vb.org Archive
Page 14 of 28 « First 41213 14 151624 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin.org Site Feedback (https://vborg.vbsupport.ru/forumdisplay.php?f=7)
-   -   Account locked? (https://vborg.vbsupport.ru/showthread.php?t=280796)

Kat-2 06-12-2013 05:26 PM
Possible correct theory, but I run visible, and between 5 and 5:30 AM (central time), I received approximately 30 emails saying I was locked out. Umm...I was sound asleep then, so sure was not showing online... :)

Max Taxable 06-12-2013 05:27 PM
Quote:
Originally Posted by Kat-2 (Post 2427717)
Possible correct theory, but I run visible, and between 5 and 5:30 AM, I received approximately 30 emails saying I was locked out. Umm...I was sound asleep then, so sure was not showing online... :)
We don't know how long they keep us showing online though, and we also don't know when the brute force attackers are gathering their target lists. Could be minutes, hours, days? Between gathering the info and launching the attacks.

I only know I have never been targeted and also have never run visible here.

Kat-2 06-12-2013 05:30 PM
Quote:
Originally Posted by Max Taxable (Post 2427718)
We don't know how long they keep us showing online though, and we also don't know when the brute force attackers are gathering their target lists. Could be minutes, hours, days? Between gathering the info and launching the attacks.

I suppose. Would have definitely had to have been keeping me showing online for a good 10/12 hours I'd say...if that were the case.

Max Taxable 06-12-2013 05:31 PM
Quote:
Originally Posted by Kat-2 (Post 2427721)
I suppose. Would have definitely had to have been keeping me showing online for a good 10/12 hours I'd say...if that were the case.
Not necessarily. It depends on when the attackers gathered their target data. This, we have no way to know.

Kat-2 06-12-2013 05:33 PM
All is null as far as I am concerned. Was not a successful attack anyhow.

Max Taxable 06-12-2013 05:37 PM
They only need to get one successful attack.

Gathering the target usernames isn't necessarily happening at the same time the attacks are. In fact, were I doing this I would gather names over at least a week's period, entering them into the brute force cracking software, getting some thousands accumulated before launching the actual attack.

BirdOPrey5 06-12-2013 05:46 PM
Quote:
Originally Posted by Max Taxable (Post 2427715)
I've never been hit by this here at vB dot org. And I am wondering if it's because I run "invisible." The brute force attacks might or might not be random - they might be getting active accounts to target from the bottom of the main forum page, the aggregate "what's going on" area.

Just a theory.
You haven't been hit because they always go in alphabetical order and they'be always stopped before M in the past.

Max Taxable 06-12-2013 05:47 PM
Quote:
Originally Posted by BirdOPrey5 (Post 2427727)
You haven't been hit because they always go in alphabetical order and they'be always stopped before M in the past.
Are they hitting nonexistant accounts, or are they choosing correct names from 'who's online?"

They may have gone further than the letter M, at least one time:

https://vborg.vbsupport.ru/showpost....1&postcount=83

BirdOPrey5 06-12-2013 05:53 PM
They are hitting people who haven't logged in for 7 years... so it's not who's online. It was either a copy of the member's list (made before the attack) or a spider that just crawled the site and captured all the usernames. They would need to sort them anyway to prevent duplicates so it makes sense they are in alphabetical order.

They seem to have skipped accounts that start with a special character, like !username, so I'm not convinced they used the member's list as those names are on top.

Max Taxable 06-12-2013 05:55 PM
Quote:
Originally Posted by BirdOPrey5 (Post 2427731)
They are hitting people who haven't logged in for 7 years... so it's not who's online. It was either a copy of the member's list (made before the attack) or a spider that just crawled the site and captured all the usernames. They would need to sort them anyway to prevent duplicates so it makes sense they are in alphabetical order.

They seem to have slipped accounts that start with a special character, like !username, so I'm not convinced they used the member's list as those names are on top.
And of course, they don't have a common item in their UA string, like Brutus for example, leaves.

Makes it really difficult to block or inhibit.


All times are GMT. The time now is 11:06 AM.
Page 14 of 28 « First 41213 14 151624 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01256 seconds
  • Memory Usage 1,743KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (6)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (2)pagenav_pagelinkrel
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete