They do send out e-mails.

You can't be too broad with your restrictions unless your board has a specific target. For companies working with a global market such as VB, it's bad business to block too many ranges. I'm sure even China has legitimate customers using VB who would be blocked if a large enough range was used.

Hacking is at a big-time high. Twitter just got hacked. If your site is big enough, expect to someone to try and hack you.

vBulletin is working great knocking away the brute force attempts and sending emails to alert users someone is trying to log in as them. I got like 50 emails tonight, and decided to come in and update my already decent password to an even better one. Thats what the emails are for, in my opinion.

And VB not caring? If they didnt care, they wouldnt have built it into the system. People try to hack, they fail, and then they go away. If VB staff made a big deal about it each time, it would only encourage the people to try harder.

My $.02, anyways.

IP= 41.67.2.2 Proxy from Khartoum.

There is no doubt that spamming is getting worse and newer advanced programs are being used to counteract anti-spam measures we take. The providers need to become pro active, not brush the problem aside.
VB does send out an email, thanks, but action needs to be initiated to counteract the advances the spammer are putting in place.

A valid point, but I think it will only work if you allow cookies to be stored.
Many people delete cookies when they log off.

--------------- Added [DATE]1359858815[/DATE] at [TIME]1359858815[/TIME] ---------------

Exact figures are hard to come by. But it does appear that most spam comes from the USA.

Currently there is a lot from USA, China and Ukraine etc.

China is sensitive to international pressure and their reputation.

They have made large strides recently to curb scammers and other fraud. Closing down large numbers of bad sites etc . This is to their credit and is welcome.

However most governments are reluctant to curb any income producing method and the income from Chinese business who use spam is very large.

Until recently, a lot of the traffic was curtailed and quite a few businesses used ISP's in Hong Kong and Switzerland to bypass restrictions in mainland china. I think this is now not so common.

I've received 40 messages in the last 5 minutes about my account being locked because someone has entered the password wrong 5 times. Each message has a different IP address. PLEASE close\delete this account. I've not used VBulletin in over 4 years. Thank you!

As far as I know, they don't delete accounts here.

Just wanted to chime in that they are trying to brute force mine as well.

I also received 47 of these email. The reports were from many different IP addresses too. Romania, China, Brazil and India to name a few...

What is up with this?

--------------- Added [DATE]1359863784[/DATE] at [TIME]1359863784[/TIME] ---------------

BTW, this was an attempt from someone trying to log into my account 5 times with the wrong PW... Not an account deletion.

Here is an example of 1 of the 47 email I received.

Nothing to worry about if you have a strong password. Just spam accounts trying to get in.

Um, Paul commented on it today. The software is working like it's supposed to. This thread is bewildering. The software is doing what it's supposed to. Locking them out, and informing you of attempts. But this is, for some reason, considered out of control? So far no one has answered my question. What more do you want it to do?

I don't think anyone should complain. If you are a large forum owner, you knowhhowit fgoes.

I just came to note that it was happening to me.

Yeep happened to me today too.

I recieved around 50 of the same e.mails this morning as well.....

This is happening to me too.

Hundreds of emails from vbulletin.org in my mailbox today. I think that's what's freaking people out.

They're doing it alphabetically apparently.
They tried mine last night, 55 emails from 1:10am to 1:55am.

What I'm thinking about, you could change the account locking time to a bigger but acceptable delay (15 mins is nothing, 1 hour would be reasonable).

same here

AFAIK vBulletin software is sold as a community building software, i don't remember seeing on the box anything about server management, webmastering or Authoring or html & coding help..etc

Part of being a forum owner is trying out ways to overcome certain unwanted aspects and we do this to try and stop bots and spammers, at server level it's up to your hosts and yourself to harden your server environment. One thing is for sure if they really want to get in they will, good thing is there aren't that many who are that determined.

Happened to me today too - just going to hit deleted button on all the notifications and change my password - just wanted to know it's not only happened to me.

I'm curious as to how they are getting the usernames

Just a wild guess but https://vborg.vbsupport.ru/memberlist.php

deleted

:)

There are many hackers and scammers that sell what we call " Dumps"

Just as there are email harvesters, so it is for many other places they want to get into.

Hackers in some of the countries that are not so rigid on cybercrime, run websites that advertise such things. I am chasing a guy in India who is actively running some of these websites, that sell programs for harvesting.

Below, chosen at random is part of one of these Dumps. This particular guy is from Nigeria.

Last night I also received 38 mails of failed login attempts.

But why are there 38 mails within a period of 2 minutes ???

After the first attempt, the mail is send and then the next 15 minutes no logins should be possible for my account. But it seems that you can immediately try to login again if you use a different IP adress as the attempts came from different ip's.

Is this normal behaviour or is this a bug in this version of vbulletin (3.6.12) ??

Even without that it's not hard to harvest vB usernames.

