|
Just to add another possibility to think of.
I moderate and am an admin on another forum and at one time we were having problems with spambot attacks. Basically they were trying to harvest user accounts to spam with.
The attack (And it was apparently pretty common world wide at the time) was a brute force attack which would try to log in under user names harvested off the forum as a guest using random passwords. After a number of failed log in attaempts a lot of forum software will then automatically log out that user from all sessions so the real user finds themselves logged out.
The only symptom to the users was constant log outs, every time you went to post you found that you had been logged out again, it was down to a couple of minutes (Small forum so the same users copped it over and over) The only other sign was buckets of log in attempts in the admin logs from a group of IP addresses. If they managed a log in, who knows what they would have doen from there, we never found any accounts that had actually been compromised as a result of it.
|