Regarding the wave of spam lately, from the Staff forum:

Ok I did some more research on the link "https://t.me/pump_upp" and other platforms (non-vbulletin) are being spammed also using existing accounts. The consensus is that a data breach happened on some site and that the usernames and passwords were posted somewhere. Therefore it's possibly being caused by users reusing their passwords (and maybe usernames) across different sites.

Thus my proposal is to set vbulletin to require passwords be reset and changed (an option I mentioned above). I suggest we do this on the Registered Users and Registered Users Newbies groups (one time only, unless the spam issue comes back).

For the Admins and Moderators, make sure your password is strong and not reused on any site.

I set all Registers users and Registered Newbies passwords to expire 15 days after they last logged in. I apologize for the inconvenience, but I see no other solution. This is the same solution that was done for about 40 million other forum users on various sites. In 14 days, I'll put it back to passwords not expiring. Per a post on vbulletin.org, this should get most users to change their password.

Please use a strong password with at least one number and uppercase character. Don't reuse it on another site.

xavier242

I just changed my password recently, yesterday or the day before. Will I need to change it again?

I got this nice warning that my password was 6,633 days old, give or take. Shows how often I change it.

I just changed my password recently, yesterday or the day before. Will I need to change it again?
Heh, you're probably 1 of 10 members that have ever changed their passwords. :)

I'm putting passwords back to not expiring in 14 days, so you may be ok if you don't logout.

This won’t affect spammers. It is simply a burden for users of the site. Shame :disbelief

Perhaps it would be a good idea to turn on ssl for this vBulletin site. My password manager is making all kinds of complaints.

Regarding the wave of spam lately, from the Staff forum:

I set all Registers users and Registered Newbies passwords to expire 15 days after they last logged in. I apologize for the inconvenience, but I see no other solution. This is the same solution that was done for about 40 million other forum users on various sites. In 14 days, I'll put it back to passwords not expiring. Per a post on vbulletin.org, this should get most users to change their password.

Please use a strong password with at least one number and uppercase character. Don't reuse it on another site.

xavier242
Thanks for the info. I changed my password. What happens when someone doesn't change their password in time? Do they still have a chance to get back in?

Thanks for the info. I changed my password. What happens when someone doesn't change their password in time? Do they still have a chance to get back in?
I'm not sure as we've never done this before. I would think you'd just be prompted the same way (password reset web page). In any case, the admin can email you a temporary password.

Hello,
I have been locked out of my account (because my old email is no longer in use).
cannot reset password - because it goes to my old "[email protected]" account that is no longer in use. Old acct is locked up with the password GUI that says 2535 days since pw was reset.
I cannot message or access anything. when I try to change email in my profile, it just glitches. will not take the 8-digit password that I log in with. However, that 8-digit pw gets me on just to see the pw GUI.

Paddington-James was NO HELP AT ALL!!
Gave him copious notes on the situation.
Paddington says you cannot change email for me because [email protected] is in use. (for the new 'tobynator' account obviously, how else can I get through??)

some folks just want to do the modicum and leave it to others to actually get something done.

So yes, I couldn't contact TTD or anyone on site, which made me decide to try opening a NEW ACCOUNT just so I can contact you guys. FYI, you cannot reply message with "newbie" status.


1. can YOU reset password and email it to me at [email protected] ?
(for my 'tobinator' old account I've had for 20 years).

2. or Can you just update email on old 'tobinator' account to [email protected] ?
we could delete the EMAIL and account for "tobynator"(new account), then my other email [email protected] would be freed up.


Not sure that Paddington knew what I meant when I said there's a "catch-22" situation here.

I have loved and advocated for this site to all my fellow recording engineers/musicians/historical archivists.
Will glady donate $$ again if you can help me get things right. would love to have old account back!!

exhuasting, I know :)

Thanks,

TOBY

Hello,
I have been locked out of my account

Let me see what I can do. As I can directly edit the database, the Admin control panel limits are meaningless.

xavier242

Let me see what I can do. As I can directly edit the database, the Admin control panel limits are meaningless.

xavier242

tobinator,
With the info in the email I sent you, you should be able to get into your old account and create a new password. I also changed the email to your new one.

I apologize for the trouble some members have had, but at least the spam seems to have stopped.

Hi

My friend (username: cloé420) was asked to change his password on the next page, so he clicked and gets 404 Document Not Found error.

He can't change it, please can someone help him?
I can let an admin know his email address if needed.

Many thanks,
D

Hi

My friend (username: cloé420) was asked to change his password on the next page, so he clicked and gets 404 Document Not Found error.

He can't change it, please can someone help him?
I can let an admin know his email address if needed.

Many thanks,
D

I set a temporary password and emailed cloé420 instructions.
If anyone gets a 404 error, please copy and save the address, and post it in this thread after your password issue is resolved.
The address should also be in your browser history. Knowing it might help to fix whatever is causing it.

Only 5 members have needed help resetting their password, so it's not a widespread issue. I tried the password change on several test accounts and had no issues, so I'm curious how it's happening.

Thank you xavier242 for your help, he is able to login now :)

The 404 error I had was http://www.thetradersden.org/profile.php?do=editpassword but then when I changed from Safari (on my Mac) to Firefox on my virtual Windows machine, I was able to use the link without any difficulty.

The 404 error I had was http://www.thetradersden.org/profile.php?do=editpassword but then when I changed from Safari (on my Mac) to Firefox on my virtual Windows machine, I was able to use the link without any difficulty.

Thanks! That address is incorrect.

The correct address is:
http://www.thetradersden.org/forums/profile.php?do=editpassword

I didn't find it in the database and the php code doesn't tell me how it's created. There's nothing online about this bug. I sent U2Lynne an email, but we go back to passwords not expiring in 30 hours, so the bug may stay as is.

Mr. Clumpy,
Did you get the 404 link when visiting TTD or was it sent via email? We're trying to determine how it was generated.

Thank you for any help you can provide.

I’d love to see the exact message. Can you screen cap it or paste it here?

I have changed the settings back to passwords not expiring. Hopefully the trick worked and we'll not see spam again (via that vector).

http://www.thetradersden.org/forums/showpost.php?p=3228189&postcount=1

This won’t affect spammers. It is simply a burden for users of the site. Shame :disbelief

It made a huge difference in the amount of spam.

I'm trying to log in on my other laptop and it's not letting me and it's not sending the password reset email, tried it twice, nothing

I'm trying to log in on my other laptop and it's not letting me and it's not sending the password reset email, tried it twice, nothing
I reset your password and emailed it to you. I also included the working change password web page link.

My friend is having issues with his account, hoping someone can help.
https://www.sjmike.com/images/leo1.jpg
https://www.sjmike.com/images/leo2.jpg

My friend is having issues with his account, hoping someone can help.

The Admin control panel said his account was in the Users Awaiting Activation Email group. I changed it to the Registered Users group. Have your friend try to access the site now. I don't know why he would have been in that group, being a member since 2007.