PDA

View Full Version : Account locked?


Pages : [1] 2

AsukaValentine
03-28-2012, 02:54 PM
Hello
I started receiving this e-mails 5 minutes ago, I received at least 30 messages:

Dear AsukaValentine,

Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 218.213.90.92

Don't forget that the password is case sensitive. Forgotten your password? Use the link below:
https://vborg.vbsupport.ru/login.php?do=lostpw

All the best,
vBulletin.org Forum



With differents ip but the same e-mail.
It's someone trying to steal my username?

--------------- Added 1332950270 at 1332950270 ---------------

Some of the IP:
118.96.151.110
83.111.38.131
50.57.175.29
62.201.209.16
217.218.104.6
203.81.40.239
201.212.191.93

And many more...
The first mail its from 17.51 (in Spain) and don't stop!

AshAbed
03-28-2012, 03:05 PM
I am currently receiving the same e-mail repeatedly. I haven't signed on to the site in a while, but it seems that someone is also trying to hack my account.

I received the e-mail 51 times in 16 minutes.

Lynne
03-28-2012, 03:06 PM
They did this last year also - Yesterday's brute force attempts at password hacking (https://vborg.vbsupport.ru/showthread.php?t=264376)

Please make sure you do not use your username as your password. :)

vbenhancer
03-28-2012, 03:09 PM
... do not use my username either, it will be troublesome, i break computers in my spare times... rofl

AsukaValentine
03-28-2012, 03:17 PM
Thanks! It stopped a few minutes ago. I'm not using my username as a password XD, but I'm going to change it again.
Today I received a similar e-mail from instagram too and I'm a little paranoid :___D

vbenhancer
03-28-2012, 03:48 PM
be paranoid, it's the best way to keep your accounts viable... a letting-go attitude would open too much freaky doors to pirates.

20paws4awd
03-28-2012, 05:12 PM
I am getting these emails as well.

The person trying to log into your account had the following IP address: 109.73.65.24
The person trying to log into your account had the following IP address: 119.2.49.51

my password is pretty secure, letters numbers, caps and such

Arkham
03-28-2012, 05:16 PM
I am getting these emails as well.

The person trying to log into your account had the following IP address: 109.73.65.24
The person trying to log into your account had the following IP address: 119.2.49.51

my password is pretty secure, letters numbers, caps and such

I got the same one, for IP 109.73.65.24.

Alan_SP
03-28-2012, 05:17 PM
Same here for me too:

The person trying to log into your account had the following IP address: 109.73.65.24

Obviously someone is trying to attack vBulletin community.

ForceHSS
03-28-2012, 05:19 PM
These ip's are from known spam bots must be something new they are trying

Boofo
03-28-2012, 05:23 PM
I got the same one, for IP 109.73.65.24.

I just got one with the same IP also. This is the first time this has happened for me.

Paul M
03-28-2012, 05:26 PM
We get them every so often, and the software does what its designed to do and locks the account for a small period of time.

Brandon Sheley
03-28-2012, 05:31 PM
just got this..

...
Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 109.73.65.24

....

first time locker for me :o

Arie
03-28-2012, 05:34 PM
I got two today.

186.88.141.224
109.73.65.24

BirdOPrey5
03-28-2012, 05:42 PM
I also am getting the lockout notice. Good thing I never log out.

If your password id a good password you have nothing to worry about- the vBulletin software and the 15 minute lockout prevents "brute force" attacks from being successful.

They are probably trying the 5 most common password such as:

1) your username
2) password
3) 1234
4) 12345
5) 123456

If you password is any of the above (or close to it) you should change it to a real password ASAP.

Boofo
03-28-2012, 05:47 PM
Whew! Good thing I use passwrod for my password. ;)

AFemaleProdigy
03-28-2012, 05:50 PM
Same here. Twice so far. 115.124.77.49 and 109.73.65.24

Crimm
03-28-2012, 05:54 PM
I'm getting the same thing. I'm glad I found this. Sorry to the webmaster for the extra email spam :)

AFemaleProdigy
03-28-2012, 05:56 PM
Whew! Good thing I use passwrod for my password. ;)

Lol!! These losers need to get a life. Or a real job. I was just blogging yesterday about how scammers are targeting web developers now. It is ridiculous the various ways people have tried to scam me over the last few years.

Damsella
03-28-2012, 05:59 PM
I just got it from 109.73.65.24. That's a spanish IP address, apparently.

Boofo
03-28-2012, 06:07 PM
I just got it from 109.73.65.24. That's a spanish IP address, apparently.

Nope, that is a UK IP.

vbenhancer
03-28-2012, 06:14 PM
no matter what country it is... he is not hacking my account, i'm fine... ROFL

Boofo
03-28-2012, 06:22 PM
Only because they haven't gotten to the letter V yet.

billstelling
03-28-2012, 06:35 PM
109.73.65.24
add that one to the list.. I got the same email at 2:15 today.

Bro_Joey_Gowdy
03-28-2012, 06:39 PM
The person trying to log into your account had the following IP address: 109.73.65.24

Lombardo
03-28-2012, 06:42 PM
I'm getting these also.

Lynne
03-28-2012, 06:42 PM
I'm getting the same thing. I'm glad I found this. Sorry to the webmaster for the extra email spam :)
You, and 100 others (so far), have decided to let the vb.org webmaster know about this. Just a note to people, but I am not going to reply to all of you, sorry.

I've banned a couple of IPs for now also.

Bro_Joey_Gowdy
03-28-2012, 06:46 PM
You, and 100 others (so far), have decided to let the vb.org webmaster know about this. Just a note to people, but I am not going to reply to all of you, sorry. I've banned a couple of IPs for now also.

Good to know, thanks for being vigilant concerning thisl :cool:

010081
03-28-2012, 07:03 PM
i guess i was the among the first to get that email today as my username starts with 010081....

Anseur
03-28-2012, 07:21 PM
same email about account lock, also from the 109.73.65.24 IP.

Chickenpotpie
03-28-2012, 07:24 PM
Same here. IP Address is 109.73.65.24

-CPP

Devil_Dog
03-28-2012, 07:33 PM
Ditto. 109.73.65.24

JacquiiDesigns
03-28-2012, 07:46 PM
Only because they haven't gotten to the letter V yet.

Bahahaha - Dude you are HILARIOUS https://vborg.vbsupport.ru/

Crimm
03-28-2012, 08:12 PM
You, and 100 others (so far), have decided to let the vb.org webmaster know about this. Just a note to people, but I am not going to reply to all of you, sorry.


Yeah sorry about that. I jumped the gun when I saw the message and thought I better let someone know. :)

carsafety
03-28-2012, 08:43 PM
Yeah sorry about that. I jumped the gun when I saw the message and thought I better let someone know. :)

Thanks- another IP to log if not listed already:

The person trying to log into your account had the following IP address: 109.73.65.24

blind-eddie
03-28-2012, 08:51 PM
I sent an email about this also Lynn, sorry I did not look at new post first.
I love spammers....

Cromulent
03-28-2012, 10:31 PM
Same has happened to me from this IP: 109.73.65.24

acco
03-28-2012, 11:03 PM
2 attempts on my account
88.85.125.76
109.73.65.24

Big Al
03-29-2012, 01:36 AM
The person trying to log into your account had the following IP address: 109.73.65.24

5 attempts on me : a search reveals this Ip user has many hacking attempts.

I have sent an abuse report to abuse@redstation.com

I think we should all report these hackers as soon as we know about them.

The hackers of decent members and those who support them are among the lowest creatures on earth.

belowthebelt
03-29-2012, 04:47 AM
5 attempts on me : a search reveals this Ip user has many hacking attempts.

I have sent an abuse report to abuse@redstation.com

I think we should all report these hackers as soon as we know about them.

The hackers of decent members and those who support them are among the lowest creatures on earth.

You can also report to abuse@ripe.net
This is the company that distributes IP's to Redstation, I reported to them both

DanHamilton
03-29-2012, 05:21 AM
Well, This has happened to me...
Just banned every IP In the thread from my server and going to check It often.

Hope this gets sorted out.

almannai
03-29-2012, 05:29 AM
Add me to the list
109.73.65.24

doctorsexy
03-29-2012, 07:22 AM
Me to...109.73.65.24

Bulent Tekcan
03-29-2012, 07:25 AM
Same here

The person trying to log into your account had the following IP address: 109.73.65.24

digicom
03-29-2012, 11:26 AM
The person trying to log into your account had the following
IP address: 109.73.65.24

cnredd
03-29-2012, 12:26 PM
Add me to this list for 109.73.65.24...

Info on the IP address...

http://www.ipillion.com/ip/109.73.65.24

Abizaga
03-29-2012, 12:53 PM
Whew! Good thing I use passwrod for my password. ;)

hahahahaha.


I got the email, too, heh heh

doctorsexy
03-29-2012, 01:18 PM
Has anyone who reported this had a reply from rackcentre.redstation.net.uk

about this muppet..

heres who it is http://whatismyipaddress.com/ip/109.73.65.24

Abizaga
03-29-2012, 01:48 PM
from where? It looks like everyones been reporting.