Anyway, my account is under attack, too, but I wish them luck with my 20 digit random password including caps, lowercase, digits and special chars. :D

Else, I totally agree with digital jedi - the software is doing its job, it locks out the bots and sends out notifications. All nice and dandy, nothing staff could do about that, really.

We process e-mails in batches, plus as far as remember, attempts from a different IP address will trigger a seperate e-mail.

Its obvious its targeting each username from a wide range of IPs. If you have no interest in the e-mails, simply delete them.

I really like vb.orgs email notification saying someone has been trying to log into your account.

How can I implement this on my forum? I find this very useful.

I have no problems with the mails, I was just surprised that the 'locked' account is unlocked directly when the request comes from another ip. I did not know that before.
I have just tested it with one of my forums (3.8.7) and indeed the same happens. When I try to login from another ip, I have 5 more possibilities to use bruteforce hacking.

Perhaps it would be better to lock the account for 15 minutes without checking if the ip has changed. The successrate for a hacker is minimized then and a forum member normally will not change IP if he has typed the wrong password.

The only disadvantage of this is that some joker could stop a real member from logging-in if he continues to do this. So maybe that's the reason for unlocking from a new ip.

AdminCP > Settings > Options > General Settings > Use Login "Stikes" System > Yes

Thanks, that works for the user, but I'd like the admin to get a copy of that e-mail, too. Anyone know a way to make that happen?

I meant to ask how non-members are getting to the members list. I'm assuming that a member is aggregating the list. Is there any way to pull up members within the offending IP range and verify their intent or restrict their permissions?

Nope!, here memberlist.php is available to guests!

Oh, OK...seems like hiding the member list to the public would be a nice first step.

Ok So I see I'm not the only one. I got 78 messages about being locked out. I agree its annoying as hell.

got the same thing yesterday, looks like it started again.. annoying but i use a save password :)

Would be futile... The entire site is open to the public to read (posts) - You could skim usernames by simply browsing threads and capturing the usernames- it would be nothing to build the same list assuming you ever made a post.

Same Problem here:

134.181.130.86
81.169.135.82
202.228.204.224
207.158.26.16
103.246.145.184
177.70.8.162
195.69.191.204
125.216.144.199

If the people enter here the IPs ,maybe you can ban in the firewall server.

Same here, brute force from following IPs:
180.244.193.110
218.107.193.59
186.90.153.5
77.37.168.32
109.185.118.156
202.51.226.140
218.28.254.242
141.170.239.132
212.175.88.3
124.240.187.81
202.46.85.107
190.207.185.188
112.133.201.70
203.223.47.206
78.38.30.146
91.232.102.134

Blocking IPs will not help, you should set locking accounts based on username attempts, not IPs.

Ditto.

Got 12 emails myself. These are the IPs:

112.133.201.70
190.207.185.188
182.48.107.219
59.60.7.146
91.98.128.97
180.244.193.110
124.160.104.132
80.250.35.180
124.240.187.81
183.61.244.47
218.107.193.59
124.129.30.74

I got the same, I thought I'd come here to find this thread...

It seems to me that some one/group has been sold a database of 'older' user names & password combinations for various sites/forums etc... most likely gleaned some years ago due to past hacks, key-loggers, infected email accounts and probably a raft of other exploits which all exact the same purpose... to ultimately fund organized crime through spamming which results in revenue generation sadly, they just don't want to sell you sex-aids and cheap trainers and then live a life of access themselves... there's a reason to the madness, it's prevalent and widespread and it's organized, racketeering bodies are sold on databases of such information over and over, year in year out.. the older they get the more useless they become (and cheaper to the gangs) so they take the data and do a sweep to see what falls... any monies made go's back to the source, in years past it was drug trafficking and such & such.. today the internet and such data the public pass through their keyboards is used both commercially by the sites themselves and illegally by criminals if they can get at it... you've all heard of the high-profile attacks on 'steam' accounts for example... well guess what happens to all those accounts? yup that's it... sold on and used not right away but some years later... they'll be due to pop-up soon... i think this round of attacks shows that either the vb.org database was compromised some years back and no-one told you about it... or it's just a collection for username/password combos from an older collection of data... so all of us in this thread is on some kind of older database being sold on to gullible new gangs in the hope of making some illicit funds, i bet it wasn't just vb that was hit recently...

oh and twitter was hacked, apparently... tell you what, that's old data again... old account longs since setup lost to a gang, ripe for spamming and making some money from... all go's back to the same people... Kim Dotcom or whatever he calls himself these days made a million or 20 out of hosting ripped off content... he didn't make that kinda money selling space to students making maps for games or for people to hold their music files online... no, it was rife piracy... he still has lots on the boil... they hack the sites, share the content amount the higher echelons of their content-mules then dish it out multiple times across many forums... all going back to a pay download option...

anyhew if you have an older account... bet you had a little bit-tickle recently... silly sods.

Sorry, that's pretty much nonsense and backed up by nothing, just silly speculation. You don't need a database to do such a brute force attempt, you just harvest usernames either from the userlist or the posts and throw those usernames at the login form.