they have tried at least 12 times.
the IPs are

221.2.80.126
212.33.204.37
88.85.106.146
213.164.18.147
183.62.192.186
182.72.174.190
125.39.68.194
89.218.0.202
2.135.238.10
202.137.22.182
180.96.64.181
202.90.198.78

Mine too.

Between 7:28-7:38 am CST this morning - 12 IP addresses tried cracking mine too.

200.8.30.70
58.252.56.149
222.192.185.68
123.231.237.118
202.182.51.42
200.27.129.12
142.54.188.180
217.219.190.209
61.136.93.38
178.217.154.50
183.13.68.65
77.94.48.5

This happens periodically. They're looking for common passwords, so as long as you have a strong password you don't have to worry.

add me to the list as well..

59.60.7.146
190.151.122.38
190.201.233.18
119.187.148.34
176.62.74.90
189.85.24.242
83.212.108.97

Me also

I got hit too.
Surely there are spam prevention mods that would help prevent us from getting those emails?
Maybe a "log in under x seconds" mod?

I think a lot of us got those...

you can use this mod and see if it helps https://vborg.vbsupport.ru/showthread.php?t=297834

I got hit too.
Surely there are spam prevention mods that would help prevent us from getting those emails?
Maybe a "log in under x seconds" mod?
You don't want to be told that someone tried to brute force their way into your account? I like to be told. I throw them away, but I do like to know.

Me too, just got 4 attempts on my account.

--------------- Added 1370809012 at 1370809012 ---------------

Add another 19 attempts to that. All from separate IP's. Quite the extensive attack on vBulletin.ORG right now.

Here's another IP to toss on the barbie - 85.234.22.126

I got it too... Note the usernames... All A's and B's... they go in alphabetical order.

They've done this before and given up!

Is someone from vb.org going to control these attacks
To break into people's accounts ? Please add a block
Based on the IP addressed reported by members or invest into WAF to prevent this in
The future.

WTF ? this is not first time

Unfortunately short of disabling board emails there's nothing worthwhile to be done. There are hundreds, maybe thousands of IP addresses involved so banning individual ones is not feasible.

This usually lasts a couple days and then ends- in the mean time the easiest/best course of action is just to delete the emails.

this is not first time
Nor will it be the last time.

This happens every few months.
The software does what it is designed to do, it blocks them, and informs you.

Change your password if it worries you, otherwise just delete them.

If they aren't members, how are they getting our usernames?!

If they aren't members, how are they getting our usernames?!Just scraping them off the members list!

This sort of thing has been happening all the time on many sites and forum, so it was inevitable that it will happen here eventually. New Bots are being written to seek out lits of embers and then using brute force attacks to find weak passwords. This is why you always need to change your passwords.

I implemented a very simple, yet effective ways to fight these Bots. There are on the other hand a real person attack 'Hacker' which can visit your site. With some ISP providing proxy IPs and redirects, blocking IP number will be a total waste of time.

I can tell you that most of the attacks are coming out of Asia, Poland, Turkey, Federation, Germany, Ukrane, UK and yes USA. So if you block these IPs you also block possible effective members.

I too received the same notifications of attacks to my account, and when I read the IPs I just laughed. You see these all the time on my other sites, and they will tire and soon return as always. Scan you user database for weak passwords, notify the user to regularly change them. Most importantly, implement a simple and effect means to filter those Bots.

Sorry for this lengthy reply, but we do tend to panic over very simple and rectifiable problems.

Proverb: If your house has a door, expect some one to knock on it....

I kind of feel unworthy since they only used 1 IP to try to crack my password :(

Nice to see the typical corporate response to something like this. Ignore it and it'll go away.

What would shock me is if someone actually started to get proactive with crap like this. You have server logs. Turn the cretins in.

Nice to see the typical corporate response to something like this. Ignore it and it'll go away.

What would shock me is if someone actually started to get proactive with crap like this. You have server logs. Turn the cretins in.

Well since they can get a new ip as quick as anyone can block them
it is pretty much useless to block them by IP

the vB s/w is doing it's job - doesn't seem like anything more need or can be done to be proactive -do you have any ideas?