Brandon Sheley
03-29-2012, 02:10 PM
Has anyone who reported this had a reply from rackcentre.redstation.net.uk

about this muppet..

heres who it is http://whatismyipaddress.com/ip/109.73.65.24

I really doubt that's the users real IP
Most likely a proxy...

vbenhancer
03-29-2012, 04:31 PM
actually, redstation IS a proxy provider... :)

Nocturnal222
03-29-2012, 06:17 PM
can someone send me copies of all of the hacker's possible ips? would love to add them on our ban list

DanHamilton
03-29-2012, 07:40 PM
can someone send me copies of all of the hacker's possible ips? would love to add them on our ban list

Or you could go through the thread and ban every IP you see that someone reported...

bleros
03-30-2012, 01:54 PM
:) March 28

The person trying to log into your account had the following IP address: 109.73.65.24

DanHamilton
03-30-2012, 08:19 PM
Nobody has tried to brute force my login account since I banned all IPs I found from this thread.
:)

Hope this passes over soon!

Lynne
03-30-2012, 08:49 PM
Nobody has tried to brute force my login account since I banned all IPs I found from this thread.
:)

Hope this passes over soon!
We are talking about brute forcing the login here on vb.org. There is no sort of banning you can do to stop it, it is something you would need to do on the vb.org server or the vb.org admincp which you do not have access to. Right?!?! :eek:

nhawk
03-30-2012, 08:57 PM
I would bet that most all of the IPs are from kryptservers, rackcentre, svservers, steephost and uk2net.

DanHamilton
03-31-2012, 08:27 AM
We are talking about brute forcing the login here on vb.org. There is no sort of banning you can do to stop it, it is something you would need to do on the vb.org server or the vb.org admincp which you do not have access to. Right?!?! :eek:

One person tried to brute force my account on my forums.

setishock
03-31-2012, 09:13 PM
What are they going to do when they find one? Or several? Or a bunch...

Calystos
06-10-2013, 06:55 AM
First time for me, but had it twice today too.

IP: 216.201.182.164
IP: 113.200.214.44

Sad theres idiots out there with nothing better to do than try an mess with other peoples stuff.

bzcomputers
06-10-2013, 07:20 AM
First time for me too, but unfortunately it was 15 times in the last 12 hours!

A couple this morning one right after the other, then a dozen tonight all within about 10 minutes. Here are all the ip addresses.


2.133.93.210
2.133.94.42
187.20.38.139
125.39.66.149
91.212.124.153
183.62.139.214
91.151.176.95
165.24.10.7
116.236.216.116
74.121.191.133
222.124.19.210
221.10.102.203
113.53.254.124
59.124.2.233
89.218.160.50

clauz
06-10-2013, 09:43 AM
Same here, "Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times"
the adresses:
119.36.87.26
112.5.183.235
223.4.31.172
77.65.19.35
178.137.239.16
202.116.1.148
183.136.146.110
89.218.100.146
189.11.198.141
94.23.29.189
110.139.206.123
89.218.100.106
186.215.126.175
220.132.19.136
109.224.62.197

All confirmed proxy servers.

ChrisTech
06-10-2013, 10:43 AM
123.103.23.106
166.111.132.167
142.54.188.180
94.23.29.189

Yet again. Gotta love it.

CableSux
06-10-2013, 11:58 AM
I've received 49 such emails between 1:47AM and 2:40AM EST today. Does the admin want the IPs? Any advice? I assume there's not much we, as users, can do? Obviously my password is working. Seems kinda stupid that a spammer would want to hack a non-admin's forum account. It's not like they're going to gain access to any money here.

Amaury
06-10-2013, 01:40 PM
Instead of necro-bumping, why not post in this recent thread (https://vborg.vbsupport.ru/showthread.php?t=298910)?

CableSux
06-10-2013, 03:33 PM
Instead of necro-bumping, why not post in this recent thread (https://vborg.vbsupport.ru/showthread.php?t=298910)?

Because this one showed up as the most recent when I looked for a thread.

"Today, 07:43 "

Amaury
06-10-2013, 03:49 PM
Because this one showed up as the most recent when I looked for a thread.

"Today, 07:43 "

Sorry, I was directing that toward this post (https://vborg.vbsupport.ru/showpost.php?p=2427050&postcount=60), the post that necro-bumped it.

Dan!
06-10-2013, 04:21 PM
I have received 27 emails all with different ip addresses in the same instance.

I can post all the ip addresses if you wish to ban them

Edit: just noticed this is a old thread, my mistake.

craigvm
06-10-2013, 05:30 PM
I've had the same emails today too 32 of them i also started a thread about it earlier but it got removed for some reason

Amaury
06-10-2013, 05:43 PM
I've had the same emails today too 32 of them i also started a thread about it earlier but it got removed for some reason

It was merged with this (https://vborg.vbsupport.ru/showthread.php?t=298910) because it's unnecessary to have multiple threads on the same thing.

dodgeboard.com
06-10-2013, 11:42 PM
I just received a gillion of these hack attemps on my username

186.101.41.38
125.39.66.155
177.135.236.245
50.57.231.130
202.118.236.130
118.195.65.248
119.39.152.80
124.237.77.154
217.24.251.46
119.136.28.49
222.124.185.91
86.96.229.68
109.175.8.42
190.102.17.240
119.187.148.81
58.22.151.184
80.65.90.146
91.228.53.28
109.111.160.112
142.54.169.187
89.218.100.146
2.133.92.18
218.29.154.54
117.218.37.18
192.110.163.22
46.16.180.58
177.159.204.90
221.2.80.126
91.98.155.120
211.151.115.16
41.89.130.6
89.218.101.114

Damn, where does someone find all those proxies. And why is my account so important?

Drakah
06-10-2013, 11:44 PM
Same here, got about 30 of them in my email....something is going on

Paul M
06-11-2013, 12:09 AM
Please do not post long lists of IP addresses, it serves no purpose, just fills the thread with long posts.

cincinnatiscoob
06-11-2013, 12:30 AM
Where do we share this information or what is being done as someone has clearly tried to access multiple users info?

dvsDave
06-11-2013, 12:39 AM
I just started getting these emails about 10 minutes ago, I'm assuming that the lockout period is disabled since I was just able to login in the past minute?

Paul M
06-11-2013, 12:45 AM
I believe it only locks out the individual IP, so you could log in ok.

Dukefrukem
06-11-2013, 12:56 AM
So far I've had it 37 time in the last 30 minutes and i have the e-mails to prove it.

202.162.192.252
213.186.122.123
89.218.0.18... (not posting them all)

--------------- Added 1370916187 at 1370916187 ---------------

Up to 45 now. This guy must really like me.

domainmagick
06-11-2013, 01:11 AM
yeah i was able to login and change my pw just for good measure... someone was very persistent...
but hey it reminded me to come back here and look around :p

dodgeboard.com
06-11-2013, 01:28 AM
Please do not post long lists of IP addresses, it serves no purpose, just fills the thread with long posts.

Thought it might aid you folks in blocking certain hacker IP's. Sorry.

dog-tag
06-11-2013, 06:47 AM
3 attacks came from these addresses -
118.175.14.131
125.39.68.226
89.218.100.106

**EDIT** Sorry for posting IPs, but what else can we do?

BirdOPrey5
06-11-2013, 09:42 AM
Just delete the emails and don't worry about it.

Make sure you have a decently secure password. Make sure your password is not your username or 12345 or the word "password" or anything else very common.

Even if it is just lol#101 the chances they figure that out in 10, or 100, or even 500 chances is near zero.

fxwoody
06-11-2013, 10:23 AM
Well, they have tried mine too....23 times lolll

One of the reason why i don't even know my own password over here nor my other 125 ones from different places rofl :)

People, just use Password Safe and make your pass 12 digits with random numbers,letters etc,etc........and it's free!!!!!

Hope they stop tho, it's freaking annoying for the emails :mad:

mikey1991
06-11-2013, 10:47 AM
I got 51 emails from this site this morning from someone trying to brute force my account.

doctorsexy
06-11-2013, 11:33 AM
What are they going to do when they find one? Or several? Or a bunch...

Space Aliens...run for the hills.....

BoostedK20
06-11-2013, 01:02 PM
I had well over 100 emails...

Glockie
06-11-2013, 01:03 PM
Yeah same here.. approx 21 emails so far with IP address: 89.77.33.126
Quick check reveals it to be Poland
Project Honey Pot reveals this too, perhaps you can ban their IP ranges?
CLICKY (https://www.projecthoneypot.org/ip_89.77.33.126)
I have a pretty secure pass but it always worries me when changing them during any form of attack..
Would you consider it to be safe to change it during the attack?

Hope they back off..

grayloon
06-11-2013, 02:14 PM
I've received 8 of these in the span of a few minutes. IP addresses in China, India, etc.

109.224.62.197
114.251.216.194
125.39.66.150
218.204.23.4
58.252.56.149
61.8.72.99
94.200.252.195
120.29.153.78

Gradonil_Ral
06-11-2013, 02:15 PM
Twice for me so far:

201.248.232.113
221.2.80.126

garyopa
06-11-2013, 02:20 PM
Same for me also, over 50 attempts from 7:30am and upto just recently it finally stopped.

All different ips each time.

grecostimpy
06-11-2013, 02:21 PM
Mine just got knocked about 6-7 times as well. I went in and updated my password to something much stronger. At least this was a wake up call for me to use a stronger password as I haven't visited here in quite a while.

IP's:

2.135.237.58
112.5.183.235
78.130.136.18
2.181.177.7
109.175.8.42
222.37.177.243
118.195.65.250

goyo
06-11-2013, 02:45 PM
They're keep coming...It's not funny anymore...

