★ the saltmaster extraordinaire

I'm honestly amused that even Dreamwidth (slow, small, homely Dreamwidth) ended up with spam-bots. I realized something was up when I got followed by two accounts out-of-the-blue, a few days ago.


One was completely empty, but the other one had clearly been an active fannish account at one point, many years ago. I got suspicious when I saw that both accounts had links to Russian sites in their bios (spun up a quick virtual machine and clicked on one of them out of curiosity, got redirected to a shady adult site, though thankfully nothing worse). I banned both accounts from my journal.




What's interesting to me is that, as can be seen in the screenshots from these profile pages, I suspect that both journals were once legitimate ones -- certainly I wouldn't expect Russian spammers to make a bevy of accounts in 2010 and then just sit on them. It only serves to confirm what denise said in this post in the dw_news community, that this is a case of people's genuine accounts getting hijacked. What I'm still unclear on is what other site got hacked to facilitate this. My guess is probably LiveJournal, for it to be a case where people's fannish usernames and and passwords could be so easily matched across sites. It would also explain why the affected accounts seemed to be roughly ten years old, from back when people still frequented LJ and DW in almost equal measure, before the mass-exodus / mass account-deletion of 2017.

EDIT: I recommend the use of a password-logging service such as LastPass (the one I use), since "a unique password for every site" is easier said than done without such a little program. The most important part is to keep your master-password safe and to make certain you always keep track of it. I have it written down on a piece of paper and locked in a drawer next to my bed.