There are many many ways of limiting their access, here's one if you know their useragent https://vborg.vbsupport.ru/showthread.php?t=264932, but there are simpler thinsg you can do, don't allow guests to view members list, dont allow guests to view who's online, force password changing (vb3.8 onwards) every xx days.......the list goes on :)

There are many many ways of limiting their access, here's one if you know their useragent https://vborg.vbsupport.ru/showthread.php?t=264932, but there are simpler thinsg you can do, don't allow guests to view members list, dont allow guests to view who's online, force password changing (vb3.8 onwards) every xx days.......the list goes on :)

Looking at my logs under last attack - noticed they rotated through multiple User Agents all in the same 1 minute span ..that option of defense really seems to be a very minor hindrance to a real attack. Highly Agree about blocking the member list to guests help - vB.org should really consider this - especially the way this last attack occured alphabetically - I don't even see a valid reason to make the list available to registered users . Hate forced password changes myself - seems to encourage users to pin them to their workstation to keep up.

Set guest to post limits of five or more before they can view lists. As we all mentioned earlier, it is only when a human spammer directly invades your forum, that you need to worry and report them. Bots just like any other insect, is a pest that can be dealt with in very simple precautionary measures.

As for cataloging these IP, that has already been done at 'stopforumspam.com' they already have a long list of reported IPs you can check against.

Set guest to post limits of five or more before they can view lists......Whaaaaaat!!!! DON'T ALLOW GUESTS TO POST, bad, bad, bad!

--------------- Added 1370827366 at 1370827366 ---------------

As for cataloging these IP, that has already been done at 'stopforumspam.com' they already have a long list of reported IPs you can check against.Unfortunately i stopped using this a long long while ago as it kept catching legitimate users!

I meant to say they cannot view members list

don't allow guests to view members list, dont allow guests to view who's online
I second that. Especially if that's the way they get the names.
At this moment the are busy with BL from the alphabet, because I could dozens of mails since yesterday evening.:D

I've received 27 emails, all with different IP's attempting to login to my account.

I have been getting these emails all day today.

250 attempts on mine in the past hour.

And I am getting hit a second round now.

B B B B ;)

190.124.165.194
125.210.131.49
118.123.242.112
118.195.65.250
202.59.128.254
186.116.130.90
61.247.176.126
125.39.66.132
218.29.54.105
187.20.38.139

(a list of ip's/proxies to ban)

Add me to this list. 51 emails. trying to figure out what access to my account would give anybody

Aw man, I only had about 15...my log in wasn't so important...

*insert sad face here*

Yes, me too. Have now had more than 60 emails advising me that I am locked out of registration due five incorrect attempts to login and to try again after 15 minutes. Let me see now ... that's 60 x 5 = 300+ login attempts - maybe I should feel honoured. :rolleyes:

Persistent little morons, aren't they? Just to be on the safe side, I've changed my password and made it longer and more complex.

Hope that does the trick and stops 'em getting in to use my fictitious username, though I too wonder what advantage that will actually give this annoying hacker. Seems to me he/she/they will only be able to post or possibly download mods using my name. Is there a threat beyond that which I am not seeing?

Incidentally, on my own website, I place blocks on guests and REGISTERED MEMBERS with regard to seeing the member list. I don't see a valid reason or a need for them to look at who is a member until they have joined us and posted enough times for me to know whether or not they are real persons who are genuinely interested in the site. And I allow nobody but Admins to see who's online.

More than 50 attempts on my accont :)

I only got 11 so far..
It would be fun if we could get a list of the top passwords they try..

As mentioned somewhere prior, make sure on your own forums that guests cannot view the members list.

As you can see all the posts above are from registered usernames that begin with an "A" or a "B". I bet we all wouldn't be having this issue if vBulletin.org also hid the members list from guests!

I had like 40 attempts up till now. My password is completely random and generated by a password generator. Have fun with approximately 5000 years of trying to brute force it.