Bat21
06-11-2013, 02:55 PM
.... I went in and updated my password to something much stronger. At least this was a wake up call for me to use a stronger password as I haven't visited here in quite a while.
Yes, did the same here too as I haven't logged in for a while :up:

Paul M
06-11-2013, 05:23 PM
To repeat again - please dont post lists of IP addresses, its not serving any purpose, just filling up the thread.

This is just an automated system that uses zombie PCs all around the world (hence the hundreds of IPs) and tries a list of common, easy to guess passwords, and then moves on when it fails.

All you need to do is make sure you have a good password, that cannot be easily guessed, and delete the e-mails. You can of course change you password if you desire.

Chris8
06-11-2013, 05:35 PM
Got like 10+ emails from yesterday about it as well. Uhmm some bots must be on fire. How about banning these bad bots? Maybe they have specific user-agent or lack of user-agent or specific referrer string so 1 small line in htaccess would do it, no? Maybe the vb.org login fields/page could be changed/tweaked, cmon you're wed devs you can do it. Bots follow some specific data within the page source, it's not that hard to fool them.

bleros
06-11-2013, 06:19 PM
Today i got again only 8 attempt, i changed password with pass generator with 50 character :rolleyes:

kippesp
06-11-2013, 07:41 PM
I've not visited this forum in 6 years. But this mess brought me back for a short visit.

I know it is obvious, but people should be concerned that the harm from a successful username/password guess can do more harm than just spamming this forum or obtaining information from what this forum provides. Should that user still continue to use this same combination on other sites, say bankofamerica.com, then vbulletin forums can be a good testing ground for identifying valid combinations without triggering lockouts on other sites (without >1 factor improvements). Perhaps a design change to VB's log in such as reverting to a dreadded CAPTCHA after x-failed attempts. ...back to lurking.

columbonet
06-11-2013, 10:38 PM
I had 47 emails today, all with different IP's trying to get into my account here on this site.

Digital Jedi
06-11-2013, 10:56 PM
I've not visited this forum in 6 years. But this mess brought me back for a short visit.

I know it is obvious, but people should be concerned that the harm from a successful username/password guess can do more harm than just spamming this forum or obtaining information from what this forum provides. Should that user still continue to use this same combination on other sites, say bankofamerica.com, then vbulletin forums can be a good testing ground for identifying valid combinations without triggering lockouts on other sites (without >1 factor improvements). Perhaps a design change to VB's log in such as reverting to a dreadded CAPTCHA after x-failed attempts. ...back to lurking.
That's not, in any way, shape or form, vB's responsibility. Preventing access to your bank account, or any other online accounts, is your job. How many times have we been told not to use the same password on multiple sites? How many times have we been told to use number/CAPS/Lowercase/Special Character combinations? How many times have we've been told not to give out our password to sites that don't have the same URL as the one they claim to be? We've been warned and warning people for nearly two decades now how to do this right, and if folks continue to think it won't happen to them, that's on them, not the developers of forum software who've already taken significant steps to preventing this in the first place.

grafbyte
06-11-2013, 11:44 PM
HI

im becom 4 mails ..

Dear grafbyte,

Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 61.19.42.60

Don't forget that the password is case sensitive. Forgotten your password? Use the link below:
https://vborg.vbsupport.ru/login.php?do=lostpw

All the best,
vBulletin.org Forum


Dear grafbyte,

Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 109.198.126.112

Don't forget that the password is case sensitive. Forgotten your password? Use the link below:
https://vborg.vbsupport.ru/login.php?do=lostpw

All the best,
vBulletin.org Forum




Dear grafbyte,

Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 2.135.238.10

Don't forget that the password is case sensitive. Forgotten your password? Use the link below:
https://vborg.vbsupport.ru/login.php?do=lostpw

All the best,
vBulletin.org Forum



Dear grafbyte,

Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 89.218.0.26

Don't forget that the password is case sensitive. Forgotten your password? Use the link below:
https://vborg.vbsupport.ru/login.php?do=lostpw

All the best,
vBulletin.org Forum

inphoenix
06-11-2013, 11:44 PM
Add me to this list. 26 emails so far.

hoadiem
06-12-2013, 12:06 AM
i got same issue (from 2:52pm to 3:38pm 6/11/13) 18 emails

180.188.196.47 from Hong Kong
124.165.212.3
117.218.37.18
186.116.130.11
114.251.216.194
124.195.52.21
66.35.68.146
205.164.41.101
41.89.130.6
212.33.204.37
190.102.17.240
188.136.199.193
202.150.137.154
190.201.233.18
189.115.138.217
217.219.128.134
89.218.101.26
218.25.249.188

i think admin should ban these ip to prevent them from hacking to ours accounts.

blind-eddie
06-12-2013, 12:11 AM
<a href="https://vborg.vbsupport.ru/showpost.php?p=2427427&postcount=93" target="_blank">https://vborg.vbsupport.ru/showp...7&postcount=93</a>

iogames
06-12-2013, 03:05 AM
I have 7! did I win?

Dear iogames,

Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

125.39.66.155
213.186.122.123
46.29.78.20
201.217.252.67
218.108.242.108
187.73.70.14
125.39.66.146

jemiller226
06-12-2013, 03:54 AM
19 in the last half hour. Seriously? Can you seriously not prevent login flooding? Can you seriously not block access to the member list?

And don't you dare tell me it's my problem!

blind-eddie
06-12-2013, 04:47 AM
I have 7! did I win?



125.39.66.155
213.186.122.123
46.29.78.20
201.217.252.67
218.108.242.108
187.73.70.14
125.39.66.146

Nope, I had 24 on the 9th....

Joemadden1989
06-12-2013, 05:47 AM
This morning i woke up to a number of emails calming to try and login as me.

------------------------

Thats all for now, if i get anymore i'll let you know.

Joe.

john h
06-12-2013, 06:13 AM
I'm getting the same emails. Someone trying a brute force attack?

jasff
06-12-2013, 06:16 AM
I just got hit with about 10. I went in and made a difficult long password with all characters, numbers, etc.

All the IPS are out of Russia Federation.

Zachery
06-12-2013, 06:16 AM
<a href="https://vborg.vbsupport.ru/showthread.php?t=280796" target="_blank">https://vborg.vbsupport.ru/showthread.php?t=280796</a>

jluerken
06-12-2013, 08:06 AM
I am now getting the same stuff. Looks like someone is trying to brute force vbulletin.org accounts.

Any official Feedback please?

kafi
06-12-2013, 08:42 AM
Same emails in my inbox.

Jonm
06-12-2013, 10:31 AM
22 emails about this!

114.141.162.60
95.181.40.202
86.123.226.93
100.45.50.131
94.73.62.44
116.50.153.66
200.196.51.130
178.77.243.110
58.242.249.31
140.112.174.24
72.29.4.111
190.102.17.240
210.43.128.18
210.14.133.202
121.12.167.197
2.133.94.42
91.228.53.28
183.62.139.214
202.77.119.114
119.36.87.26
58.22.151.184
85.15.227.78
118.97.206.254
190.111.122.2
89.218.101.26
197.220.163.75

JonUrban
06-12-2013, 10:38 AM
I got about 50 of those locked out account emails as well from 3:15AM ET to 4:16AM ET, June 12, all saying my account was locked out. Funny thing is, when I came here, it was not! I changed my password, but it's a bit freaky to wake up to all of this.

I did a WhoIs on the IPs, and they are mostly from China. What do they expect to get from this.

I noticed in my CPanel for my webspace that my forum is getting a lot of hits from China. I wish I knew what they were up to.

Spooky stuff.


Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 91.103.127.37

Don't forget that the password is case sensitive. Forgotten your password? Use the link below:
https://vborg.vbsupport.ru/login.php?do=lostpw

All the best,
vBulletin.org Forum

Here are all the IPs, in the order that I got the emails, for those interested:

86.96.229.68
206.251.61.230
24.172.34.114
23.30.90.105
222.37.177.243
60.220.212.60
187.185.71.90
183.166.191.243
218.5.74.174
189.85.24.242
222.89.154.6
218.188.13.237
186.103.135.82
118.195.65.243
2.133.92.242
118.98.233.6
61.136.93.38
202.182.53.57
201.77.202.68
58.252.56.148
110.138.239.223
58.252.56.149
113.200.214.42
78.38.23.242
116.228.55.217
176.33.138.156
203.215.48.38
119.187.148.81
58.22.151.184
203.189.136.17
60.223.228.2
197.160.56.108
202.102.26.136
211.161.152.108
95.161.7.13
46.21.240.253
119.36.87.26
192.110.163.22
46.16.180.58
112.220.224.187
187.6.252.146
190.124.165.194
202.150.137.154
60.223.255.141
77.94.48.5
85.15.227.78
91.103.127.37
193.160.225.13
221.0.90.54
223.4.118.98

kitsch
06-12-2013, 11:23 AM
Same emails in my inbox too.

KenDude
06-12-2013, 12:26 PM
To repeat again - please dont post lists of IP addresses, its not serving any purpose, just filling up the thread.

This is just an automated system that uses zombie PCs all around the world (hence the hundreds of IPs) and tries a list of common, easy to guess passwords, and then moves on when it fails.

All you need to do is make sure you have a good password, that cannot be easily guessed, and delete the e-mails. You can of course change you password if you desire.

Paul,
Why do you say this? Why couldn't I take that list of IP addresses and block them on my own forum? If those are known bad zombie PCs then I don't want them hitting my site for any reason, password hacking or otherwise. Knowing their IP address would allow me to add them to the blocked list on my site. Thus, I fail to see the harm in posting the IP addresses if others wish to do something with the list. Am I missing something here?

jimsflies
06-12-2013, 12:51 PM
Got about 40 of these emails this morning.

