Since I have sold my VB licence I keep getting loads of these mails

Dear DirtRider,

Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 195.199.173.201

Don't forget that the password is case sensitive. Forgotten your password? Use the link below:
https://vborg.vbsupport.ru/login.php?do=lostpw

All the best,
vBulletin.org Forum

It's likely due to Heartbleed. Someone is trying to compromise the site.

In the last 2 days I too have received around 20 of these emails.
I have just changed my password to something more secure just to be on the safe side, but I hope vBulletin are looking into this.

The first load of logins attempts were on Wednesday night, and then tonight (thursday) they started coming through again.

The person/bot that is trying to login to my account must be using a proxy as the logged IP address changes on each login attempt. I did search a few of the IP's and most of them seem to be in China.

It's likely due to Heartbleed. Someone is trying to compromise the site.Total nonsense. What's generating these emails is the work of just a typical dumbass, script kiddie running a brute force password cracker such as Brutus.

The "heartbleed" exploit is totally unrelated to this and is completely unrelated to vBulletin.

In the last 2 days I too have received around 20 of these emails.

Me too.

I did search a few of the IP's and most of them seem to be in China.

I agree.

Im in too :(((

The person trying to log into your account had the following IP address: 197.255.60.78
The person trying to log into your account had the following IP address: 183.220.233.153
The person trying to log into your account had the following IP address: 184.82.27.226
The person trying to log into your account had the following IP address: 177.129.157.1
The person trying to log into your account had the following IP address: 78.25.82.66
The person trying to log into your account had the following IP address: 223.83.129.198

It's likely due to Heartbleed. Someone is trying to compromise the site.

These have been happening for years.. It wouldn't solely be on this new exploit IMO. ;)

Bulletin.org Forum webmaster@vbulletin.org

04:18 (6 hours ago)

to me
Dear recon2010,

Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 113.190.253.180


-------------------------------------------------------------------->

vBulletin.org Forum webmaster@vbulletin.org

03:55 (6 hours ago)

to me
Dear recon2010,

Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 187.65.84.96
----------------------------------------------------->

vBulletin.org Forum webmaster@vbulletin.org

03:54 (6 hours ago)

to me
Dear recon2010,

Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 79.99.24.7

Don't forget that the password is case sensitive. Forgotten your password? Use the link below:
https://vborg.vbsupport.ru/login.php?do=lostpw

All the best,
vBulletin.org Forum

-------------------------------->
vBulletin.org Forum webmaster@vbulletin.org

04:00 (6 hours ago)

to me
Dear recon2010,

Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 85.185.82.13
---------------------------------------------->

Need to do something. They attacking other vbulletin account sites too.

--------------- Added 1397201683 at 1397201683 ---------------

Need just shut down compromissed servers. If they not do it we use same cure in ddos.

I've been receiving the same emails.

If this were related to Heartbleed the hacker would likely have our passwords already by pulling them out of the server's RAM and not trying to get in with a bunch of incorrect passwords.

Who said they dont have passwords yet ?

Passwords and logins in diferent database place, so they trying to pick right. They dont know what password for what account lol. How otherise they know my login while i almoust not posted anything few years :D

I have been getting the same since 10am UK time on Wednesday, and the IP addresses trying to gain access have been in Thailand and Ukraine amongst others.

It would be nice to hear from the Moderators what suggested actions we should take.
I have already changed my password to one that is very unlikely to be cracked by brute force.

I don't believe in co-incidences, and the timing along with Heartbleed is intriguing.

I have been getting the same since 10am UK time on Wednesday, and the IP addresses trying to gain access have been in Thailand and Ukraine amongst others.

It would be nice to hear from the Moderators what suggested actions we should take.
I have already changed my password to one that is very unlikely to be cracked by brute force.

I don't believe in co-incidences, and the timing along with Heartbleed is intriguing.


Heartbleed?.......... no way.


Ignore them is what you do. This has happened on all forum software since the 'net began.

I have had this at both VB sites several times a year for the last 7 years, and on every forum I have membership of.

It is called a BOT. Never heard of XRumer?

Just make sure you have a decent password that the Bot can't break.

Surely as forum admins you should know what is happening? :confused:

Thank god I'm not alone in this

Seems pretty clear someone is launching a pretty big brute force attack against the site., probably using known passwords from sources like the Adobe cache (although that's pure speculation..).

I've been getting these emails for days, and my poor account has been inactive for ages. Most of the IPs hitting me are located throughout EU and Asia, leading me to believe it's the work if a botnet.

Whatever the case, it has nothing to do with Heartbleed. If you know anything about the exploit, you'd know if they'd used it (which is NOT by any means easy), they would not be getting passwords wrong and would not be hitting accounts like mine that haven't been used in years. :)

We apologize to all those being inconvenienced by these emails. We will work on preventing such mass emails in the future- but for this "attack" the damage is already done.

First, the vast vast majority of you should just delete/ignore the emails- we do not need to know the IP addresses in them.

If you are not using a secure (complex / uncommon) password OR not using a password unique to vBulletin.org then you should change your password as soon as possible to be as safe as can be.

Anyone with a complex and unique password should feel absolutely safe.

Even if you got 50 such emails that translates to only a max of 250 passwords being tried against your account- likely the 250 most common passwords wich are simple words and numbers like 123456. There is no chance they will randomly get a password like monKEY$803, not with vBulletin's built in lock out system, which is the reason for the emails you are getting.

This is absolutely unrelated to the well publicized OpenSSL (Heartbleed) bug. vBulletin.org does not use SSL and that vulnerability doesn't present itself as a brute force attack.

It is also unlikely they are using passwords from Adobe or any other site- This is a brute force attack where they are using password lists of the most common passwords including those people who have the same username and password. Unfortunately this can be very effective on a site like this with many user accounts near a decade old, some of which haven't been touched in years and created at a time when password security was much less a concern.

In the mean time if you want to read more there is an open thread if the Site Feedback forum: https://vborg.vbsupport.ru/showthread.php?t=280796

If you no longer wish to have a vBulletin.org account I am sorry but we do not delete accounts. What you can do to stop getting emails is to go to Edit your Email Address: https://vborg.vbsupport.ru/profile.php?do=editpassword

Provide some new/random and undeliverable email address like 9djsbsjh@djdhdhd7shs.com and save changes. Your account will never get reconfirmed and you will no longer get any further emails, you can consider the account dead at that point.

Once again, we apologize for the inconvenience.