It looks like you're new here. If you want to get involved, click one of these buttons!
Subscribe to our Patreon, and get image uploads with no ads on the site!
Base theme by DesignModo & ported to Powered by Vanilla by Chris Ireland, modified by the "theFB" team.
Comments
I am hopefully covered by PayPal Buyer Protection. Will be able to confirm that in the next few days I think but I've flagged it to them and they've said I will be covered. That should make the target just the amt for the LP.
And it's not like closing the thread is protecting suhrtone from abuse or a pile on etc as its clearly not the original account owner in control anymore, plus whoever is is a nasty piece of work.
I've scanned the logs and compared the code with all known Vanilla vulnerabilities, and I can't find anything which suggests the forum (or our hosting) was the source of the compromise (assuming the account was compromised in the first place, rather than suhrtone deciding to come back after a few years and start scamming people) - the user hit the sign-in page already knowing the correct password for the account. This is the second time this has happened in a couple of months, with the exact same pattern of behaviour - there just isn't any defence against somebody knowing an account's password.
At this point, I'm in the awkward position of being forced to assume the source of the breach was external, unless any further information comes to light.
I've taken some steps to at least limit what's possible, should this happen again (if anyone wants to know what they are, PM me - as @Roland says, I don't want to advertise it).
For now, my advice to everybody would be:
1 - Change your password to something that you've never used before. Password managers are good for that, and I believe most browsers have a reasonably good password generator built in.
2 - Check out the profile of anyone you're dealing with - if their posting behaviour's changed recently, or they haven't posted in a long time only to come back with sales only at crazy-good prices, move on or ask us to check them out.
3 - Always, always, always use PayPal buyer protection unless you've dealt with them successfully before, and they're using the same PayPal details.
4 - If somebody says they're using a family member's PayPal account, or they're suddenly wanting payment in a different currency...ditch the deal. It's a scam.
5 - If anything seems suspicious, or you feel even slightly squicky about it...move on.
https://haveibeenpwned.com/
How accurate are sites like haveibeenpwned.com? I regularly check to see if my email address comes up, though to be honest I honestly don't know how much I should ''trust'' these sites search results or if I should trust them at all.
it would show the strength of community if people are able to help. Link in OP
Win a Cort G250 SE Guitar in our Guitar Bomb Free UK Giveaway
PayPal have opened the case against them on my behalf - and have said I’m covered by Buyer Protection. Just have to wait to see how they respond by Jan 9th and see how this progresses I guess. I said I wasn’t the only victim and they’ve referred the account(s) to their ‘relevant team’ whatever that actually means but I guess they’ll do what they can to stop them using PayPal going forward.