One question I have is why doesn't vb.org block known spammers at the htaccess level? On my site, I block ips from known spammers and IP ranges from countries known to be rife with illicit internet activity (granted the later option probably isn't viable here on vb.org).

As an example a couple months ago, I posted a link to a new test site here on vb.org because I had a question about something I was working on and within a day I had more than 10 new spammer accounts on the new forum...that was the only link I ever posted and ended up editing my post to remove the link the next day. I think vb.org is used a lot by spammers because it is a treasure trove of links to other forums.

Jonm
06-12-2013, 01:21 PM
Paul,
Why do you say this? Why couldn't I take that list of IP addresses and block them on my own forum? If those are known bad zombie PCs then I don't want them hitting my site for any reason, password hacking or otherwise. Knowing their IP address would allow me to add them to the blocked list on my site. Thus, I fail to see the harm in posting the IP addresses if others wish to do something with the list. Am I missing something here?

I echo this.

Digital Jedi
06-12-2013, 01:50 PM
Paul,
Why do you say this? Why couldn't I take that list of IP addresses and block them on my own forum? If those are known bad zombie PCs then I don't want them hitting my site for any reason, password hacking or otherwise. Knowing their IP address would allow me to add them to the blocked list on my site. Thus, I fail to see the harm in posting the IP addresses if others wish to do something with the list. Am I missing something here?
I'm not sure how many different ways this can be said to you guys. You will spend each day, every day, adding new IPs to your .htaccess if you try to do it that way. That's would not just be time consuming, it would be ultimately fruitless. It wouldn't do the job of preventing these IPs from hacking into your account.* What you would need is a system that prevents ANY automated system from getting into your account based on known hacking behavior. Wanna guess what that system is?

Guys, the only reason you even know about this is because you got an email letting you know the attempt failed. That's really the only reason you even noticed. The same thing is happening to any account you have anywhere on the internet, and only a handful of those site are going to alert you of the suspicious behavior. It just so happens vB is small enough of a website (by comparison) that a larger group of us have noticed. But the site is doing it's job. If you're password is safe, then you're account is safe. When you do get emails that someone was blocked, you should be sighing relief, not freaking out and wondering what went wrong.

*Blocking IPs is to prevent spam on already registered accounts, which is pretty much a fruitless endevour in of itself. Spam should be block on the registration level. What these IPs are doing is trying to hack passwords for other purposes.)

lapiervb
06-12-2013, 02:02 PM
Same thing is happening to me right now. Coming from China..... go figure.

LaBella
06-12-2013, 02:50 PM
This just happened to me, as well. Right now from these IP addresses:

190.111.122.2
2.133.93.90
58.250.87.123
109.175.8.42
222.35.61.196

Kirkus
06-12-2013, 02:50 PM
I had 17 attempts this morning. China? Go figure. I've banned the entire country from my web server.

This isn't really related to this thread, and probably not the place to post it, but I've been using SpamTrawler on my vBulletin site (and several other of my sites) for several months now and it's done a fantastic job of keeping most of the spammers out.

Hakan39
06-12-2013, 03:24 PM
My account

222.124.19.210
110.74.218.146
125.216.144.199
110.50.80.30
61.153.98.6
178.217.9.18
119.36.87.32
210.43.128.18
80.191.48.210
190.0.17.202
95.161.7.13
189.11.198.141
177.135.236.245
189.115.138.217
223.4.233.162
201.73.70.33
125.39.66.149
78.38.23.242
92.39.54.161
220.132.19.136
222.73.233.146
74.221.211.12


Dear Hakan39,

Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 110.74.218.146

Don't forget that the password is case sensitive. Forgotten your password? Use the link below:
https://vborg.vbsupport.ru/login.php?do=lostpw

All the best,
vBulletin.org Forum


these not my ip number i dont use these any. i think one wanted to seize my account.
at www.vbulletin.org

korny
06-12-2013, 03:32 PM
I have had almost 50 emails saying my account as been locked. Someone is trying to hack in and alot. Every email has a different IP address so posting then would take awhile.

Hakan39
06-12-2013, 03:42 PM
Same problem. What is the solution?

Kickin' Wing
06-12-2013, 04:25 PM
Woke up to a bunch of emails this morning, all within a few seconds of each other.

I know it would lead to a DoS situation, but can the 15 minute lockout apply to any IP trying to access that account? Or at least any IP that hasn't previously logged in, since vBulletin does track that.

:edit:

Figured I would add that all my emails are dated the 12th, but the banner says my last visit was on the 10th. So it doesn't look like they got anywhere.

Hakan39
06-12-2013, 04:45 PM
why the authorities can not find the solution?

BirdOPrey5
06-12-2013, 04:51 PM
There is no real solution. There are much too many IP addresses to block. For the most part these are IP addresses of "innocent" people whose computers are compromised by a virus and being used in this attack.

While we understand it is annoying the reality is for any one user they will get emails for a few minutes to a few hours, after which they stop and move on.

Short of shutting off all forum email (which would cause more issues for people trying to register or change email addresses, and waiting for thread updates) there isn't a whole lot that can be done.

Code modifications can be discussed in the future but they will not come soon enough to help anyone who has already been hit.

Hakan39
06-12-2013, 05:07 PM
Thank you BirdOPrey5

Kesha
06-12-2013, 05:14 PM
There is something wrong with the cookie that tells the forum that I'm locked out of my account, or however it works. I've been trying every 15 minutes to get into this account and I'm being denied access every single time, no matter which browser I use or which computer I use. I had to reset my password because the password that I was using for this account was not working. I'm currently using a different machine on a completely different connection, which seems to be working fine for me at the moment.

Does 15 minutes really mean something like 60 minutes?

Max Taxable
06-12-2013, 05:15 PM
I've never been hit by this here at vB dot org. And I am wondering if it's because I run "invisible." The brute force attacks might or might not be random - they might be getting active accounts to target from the bottom of the main forum page, the aggregate "what's going on" area.

Just a theory.

Kat-2
06-12-2013, 05:26 PM
Possible correct theory, but I run visible, and between 5 and 5:30 AM (central time), I received approximately 30 emails saying I was locked out. Umm...I was sound asleep then, so sure was not showing online... :)

Max Taxable
06-12-2013, 05:27 PM
Possible correct theory, but I run visible, and between 5 and 5:30 AM, I received approximately 30 emails saying I was locked out. Umm...I was sound asleep then, so sure was not showing online... :)We don't know how long they keep us showing online though, and we also don't know when the brute force attackers are gathering their target lists. Could be minutes, hours, days? Between gathering the info and launching the attacks.

I only know I have never been targeted and also have never run visible here.

Kat-2
06-12-2013, 05:30 PM
We don't know how long they keep us showing online though, and we also don't know when the brute force attackers are gathering their target lists. Could be minutes, hours, days? Between gathering the info and launching the attacks.


I suppose. Would have definitely had to have been keeping me showing online for a good 10/12 hours I'd say...if that were the case.

Max Taxable
06-12-2013, 05:31 PM
I suppose. Would have definitely had to have been keeping me showing online for a good 10/12 hours I'd say...if that were the case.Not necessarily. It depends on when the attackers gathered their target data. This, we have no way to know.

Kat-2
06-12-2013, 05:33 PM
All is null as far as I am concerned. Was not a successful attack anyhow.

Max Taxable
06-12-2013, 05:37 PM
They only need to get one successful attack.

Gathering the target usernames isn't necessarily happening at the same time the attacks are. In fact, were I doing this I would gather names over at least a week's period, entering them into the brute force cracking software, getting some thousands accumulated before launching the actual attack.

BirdOPrey5
06-12-2013, 05:46 PM
I've never been hit by this here at vB dot org. And I am wondering if it's because I run "invisible." The brute force attacks might or might not be random - they might be getting active accounts to target from the bottom of the main forum page, the aggregate "what's going on" area.

Just a theory.

You haven't been hit because they always go in alphabetical order and they'be always stopped before M in the past.

Max Taxable
06-12-2013, 05:47 PM
You haven't been hit because they always go in alphabetical order and they'be always stopped before M in the past.Are they hitting nonexistant accounts, or are they choosing correct names from 'who's online?"

They may have gone further than the letter M, at least one time:

https://vborg.vbsupport.ru/showpost.php?p=2427321&postcount=83

BirdOPrey5
06-12-2013, 05:53 PM
They are hitting people who haven't logged in for 7 years... so it's not who's online. It was either a copy of the member's list (made before the attack) or a spider that just crawled the site and captured all the usernames. They would need to sort them anyway to prevent duplicates so it makes sense they are in alphabetical order.

They seem to have skipped accounts that start with a special character, like !username, so I'm not convinced they used the member's list as those names are on top.

Max Taxable
06-12-2013, 05:55 PM
They are hitting people who haven't logged in for 7 years... so it's not who's online. It was either a copy of the member's list (made before the attack) or a spider that just crawled the site and captured all the usernames. They would need to sort them anyway to prevent duplicates so it makes sense they are in alphabetical order.

They seem to have slipped accounts that start with a special character, like !username, so I'm not convinced they used the member's list as those names are on top.And of course, they don't have a common item in their UA string, like Brutus for example, leaves.

Makes it really difficult to block or inhibit.

LeventX
06-12-2013, 05:58 PM
They did this last year also - Yesterday's brute force attempts at password hacking (https://vborg.vbsupport.ru/showthread.php?t=264376)

Please make sure you do not use your username as your password. :)


Thank You :rolleyes:

LaBella
06-12-2013, 07:35 PM
They are hitting people who haven't logged in for 7 years... so it's not who's online. It was either a copy of the member's list (made before the attack) or a spider that just crawled the site and captured all the usernames. They would need to sort them anyway to prevent duplicates so it makes sense they are in alphabetical order.

They seem to have skipped accounts that start with a special character, like !username, so I'm not convinced they used the member's list as those names are on top.

I have certainly logged in more recently than 7 years??!:erm:

Lynne
06-12-2013, 07:50 PM
He was simply saying they they are hitting those people who haven't logged in for 7 years.... along with those of us who logged in today.

Ladybbird
06-13-2013, 03:55 AM
I see many of your members have experienced the same problems as I have had, and continue to do so. Your service responded quickly and stopped the hackers and advised me by many emails.

I dont have time to research and give your members all the IP addies that attempted to hack our accounts, but here are a few details to help you guys

Dear Ladybbird,
Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times.

Some of the people trying to log into my account had the following IP addresses:

84.22.28.242 - Bulgaria

78.130.136.18 - Bulgaria

194.141.252.102 - Bulgaria

2.133.92.138 - Kazakhstan

211.161.152.108 - China

72.29.4.111 - New Zealand

118.195.65.247 - China

58.252.56.148 - China

202.182.50.130 - Indonesia

Hope this helps in some way, and thank you vBe Forum for stopping the hackers. :)

CableSux
06-13-2013, 12:40 PM
Just delete the emails and don't worry about it.

Make sure you have a decently secure password. Make sure your password is not your username or 12345 or the word "password" or anything else very common.

Even if it is just lol#101 the chances they figure that out in 10, or 100, or even 500 chances is near zero.

Perhaps you should add these suggestions to the e-mail template so the forum isn't inundated with posts with IPs and asking what to do? Just a thought.

Amaury
06-13-2013, 03:32 PM
We don't know how long they keep us showing online though, and we also don't know when the brute force attackers are gathering their target lists. Could be minutes, hours, days? Between gathering the info and launching the attacks.

I only know I have never been targeted and also have never run visible here.

Session Timeout is set to 30 minutes here.

K4GAP
06-13-2013, 04:02 PM
[quote=BirdOPrey5;2314376]I also am getting the lockout notice. Good thing I never log out***** snipped


What setting do I need to have so that I'm never logged out while my site is open in my browser?

--------------- Added 1371143135 at 1371143135 ---------------

One thing I've done is to limit anyone from accessing my site if they are not within the time zones I have selected.

slinky
01-29-2014, 10:45 PM
And they are hitting me. I wonder how many others are being hit. Remember - change all your passwords everywhere since the people trying to hack in here may be trying to use the passwords that they got from the vBulletin database a few months ago.

jake73
01-30-2014, 12:13 AM
Yeah... Just got hit, too.

thomas
01-30-2014, 05:55 AM
Got seven such notifications today.

Paul M
02-01-2014, 10:15 PM
And they are hitting me. I wonder how many others are being hit. Remember - change all your passwords everywhere since the people trying to hack in here may be trying to use the passwords that they got from the vBulletin database a few months ago.

None of those passwords are valid (unless you reset it to the same password you had, which would be somewhat foolish).

Lynne
04-08-2014, 03:30 AM
This is going on again. No need to hit the Contact Us link to let us know about it.

HM666
04-08-2014, 05:54 AM
Just got this message as well:

Dear HM666,

Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 2.95.43.207

Don't forget that the password is case sensitive. Forgotten your password? Use the link below:
https://vborg.vbsupport.ru/login.php?do=lostpw

All the best,
vBulletin.org Forum

Jaydee 2
04-08-2014, 08:18 AM
Hi HM666,

don't worry, that's spam-bots who try to enter our accounts. ;)
Same here.... i've got this email with the IP 81.195.44.54 (from Russia) today as well.

They have just 5 attempts before your account will be locked for the next 15 minutes and if your pw is strong enough, they will have no chance!

blind-eddie
04-08-2014, 10:30 AM
This is going on again. No need to hit the Contact Us link to let us know about it.

Maybe editing the contact us page with info telling members not to send message regarding this would be a good idea?:up:

Lynne
04-08-2014, 04:42 PM
Maybe editing the contact us page with info telling members not to send message regarding this would be a good idea?:up:
Probably would have been a good idea since I got 15 emails about it this morning. :)

Dilldogs
04-08-2014, 09:31 PM
I am getting the same thing.
83.211.216.45 Italy
117.171.69.182 China
221.215.173.78 China
IPs are from china.

MaXimus
04-09-2014, 01:06 AM
Just got one now: The person trying to log into your account had the following IP address: 46.209.70.74

pnhltt
04-09-2014, 03:39 AM
197.255.254.246 from Nigeria
first time for us
obviously, they got to P :D

Mostjolly
04-09-2014, 05:45 AM
this happened to me earlier.. i've just updated my pw but i'm still worried..

anyways.. say if they did hacked our account and changed our pw, how would one get it back?

BirdOPrey5
04-09-2014, 01:28 PM
You would follow the forgot password link to reset your password- but unless your password is absurdly easy, no one is getting it from this kind of attack.

Ladybbird
04-09-2014, 03:13 PM
The Hacker came from China-
IP= 183.216.190.239

IP Location: China Beijing China Mobile Communications Corporation
ASN: China AS9808 CMNET-GD Guangdong Mobile Communication Co.Ltd.,CN (registered Jan 10, 2000)
IP Address: 183.216.190.239

& Trust me the Chinese are very good at hacking.
Note they have used a mobile device to hack vBulletin

A couple of years ago they even hacked Skype and used/stole all members log in details and money on their accounts. I had a heck of a fight trying to get my money back from Skype - Never happened, cos Skype simply wouldn't admit they had been hacked!

Even Google, Facebook etc have been hacked in the past. That's why I NEVER use any social media site

So don't blame vBulletin forum.

A little tip: NEVER use the same password on all or multi sites. Use your notepads and record your DIFFERENT log-in details for every site your use.....;)

I thank the staff at vBulletin, for their prompt action on this matter....:up:

OmniBuzz
04-09-2014, 03:32 PM
Hi, I am having the same issue but for some reason, I cannot access https://vborg.vbsupport.ru/profile.php?do=editpassword page. Even when logged in it is still asking for my login / pwd ... when entered it does not log me in again...
I have not accessed this forum for a VERY long time and my pwd was no longer valid. I had to change it using the email reset system...


EDIT : That was an ie11 issue, I was able to access with FF...

rockerzteam
04-09-2014, 04:32 PM
Dear rockerzteam,

Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 124.121.248.189

BirdOPrey5
04-09-2014, 04:38 PM
It is not necessary to report this emails. We are aware of the situation. As long as you have a secure password you have nothing to worry about.

Posting the IP addresses is not going to help, but thank you for your effort.

ForceHSS
04-09-2014, 05:01 PM
They never try my account :)

ego
04-09-2014, 05:41 PM
Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 117.171.75.185

Don't forget that the password is case sensitive. Forgotten your password? Use the link below:
https://vborg.vbsupport.ru/login.php?do=lostpw

All the best,
vBulletin.org Forum


Many tries last 1hour please block these hackers

Chris8
04-09-2014, 05:49 PM
Mine was locked 4 times during last 2 days.

ego
04-09-2014, 06:01 PM
Thats not funny.
Please delete my account here. 20 mails in 1.5 hours

evelynpriscilla
04-09-2014, 06:04 PM
From: "vBulletin.org Forum" <webmaster@vbulletin.org>
Date: 10 April, 2014 2:19:20 AM GMT+08:00
Subject: Account on vBulletin.org Forum locked out

Dear evelynpriscilla,

Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 223.83.98.56

Don't forget that the password is case sensitive. Forgotten your password? Use the link below:
https://vborg.vbsupport.ru/login.php?do=lostpw
All the best,
vBulletin.org Forum

BirdOPrey5
04-09-2014, 06:11 PM
Thats not funny.
Please delete my account here. 20 mails in 1.5 hours

We don't delete accounts.

If you don't want your account change your email address to some non-existent address/domain. You will stop getting the emails.

ForceHSS
04-09-2014, 08:30 PM
Thats not funny.
Please delete my account here. 20 mails in 1.5 hours

Go to your options and change some settings so you dont get emails
https://vborg.vbsupport.ru/profile.php?do=editoptions

billstelling
04-09-2014, 09:01 PM
someone tried with my account as well today.. Flipping scammers..

Grae
04-09-2014, 09:44 PM
I've received 5 in the last few minutes.

starman?
04-10-2014, 02:20 AM
Just had someone from Brazil try it. 177.220.137.138

Nick Harris
04-10-2014, 02:26 AM
Add me to the list of people who was locked out and received an email after 5 wrong attempts by someone else.

For me the IP was from China - 117.163.230.160

My pass is impossibly hard, even to remember, and it's not shared anywhere else so no worries. Thank you for keeping the 5 attempt lockout in the forums, all forums need it!