--------------- Added 1370859881 at 1370859881 ---------------

I believe the perpetrator is amongst our ranks because as soon as I've posted this the attack had stopped.

hi, this morning I received 3 emails

1) Your account on vBulletin.org Forum Has Been locked Because someone has tried to log into the account with the wrong password blackberries than 5 times. You will be Able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 91.103.127.37

2) our account on vBulletin.org Forum Has Been locked Because someone has tried to log into the account with the wrong password blackberries than 5 times. You will be Able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 180.96.64.179

3) Your account on vBulletin.org Forum Has Been locked Because someone has tried to log into the account with the wrong password blackberries than 5 times. You will be Able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 112.220.224.187.

I know these are not my ip, beware that they want to steal my data and sorry if I posted in this section.

I get 12 emails with similar text and different IP addresses!

regards

bosss

I kind of feel unworthy since they only used 1 IP to try to crack my password :(

Maybe they got in on the 2nd try? :eek:

Mine got tried too...only two emails though. Maybe above poster is right. Got in after only two!

If they did, what would they do with your login? Spam advertisements? Check to see if posts have been made in your name. If you see posts you didn't make, you've been hacked. Either way, you might want to change your password. I just changed mine, just in case. New one is 12 random characters. :D

just checked my e-mail and i`ve got 32 e-mails of vbulletin.org saying this

Dear craigvm,

Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 194.141.252.102

Don't forget that the password is case sensitive. Forgotten your password? Use the link below:
https://vborg.vbsupport.ru/login.php?do=lostpw

All the best,
vBulletin.org Forum

any1 else had this today?

Yes, it's been happening to people since yesterday morning. It happens every once in a while.

(I'm merging this with the other thread where it's being discussed).

I second that. Especially if that's the way they get the names.
At this moment the are busy with BL from the alphabet, because I could dozens of mails since yesterday evening.:D

Except the member list isn't the only way they can get names. There are other ways, such as via threads.

Short of making the whole forum viewable only to registered users, there's nothing that can be done.

Same here. 145 login attempts by hacker so far TODAY.

Admin needs to limit login to my original registration ip or something.

Oh. I am not alone. Cool :)

I haven't logged on or used this forum in years. This is happening to me too. Is there any way to have my forum account deleted? Like physically removed from the database?

Sorry, but we do not delete accounts.

Guess I'll go create a dummy gmail address and change my email address to it, then delete the gmail account then.

Received 28 emails :rolleyes:

85.15.227.78
186.93.175.45
211.151.115.16
2.135.237.98
60.223.255.141
222.73.233.146
103.10.99.210
2.181.177.7
91.103.127.37
118.97.206.254
222.92.141.155
74.221.211.12
95.167.218.226
58.250.87.122
123.129.54.126
49.212.212.203
218.25.249.188
91.219.238.77
78.130.136.18
2.135.238.10
89.218.101.106
2.135.237.58
2.133.92.2
61.247.176.126
177.43.57.63
31.131.30.161
218.24.15.98

Mine to, I just got a bunch of emails from vbulletin.org and still going on. As I am typing this I got 3 more emails...

32 attempts here and possibly still counting.

Guess I'll go create a dummy gmail address and change my email address to it, then delete the gmail account then.

You don't need to delete the dummy account, just set an invalid email address.

Hello,
I just received about 30 emails from the vbulletin.org webmaster that something is trying to log into my admin account and I'm locked out. The message says:

Dear diyautoftw,

Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 119.136.28.49

The IP address often changes.

Luckily I have a few other admin accounts but until this stops I won't be able to log in through the main account. Any way to fix this?
I also installed the Spamomatic mod so could that have something to do with it?

It's this site that's under "attack" so nothing that you've done on your site makes any difference. They are just going through the member list looking for accounts with weak passwords. It won't stop you from logging in to your account because the 15 minute block is per ip address. If you have a strong password, you don't have to be concerned.

I'm merging this thread in to an existing one where this is being discussed.

Please use only one thread for any discussion on this.

https://vborg.vbsupport.ru/showthread.php?t=280796