Winnipeg

I checked a few sources and the email from the account does show up as having been breached from Zanga Gaming, so they likely used the same password here as on that site. Doesn't really matter now as we've blocked up the account. Thanks for reporting the links.

I've removed the two status updates and banned the IP they came from (Latvia. User had previously never connected from Europe, never mind Latvia). I've also disabled the user's ability to post status updates. Does anyone know @antahbrantahstan? He hadn't been active since 2016 so I'm thinking I might just reset the password to something random.

Let me think about that one. I had looked at building my own a few years ago but never got around to it. The first 2 Plugins are for different forum software so don't really help us here...and the last one is for Invision, but doesn't list the current version as compatible and hasn't been updated since 2018.

Well, they're still at it, so that entire IP Block is now blocked at the firewall. Hope it wasn't anyone too important at Huawei International Pte. Ltd.....

...There sure are alot of guests from Singapore visiting the site right now after the upgrade...maybe I should block that IP range.

Alright, think I'm done fiddling with this. We get an A on our HTTPS report now, so I'm happy. https://www.ssllabs.com/ssltest/analyze.html?d=www.westpacific.org

Main upgrades complete. Might be some quick blips later, as I test a few other things, but should be good. Hoping this will help the forums be a little faster now.

I will be performing backend maintenance later today, so expect some downtime as I upgrade the server.

He keeps trying....I've banned a few of the IPs now from there...all DHCP so it's probably not going to help...I may have to ban the IP Range from that ISP completely. I'm going to add his IPs to the firewall on the server as well, as I think the login page still renders if I ban an IP. If you find your account locked out, you should be able to try again in 15 minutes as it will auto unlock (provided numbnutz doesn't keep hitting it).

Has been banned, but it's a DHCP Address in Iowa, so it will likely return as a new IP at somepoint. You weren't the only account it attempted to login as. Thankfully the forum software's lockout/autounlock does it's job in preventing a true brute force attack, as it maxes out at 3 attempts.

Ok, has been restored...although gotta say, it looks pretty bare... This what it was supposed to look like? Would have been done sooner but right after I posted my internet decided to crap out.

Yeap, I can go back another 6 hours.

I've restored it from the 6am UTC backup, but I'm not sure if that got all the edits...

Not directly. I'm looking at standing up a temporary database to extract the post before it was edited last night. See if I can't restore it correctly, as Bran sent me a message last night about it.

All done.