Sparrow-Sean
04-10-2014, 02:48 AM
Me too:

Dear Sparrow-Sean,

Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 112.45.250.214

Don't forget that the password is case sensitive. Forgotten your password? Use the link below:
https://vborg.vbsupport.ru/login.php?do=lostpw

All the best,
vBulletin.org Forum

Draygonia
04-10-2014, 04:19 AM
These IPs have been attempting to log into my account. Thankfully my password is very secure, but this is alarming and makes me wonder whether this is website based or username based.

117.163.233.182
195.19.214.8
117.175.254.198
223.85.49.51
117.163.231.106

Appears to be using Mikrotik, a software that turns a PC into a router. Likely using infected computers to do the job.

hexonxonx
04-10-2014, 07:23 AM
It's happened to me three times, all with different IPs. I changed my password to a much longer one. I did this through my iPad which asked me if I wanted it to suggest a password. I said yes and it entered a very nice and strong password.

Hoffi
04-10-2014, 07:52 AM
The attempts to hack accounts raises. Please hurry to check the IP's.

BirdOPrey5
04-10-2014, 07:59 AM
The attempts to hack accounts raises. Please hurry to check the IP's.

There is no point to checking/blocking IPs. These IPs are of "Zombie" PCs- they are your friends/neighbors/random people who have been infected with viruses and are now running the commands of hackers. There are millions of them out there and there is no point to try to block them all- they are always changing.

The easiest thing to do is simply delete the emails and continue on with your life.

PS- You're never actually locked out- the lock follows the IP address not the username, so you would always be able to log in so long as the attack isn't coming from your IP address.

Jaydee 2
04-10-2014, 08:04 AM
I agree! About 50 emails between 10.15 and 10.21! (German local time -> 08.15 UTC)

They never try my account :)

Am i to? :D

--------------- Added 1397121364 at 1397121364 ---------------



The easiest thing to do is simply delete the emails and continue on with your life.


Hehe, first i read "[...] and continue on with your wife." :D

Electronic Punk
04-10-2014, 09:02 AM
Hmm, also got this, account seems fine however.

pets.ca
04-10-2014, 10:24 AM
I have gotten about 25 in the last 24 hours....

sburns1992
04-10-2014, 11:05 AM
Yeah I keep getting loads, can I request a username change?

TheLastSuperman
04-10-2014, 11:12 AM
Yeah I keep getting loads, can I request a username change?

Sure :cool: however I cannot do it for you, you will need to send a private message to an Administrator on the site, here is a list of Staff I suggest Lynne or Princeton as Paul is away currently.

https://vborg.vbsupport.ru/info.php?do=staff

BirdOPrey5
04-10-2014, 11:19 AM
Yeah I keep getting loads, can I request a username change?

A username change likely won't do anything to stop the emails, in fact it will probably just make you get more as they will eventually stop with your account and move on to others.

Sascha Henken
04-10-2014, 11:36 AM
I keep getting these emails several times a day. Seems a Bot Network is trying to hijacking forum accounts. I?ve managed to change my password to a more secure one!

Dear Sascha Henken,

Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: XXX.XXX.XXX.XXX

Don't forget that the password is case sensitive. Forgotten your password? Use the link below:
https://vborg.vbsupport.ru/login.php?do=lostpw

All the best,
vBulletin.org Forum

teou
04-10-2014, 12:19 PM
Massive bruteforcing attack obviously. I have also received several emails. IP addresses of the attackers so far:
80.191.193.2
177.129.88.39
201.211.196.23

Is there any way to disable email notifications at least?

p.s. Suggestion to vbulletin staff: make an option to have one screen/post name and another login name. Thus the attackers will not be able to get login names from posts and will have to bruteforce them first.. and that will greately enhance security and will stop this email spam.

p.p.s. Similar suggestion here - https://vborg.vbsupport.ru/showthread.php?t=264376&page=2
Using emails for login (only email and not both mail or username as many sites do). Must be pretty easy to implement, 1-2 rows of php here and there?

BirdOPrey5
04-10-2014, 12:38 PM
We are not going to be making massive changes to the software, we do apologize for the inconvenience.

Some people have reported that editing your options and seeing unchecking the option to Allow Administrators to Send You Email stops the account locked emails, but other people say it does not help- honestly I'm not sure if that setting was ever intended to stop such emails since they technically are being sent from the board itself, not an Administrator.

For those who no longer wish to have accounts go ahead and change your emails address on record in the settings to some random/undeliverable value.

jefferis
04-10-2014, 01:39 PM
Continuing every day! FROM
194.60.227.124
110.77.132.104
221.182.70.192
120.84.239.194
117.164.7.228

ANGLICO
04-10-2014, 02:30 PM
I would like to be able to block IP addresses that appear to originate from certain countries from trying to log into my account. Is there a way to do that? Perhaps an easier option would be to PERMIT only an IP address originating in the USA to log into my account.

Ideas?

Belay the previous, I just saw this:
There is no point to checking/blocking IPs. These IPs are of "Zombie" PCs- they are your friends/neighbors/random people who have been infected with viruses and are now running the commands of hackers. There are millions of them out there and there is no point to try to block them all- they are always changing.

The easiest thing to do is simply delete the emails and continue on with your life.

PS- You're never actually locked out- the lock follows the IP address not the username, so you would always be able to log in so long as the attack isn't coming from your IP address.

Andem
04-10-2014, 02:31 PM
117.139.111.72
128.199.213.232
117.163.222.200
183.220.47.155
117.177.253.233
117.173.196.204

zackw
04-10-2014, 02:32 PM
I think the solution is simple, the forum should just stop sending these emails. Clearly, if the block is only IP based, then it doesn't affect your own login attempts, and since no harm is done, your account was always safe.

The only email I might want is perhaps something that says that a successful login took place, from a different IP that my last login.

All I need to know is if someone is changing my password or changing my email or even if they have logged in from an IP not normal for me. This could alert me to a compromised account.

These emails about lockouts don't seem to serve any purpose if the intention is NOT to block every single IP that comes through. I personally can't do jack with the emails, it's not like I can come here and do IP blocks myself. So this may be a case of TMI. Just stop emailing people about failed login attempts.

Is that hard?

BirdOPrey5
04-10-2014, 02:52 PM
I think the solution is simple, the forum should just stop sending these emails. Clearly, if the block is only IP based, then it doesn't affect your own login attempts, and since no harm is done, your account was always safe.

The only email I might want is perhaps something that says that a successful login took place, from a different IP that my last login.

All I need to know is if someone is changing my password or changing my email or even if they have logged in from an IP not normal for me. This could alert me to a compromised account.

These emails about lockouts don't seem to serve any purpose if the intention is NOT to block every single IP that comes through. I personally can't do jack with the emails, it's not like I can come here and do IP blocks myself. So this may be a case of TMI. Just stop emailing people about failed login attempts.

Is that hard?

This is certainly something we will consider in the future.

Antivirus
04-10-2014, 03:40 PM
Yes - I've been getting the notifications as well. I just delete em, fortunately once the lock kicks in they seem to move on to another username until the following day - no biggie

carsafety
04-10-2014, 03:42 PM
Ditto. Started a few days ago, happening a lot more today.

whitetigergrowl
04-10-2014, 03:59 PM
Yes - I've been getting the notifications as well. I just delete em, fortunately once the lock kicks in they seem to move on to another username until the following day - no biggie

No biggie until they eventually hack into your account and get your password. Anyone that says this is no biggie is seriously underestimating what is going on and potentially willing to compromise their account and information here and elsewhere.

200.112.211.80
117.164.142.150

I had 2 attempts on my account at the same time today. (8:09am)

Do not underestimate or downplay this. One IP is from Columbia and another from China in my case.

JetLee
04-10-2014, 04:04 PM
I've had four attempts in the last few days.

117.164.49.220
117.163.197.94
117.164.132.11
174.140.166.54

What got me worrying is that someone also called my cell phone carrier trying to ascertain my home address. WTF? I've since put extra security measures in place with all utilities and banks as well as changing all forum passwords to something even more complicated than I was already using.

Lynne
04-10-2014, 04:47 PM
You've already had replies from Staff. This happens every couple of months. If you have a secure password, then you have nothing to worry about. I have not been told of one person who actually has had their account hacked through one of these attacks.

Digital Jedi
04-10-2014, 05:30 PM
Does not mean nobody got hacked, just that nobody reported yet. I have looked in my user CP, there is a paypal email address field, maybe that's what the hackers are after. If they can get both a password and a paypal email address, it's potentially very dangerous. There is also the homepage field that can be potentially very dangerous. I recommend people to blank these fields if no measures are going to be taken.
As was mentioned multiple times, if your password is secure, you have nothing to worry about. You do realize that this happens on every account you have across the internet, right? Daily. It's just vBulletin has a built in notification process when it happens. Most places, you'd never know unless you have an awful password. Seriously, though. Knowing your PayPal email address is about as potentially dangerous as someone knowing your last name. Everyone we did business with already knows it.

We really have to stop this paranoia every time hacking bots randomly pick this site as a target. Everything that can be done on the administration end has been done. Now you have to secure your password, just like you would everywhere else on the web. I can't understand why this doesn't sink in.

BirdOPrey5
04-10-2014, 05:39 PM
No biggie until they eventually hack into your account and get your password. Anyone that says this is no biggie is seriously underestimating what is going on and potentially willing to compromise their account and information here and elsewhere.

200.112.211.80
117.164.142.150

I had 2 attempts on my account at the same time today. (8:09am)

Do not underestimate or downplay this. One IP is from Columbia and another from China in my case.

