Hacker issue?
- Points: 39
Snaga
Posts: 19
Joined: Sat Nov 29, 2025 4:55 am
FYI: I have been emailed by someone pretending to be an admin from the plaza trying to scam me.
- Points: 3 817
Mahal
Posts: 3173
Joined: Wed Aug 05, 2020 3:32 pm
Hi @Uruloki - It wasn't me. But I wouldn't trust Mugra, hahaha. Just kidding.
Thanks for letting us know. We are looking into it. Our apologies for any inconvenience.
Thanks for letting us know. We are looking into it. Our apologies for any inconvenience.
The world was fair in Durin's Day.
- Points: 3 817
Mahal
Posts: 3173
Joined: Wed Aug 05, 2020 3:32 pm
By the way, did this person invite you to brunch?
The world was fair in Durin's Day.
- Points: 2 817
New Soul
Posts: 3091
Joined: Thu Sep 02, 2021 6:24 am
I get constantly scamming emails on my hotmail. So I am ditching it. That is since Odido, former T-Mobile, in Holland was hacked last year. In the change of providers I lost my access to Discord, and Yahoo as well. I have been going through a kind of digital nightmare. There are serious hackers issues going on the internet.
Just call me Aiks or Aikári. Notify is off.
Find me stuff in Gondolin.
And let us embark to Valinor!
Find me stuff in Gondolin.
And let us embark to Valinor!
- Points: 214
Chef
Posts: 680
Joined: Sun Apr 19, 2020 8:08 am
Thanks for the report @Uruloki. Would you mind forwarding the email you received (not replying!) to our (real) admin email address? That address is: admins [at] lotrfanaticsplaza [dot] com.
And of course as a general reminder for anyone else encountering something like this, please don't click and links or reply to any suspicious emails claiming to be from Plaza admins. If you're unsure you can always ask here, or send the actual plaza email address a message, or reach out on discord if that's an option for you.
And of course as a general reminder for anyone else encountering something like this, please don't click and links or reply to any suspicious emails claiming to be from Plaza admins. If you're unsure you can always ask here, or send the actual plaza email address a message, or reach out on discord if that's an option for you.
- Points: 39
Snaga
Posts: 19
Joined: Sat Nov 29, 2025 4:55 am
I have forwarded you to email, it was no bother to me but I thought it best to tell you.
Drifa I would have accepted any brunch invite without hesitation if you ever want to scam me
Drifa I would have accepted any brunch invite without hesitation if you ever want to scam me
- Points: 214
Chef
Posts: 680
Joined: Sun Apr 19, 2020 8:08 am
Thanks for forwarding it, I think I've figured out what happened here:
- You "subscribed" to the Mordor forum (I did not know this was a feature of my own website until just now to be honest with you, but I can see the option in the forum footer now, and per the DB you do have a subscription enabled on that forum)
- A standard-issue run of the mill spammer signed up and posted some CashApp stolen pin BS thread in Mordor
- Because you're subscribed, our email system helpfully sent you an email telling you about this exciting new thread in Mordor called SEND ME YOUR STOLEN PIN ATM CASHAPP or whatever
- One of our amazing admins deleted the actual spam thread quickly so no evidence was left aside from the auto-email to you
So in this case, looks like no hack, just regular spam + phpbb features being less than totally useful :)
However, in the process of looking into the email itself I did find some misconfigured policies that could in theory allow more sophisticated attackers to spoof our plaza email (since at first I thought that's what was going on..). I've fixed that up so we should be proactively safe from such things going forward. So many thanks for bringing this up, you may have saved us all from some future headaches with this!
- You "subscribed" to the Mordor forum (I did not know this was a feature of my own website until just now to be honest with you, but I can see the option in the forum footer now, and per the DB you do have a subscription enabled on that forum)
- A standard-issue run of the mill spammer signed up and posted some CashApp stolen pin BS thread in Mordor
- Because you're subscribed, our email system helpfully sent you an email telling you about this exciting new thread in Mordor called SEND ME YOUR STOLEN PIN ATM CASHAPP or whatever
- One of our amazing admins deleted the actual spam thread quickly so no evidence was left aside from the auto-email to you
So in this case, looks like no hack, just regular spam + phpbb features being less than totally useful :)
However, in the process of looking into the email itself I did find some misconfigured policies that could in theory allow more sophisticated attackers to spoof our plaza email (since at first I thought that's what was going on..). I've fixed that up so we should be proactively safe from such things going forward. So many thanks for bringing this up, you may have saved us all from some future headaches with this!
- Points: 3 817
Mahal
Posts: 3173
Joined: Wed Aug 05, 2020 3:32 pm
@Uruloki , deal! 
The world was fair in Durin's Day.
- Points: 39
Snaga
Posts: 19
Joined: Sat Nov 29, 2025 4:55 am
Cool. Good work 
