I've been studying the headers - they are almost completely forged. It's not going to do much good tracking the authors.

The real issue is how did they get our addresses.

Yesterday I changed my profile to a new R'osity specific address. I have received over a dozen forum ebots since, but no spam on the new address.

I have received 5 spams on the old address. Remember that one was the address I used when I made my first-ever purchase.

I think those of you who are getting spam should pick a new address, perhaps make one up through spamgourmet.com as I did. Don't make any purchases. If you still get ebots but no spam on the new address, that's going to be interesting. If you intend to make a purchase, try using yet another new address just for the purchase. Then switch back to your #2. If you get spam on #1 and #3 but not on #2, that will be very very interesting.

Personally, I'm not going to make a purchase just to test the behavior, but if you're going to buy something anyway, it might be worth a few extra minutes.

And a question for the admins - when you say you made new accounts, did you make really altogether new renderosity accounts - meaning no way to tell they are administrator accounts? You might even have to do that from new IP addresses.

A smart hacker could have put a back door in your marketplace that collects email notifications of people who have money (i.e. are clearly buying things), but would make some effort not to spam an administrator.

---

Renderosity forum reply notifications are wonky. If I read a follow-up in a thread, but I don't myself reply, then notifications no longer happen AT ALL on that thread. So if I seem to be ignoring a question, that's why. (Updated September 23, 2019)