If you have a secure password it would take hundreds of thousands or millions or more chances to brute force break your password. Even someone who got 50 emails only had 250 max unique passwords checked on their account. The chances of them getting it right are almost zero. If your password is even puppy1036 they are never going to get it with this attack.

They are looking for the extremely week passwords- such as-
password
123456
abcde
[your username]

etc...


What got me worrying is that someone also called my cell phone carrier trying to ascertain my home address. WTF? I've since put extra security measures in place with all utilities and banks as well as changing all forum passwords to something even more complicated than I was already using.

I can assure you they are not related. This happens every few months around here- they are only looking for valid, licensed, accounts.

BirdOPrey5
04-10-2014, 05:42 PM
Does not mean nobody got hacked, just that nobody reported yet. I have looked in my user CP, there is a paypal email address field, maybe that's what the hackers are after. If they can get both a password and a paypal email address, it's potentially very dangerous. There is also the homepage field that can be potentially very dangerous. I recommend people to blank these fields if no measures are going to be taken.

The paypal field is only of value to coders/designers who can receive donations from other members as thanks for their mods.

There is no risk so long as you don't have the same password for vbulletin.org and paypal.

My paypal email is: paypal@juot.net - I welcome any donations anyone wants to send - there is ZERO risk making this public.

TNCclubman
04-10-2014, 06:01 PM
getting brute forced as well here getting notifications of wrong password.

whitetigergrowl
04-10-2014, 06:02 PM
It may happen every few months, but it doesn't make it any less serious. Maybe there is something the site can do to help prevent or minimize further attacks? I'm sure there are a number of things that can be done.

Vbulletin.org is the only site I have had this happen at. While its possible or likely it may have happened at others and I never knew about it, its still not reassuring IMO.

Or is it gonna take something catastrophic to happen and the damage done before its taken more seriously. Simply put this I don't think should be happening as often as it is to the point its affecting members here. Let alone to the point its making them jittery.

We don't know what they are after or what the true intention is. Having a good password may still not stop them. Its obvious they are looking for something. The question is if they get what they are looking for, is VB.org prepared to deal with the fallout and who will take responsibility for not trying to do more about it ahead of time when the chance was there?

This caught my attention. Downplaying it is not something I know I would be doing.

BirdOPrey5
04-10-2014, 06:16 PM
The only thing we will likely do at some point is stop having so many emails sent to the users since there is really nothing you can do about it.

We will monitor when these things happen but there isn't a whole lot anyone can do.

The fact these emails are generated frankly means the system is working.

vBulletin.org has no real sensitive data beyond forum holder email addresses- and as long as you use a unique password and a secure password there is no need to worry.

HeloHi
04-10-2014, 07:16 PM
I just changed my password to something freakishly long and complex. I suggest others to do the same.

owning_y0u
04-10-2014, 07:19 PM
I just changed my password to something freakishly long and complex. I suggest others to do the same.

32 chars FTW ;-)

Alan_SP
04-10-2014, 08:14 PM
The only email I might want is perhaps something that says that a successful login took place, from a different IP that my last login.

I have dynamic IP address. It's normal in my country.

Every time I login, I'm using different IP. This would mean I'd receive emails every time when I login.

On the other hand, something like this (https://vborg.vbsupport.ru/showthread.php?t=309138) would mean a difference to people who wants to be extra safe.

RaiinbowEyes
04-10-2014, 08:28 PM
Good to know I'm not alone, someone has been trying to hack my account with a proxy as well. How annoying >_< Guess it's time to change the PW to something ridiculous ;)

AuroraStorm
04-10-2014, 08:51 PM
*singing voice*

IT'S THE MOWWWWWWWWWWWWST WONDERFUL TYYYYYYYYYYYYME OF THE YEAR!
WHEN YOUR IP GETS HACKED AND YOUR PASSWORDS GET JACKED!
ON VB DOT OAAAAAAAAAAAAAAARRRG! IT'S THE MOST - WONDERFUL TIME OF THE YEAAAAAAAAAAAAAR!

VargTimmen
04-10-2014, 09:07 PM
I am also affected. Changed my password. Maybe this is caused through the heartbleed case?

petteyg359
04-10-2014, 09:12 PM
I am also affected. Changed my password. Maybe this is caused through the heartbleed case?

I farted at the same time the plane they found near Australia went off its planned route. Maybe they were related?

Seriously, random failbots attempting to break into vBulletin accounts have nothing to do with OpenSSL bugs.

Lynne
04-10-2014, 09:15 PM
You guys who say this only happens on vbulletin.org - do you ever check your server access logs? I'm not talking about the apache access_logs, but the ones that show when someone tries to brute force your server. This, at vbulletin.org, is nothing compared to that!

USAMustangs.com
04-10-2014, 09:57 PM
Come on vb.org, this is absolutely ridiculous. What's the issue here and what have you done to address it?


Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 183.220.40.221

The person trying to log into your account had the following IP address: 195.189.30.10

The person trying to log into your account had the following IP address: 116.213.62.122

AuroraStorm
04-10-2014, 10:33 PM
Seriously, I'm not trying to be an a-hole about this, but if you check this thread from the beginning, this type of attack happens around this time every year. I caught on to that fact when I got caught last year. If my account had been locked down, I wouldn't have been able to get in and I keep this thing logged on all the time.

...and for real tho, when I really sit back and think about it, if this account gets hacked, could the hacker please go in and check off that I've installed some of the modifications? I keep forgetting to do that. THANKS!

BirdOPrey5
04-10-2014, 10:45 PM
You would never be locked out unless the attack was coming from your IP Address.

blind-eddie
04-10-2014, 10:48 PM
Everyone in the forum software world knows the file structure of many forum software including vbulletin.

We all know bots crawl our sites everyday, they know that every member account path is "member.php?u=".
Its really easy to start with 1 then 2 then 3 ....etc...at the end of "member.php?u=" and paste your name in the login box and use a random password to see if it works.

You then get the locked account email...so what, it was not you... you know that.

Change your password to a stronger password for shits and giggles just to be safe.

Many requesting to add ip's to ban list should do a little research, its a waste of time to ban ip's... getting a new ip is easy to do.

There is nothing that can be done to stop it from happening..no one is to blame for this happening.. there is nothing wrong with vbulletin software... welcome to the internet.

Max Taxable
04-10-2014, 10:53 PM
Everyone in the forum software world knows the file structure of many forum software including vbulletin.

We all know bots crawl our sites everyday, they know that every member account path is "member.php?u=".
Its really easy to start with 1 then 2 then 3 ....etc...at the end of "member.php?u=" and paste your name in the login box and use a random password to see if it works.

You then get the locked account email...so what, it was not you... you know that.

Change your password to a stronger password for shits and giggles just to be safe.

Many requesting to add ip's to ban list should do a little research, its a waste of time to ban ip's... getting a new ip is easy to do.

There is nothing that can be done to stop it from happening..no one is to blame for this happening.. there is nothing wrong with vbulletin software... welcome to the internet.Very good post.

But.... vBorg could probably re-word the email message, making it say something like:

"We locked IP 123.456.789 out of login to your account, due to multiple failed attempts to log in. The login attempts failed but please insure you have a strong password."


Might save alot of this hand wringing every time this occurs.

MYU
04-10-2014, 11:09 PM
I'm getting the same thing, started yesterday and all different IP address.

6 attempts in the past hour.

pokesph
04-10-2014, 11:43 PM
same stuff, different IP: 195.19.214.8

so annoying..

Max Taxable
04-11-2014, 12:07 AM
Would be helpful if vBorg also captured the offender's user agent string and sent it in the email as well - for those of us who use the "ban spiders by user agent" mod.

Mr.Windows
04-11-2014, 01:42 AM
Is there a way to just delete my account? I no longer participate in the VB community and would rather just remove this vector of internet from attachment to me.

SyrLinus
04-11-2014, 02:03 AM
Add 117.164.9.166 as they tried again tonight. I will be glad when this OpenSSL issue is addressed.

sb225
04-11-2014, 02:05 AM
I am too getting a lot of emails from the past, that some one is trying to loginto my account, can you keep my account in safe place.

nochkin
04-11-2014, 02:19 AM
Just found this thread after I got about 10+ emails saying my account was locked out.
All IPs are different and from all other the world, so looks like some kind of botnet.

I originally thought... No... My precious myself thought this attack is directed to me only, but after finding this thread I realized that I'm no special. Good.
So it seems like this is just a silly bruteforce to get a hold for some forum accounts to post spam, etc.
Nothing special, no mystery, no hidden kittens. Oh, well.

Max Taxable
04-11-2014, 02:33 AM
Add 117.164.9.166 as they tried again tonight. I will be glad when this OpenSSL issue is addressed.That's completely unrelated to this and is also not a vbulletin issue. The heartbleed exploit is not a brute force password cracker.

If you're concerned about site vulnerability to the heartbleed SSL issue, test it here. (http://filippo.io/Heartbleed/)

Max Taxable
04-11-2014, 02:34 AM
Is there a way to just delete my account? I no longer participate in the VB community and would rather just remove this vector of internet from attachment to me.Remove your email address from the account via UserCP, then log out.

30022
04-11-2014, 05:29 AM
Same

Dear 30022,

Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 117.165.180.90

Kyo-dono
04-11-2014, 05:58 AM
Same here:

Dear Kyo-dono,

Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 194.126.181.47

The person trying to log into your account had the following IP address: 183.238.133.43

The person trying to log into your account had the following IP address: 212.247.140.71

Brandon Sheley
04-11-2014, 06:02 AM
got this message the other day, then just now as well..

