the QR code part because codex provides the key needed directly, just copy-paste it

If you just want to set up 2FA on the forums here, it's not nearly as convoluted as in rusty's guide. It's basically this:

The Comprehensive Guide to Avoiding Getting Your Codex Account Hacked:

1) Enable 2FA: https://rpgcodex.net/forums/account/two-step
2) Install Authy on your smartphone and add the Codex.
3) ????
4) PROFIT!!!!

Don't use the e-mail option, it's less secure and prone to issues for some reason. Install Authy.

I don't like smartphones

took me about 15 seconds to setup 2fa here using my method