The person trying to log into your account had the following IP address: 223.84.180.232

I deleted the other email, so no idea what the proxy ip was.. not that it really matters ;)

teou
04-11-2014, 08:11 AM
Several more ips from today:
119.46.203.37
183.221.174.3
117.172.66.7

I would like to be able to block IP addresses that appear to originate from certain countries from trying to log into my account. Is there a way to do that? Perhaps an easier option would be to PERMIT only an IP address originating in the USA to log into my account.

Ideas?

Belay the previous, I just saw this:

I have researched this matter 1-2 years ago. There are such geo-ip apache modules - you need root access to your server to install it. But it is reasonable to do only for very localized non-english language forums. Not to mention that this approach gives false positives or negatives sometimes.

I think the solution is simple, the forum should just stop sending these emails. Clearly, if the block is only IP based, then it doesn't affect your own login attempts, and since no harm is done, your account was always safe.

The only email I might want is perhaps something that says that a successful login took place, from a different IP that my last login.

All I need to know is if someone is changing my password or changing my email or even if they have logged in from an IP not normal for me. This could alert me to a compromised account.

These emails about lockouts don't seem to serve any purpose if the intention is NOT to block every single IP that comes through. I personally can't do jack with the emails, it's not like I can come here and do IP blocks myself. So this may be a case of TMI. Just stop emailing people about failed login attempts.

Is that hard?

99% of the ordinary users in the world, esp. in the "post ip v4" era when there is shortage and recycling of IP blocks, are using DYNAMIC addresses. So, unless this is made as an option in the User Control Panel that can be turned off, this is not very clever solution.

As was mentioned multiple times, if your password is secure, you have nothing to worry about. You do realize that this happens on every account you have across the internet, right? Daily. It's just vBulletin has a built in notification process when it happens. Most places, you'd never know unless you have an awful password. Seriously, though. Knowing your PayPal email address is about as potentially dangerous as someone knowing your last name. Everyone we did business with already knows it.

We really have to stop this paranoia every time hacking bots randomly pick this site as a target. Everything that can be done on the administration end has been done. Now you have to secure your password, just like you would everywhere else on the web. I can't understand why this doesn't sink in.

I agree it is not really dangerous, but it is just very annoying. VB Staff should just turn off these emails - can't be that hard.

I am also affected. Changed my password. Maybe this is caused through the heartbleed case?

This has nothing to do with it.

You guys who say this only happens on vbulletin.org - do you ever check your server access logs? I'm not talking about the apache access_logs, but the ones that show when someone tries to brute force your server. This, at vbulletin.org, is nothing compared to that!

That is true. I am administering also a PHPBB3 forum - on a very micro forum (read less than 10 K posts) i get around 10-20 such bruteforce attempts per day on average. Initially i was annoyed at the PHPBB guys, because these were not logged, not autobanned, there in no notification and these are stored in a temporary SQL table that gets auto-cleared. But after i looked at how many times these attacks happen i saw this was the right decision, otherwise the logs on the server will get HUGE.
Here is how it looks in mysql right now:

attempt_ip attempt_browser attempt_forwarded_for attempt_time user_id username username_clean
89.169.5.251 Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/53... 1397188458 0 Claytonwemn claytonwemn
199.15.233.139 Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (K... 1397172673 0 TimothyKACH timothykach
89.169.5.251 Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/53... 1397184431 0 Claytonwemn claytonwemn
95.26.157.169 Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (K... 1397199455 0 FishPn fishpn
46.119.6.88 Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (K... 1397153747 0 Ormostere ormostere
89.169.5.251 Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (K... 1397180266 0 Claytonwemn claytonwemn
95.28.228.160 Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (K... 1397160780 0 FishPn fishpn


The conclusion: VB Staff, please disable email spam, thank you.

BirdOPrey5
04-11-2014, 09:16 AM
Is there a way to just delete my account? I no longer participate in the VB community and would rather just remove this vector of internet from attachment to me.

In the future I hope we can make some changes to stop sending these emails to customers and instead send them to a local email address where network admins can keep an eye out. However- with the nature of the way things work here- it won't come soon enough to stop this attack, only hope it won't happen again in the future.

Add 117.164.9.166 as they tried again tonight. I will be glad when this OpenSSL issue is addressed.

Not an OpenSSL issue. Completely unrelated- vBulletin.org doesn't use SSL. Even if it did, a brute force attack isn't a symptom of the OpenSSL issue- they would already have the sensitive data, they wouldn't be trying to figure it out.

I am too getting a lot of emails from the past, that some one is trying to loginto my account, can you keep my account in safe place.

As long as you have a decently secure password you are safe. Make sure all websites, especially vBulletin.org has a secure (complex/long) and unique password. The unique part being perhaps the most importing. With a unique password the absolute worst thing a hacker could do is post as you- which isn't high on the severity meter.

c
The conclusion: VB Staff, please disable email spam, thank you.

We hear you and will do something as soon as we can, but it won't be today unfortunately.

AdrianH
04-11-2014, 09:40 AM
Joe, I would think long and hard about turning off the warnings.

All that will happen is on the next attack , staff and the forum will be swamped with people whining that their account was locked, that they couldn't get mods, that nobody warned them, and they should have been told that someone was attempting to access their account.

Been there, done it .......... you can't win.

As forum admins the members here should know what the emails mean, after all their own forums do exactly the same when the Bots are active.

Lightly_Toasted
04-11-2014, 09:51 AM
Very irritating... 5 emails concerning this in less than a minute.

BirdOPrey5
04-11-2014, 10:29 AM
All that will happen is on the next attack , staff and the forum will be swamped with people whining that their account was locked,

No one is locked out. Even when they get the emails, they aren't locked out. The lock only applies to the IP address causing the problem, so unless their own computer is part of the attack they can always access their account.

smacklan
04-11-2014, 10:37 AM
Got an email about the account lock myself yesterday. IP was 80.80.209.186 (Uzbekistan). First time I've logged in here in a very long time...last time was to change my password from the last big security flaw in vB. ;)

JeansJoe
04-11-2014, 11:00 AM
I got around 20 of these emails. 10 yesterday 10 today in my inbox.
I switched Passwords just to be safe.

It's a lot of different IP's tho.
Could this be a DDoS?

HawkeBoE
04-11-2014, 11:24 AM
Same here, got lots of lockout mails with different IPs.
Because of timedifference my phone made me crazy last night... & had to turn of nortifications for mail receive

lgnd
04-11-2014, 12:45 PM
I got 5 emails in two days also changed my pw is there anything else I can do to prevent this? Thanks!

weave
04-11-2014, 02:21 PM
You can always uncheck the box (userCP) to stop getting emails from the admin....or change your email address to some bogus one.

doogie88
04-11-2014, 03:11 PM
Glad I'm not the only one.

Valter
04-11-2014, 03:14 PM
Same here.

smacklan
04-11-2014, 03:38 PM
No one is locked out. Even when they get the emails, they aren't locked out. The lock only applies to the IP address causing the problem, so unless their own computer is part of the attack they can always access their account.
Not true. After 5 invalid attempts, the account is locked out for 15 minutes even for the valid passcode.

More wrong info from certain staff members...like in the now closed recent "delete my account" threads here, users were instructed to uncheck receive site admin emails to stop getting these notifications which does not work for account locked due to 5 invalid login attempts. I have had all of those email options unchecked on my account here for years and still get mailings on my account. vB 3.6.12...lovely piece of software to be still running on an official vB company forum in 2014. :rolleyes:

eatworksleepdie
04-11-2014, 03:46 PM
I am getting the messages too. I got 8 last night. several additional emails over the last few days. I've changed my password from super-tough, to super-duper-tough..

any fix for this besides a workaround to not get admin emails? that seems like a bad idea.

BirdOPrey5
04-11-2014, 04:37 PM
Not true. After 5 invalid attempts, the account is locked out for 15 minutes even for the valid passcode.


I'm absolutely not wrong. The "lock" is only on the IP address causing the problem. If I try to log in to your account from my computer it only blocks me from logging in, not you. I've tested it myself.

nochkin
04-11-2014, 05:27 PM
Not true. After 5 invalid attempts, the account is locked out for 15 minutes even for the valid passcode.
It works exactly as BirdOPrey5 mentioned: the lock is per IP, not per username.

Kat-2
04-11-2014, 05:34 PM
I figured that was what was going on again. I was hit this time. Didn't make it in though. :)

MrHorror
04-11-2014, 06:51 PM
I got the email warnings as well. They failed to get into my account though.

Digital Jedi
04-11-2014, 10:06 PM
It may happen every few months, but it doesn't make it any less serious. Maybe there is something the site can do to help prevent or minimize further attacks? I'm sure there are a number of things that can be done.

Vbulletin.org is the only site I have had this happen at. While its possible or likely it may have happened at others and I never knew about it, its still not reassuring IMO.
vB.org is the only site that's informed you that it's happened. There's a difference. And it's the biggest, brightest point we're trying to make. The "thing being done about it" has already been done. It's just, this time, you were informed. Not all websites will tell you unless the attempt was successful. And even then...


Come on vb.org, this is absolutely ridiculous. What's the issue here and what have you done to address it?

I am too getting a lot of emails from the past, that some one is trying to loginto my account, can you keep my account in safe place.
Come on guys, read the last few posts.

If the guy below me posts without reading the last few posts again, I'm going to drop a spork on his head.