As was mentioned multiple times, if your password is secure, you have nothing to worry about. You do realize that this happens on every account you have across the internet, right? Daily. It's just vBulletin has a built in notification process when it happens. Most places, you'd never know unless you have an awful password. Seriously, though. Knowing your PayPal email address is about as potentially dangerous as someone knowing your last name. Everyone we did business with already knows it.

We really have to stop this paranoia every time hacking bots randomly pick this site as a target. Everything that can be done on the administration end has been done. Now you have to secure your password, just like you would everywhere else on the web. I can't understand why this doesn't sink in.

If you have a secure password it would take hundreds of thousands or millions or more chances to brute force break your password. Even someone who got 50 emails only had 250 max unique passwords checked on their account. The chances of them getting it right are almost zero. If your password is even puppy1036 they are never going to get it with this attack.

They are looking for the extremely week passwords- such as-
password
123456
abcde
[your username]

etc...

I can assure you they are not related. This happens every few months around here- they are only looking for valid, licensed, accounts.

The paypal field is only of value to coders/designers who can receive donations from other members as thanks for their mods.

There is no risk so long as you don't have the same password for vbulletin.org and paypal.

My paypal email is: paypal@juot.net - I welcome any donations anyone wants to send - there is ZERO risk making this public.

getting brute forced as well here getting notifications of wrong password.

It may happen every few months, but it doesn't make it any less serious. Maybe there is something the site can do to help prevent or minimize further attacks? I'm sure there are a number of things that can be done.

Vbulletin.org is the only site I have had this happen at. While its possible or likely it may have happened at others and I never knew about it, its still not reassuring IMO.

Or is it gonna take something catastrophic to happen and the damage done before its taken more seriously. Simply put this I don't think should be happening as often as it is to the point its affecting members here. Let alone to the point its making them jittery.

We don't know what they are after or what the true intention is. Having a good password may still not stop them. Its obvious they are looking for something. The question is if they get what they are looking for, is VB.org prepared to deal with the fallout and who will take responsibility for not trying to do more about it ahead of time when the chance was there?

This caught my attention. Downplaying it is not something I know I would be doing.

The only thing we will likely do at some point is stop having so many emails sent to the users since there is really nothing you can do about it.

We will monitor when these things happen but there isn't a whole lot anyone can do.

The fact these emails are generated frankly means the system is working.

vBulletin.org has no real sensitive data beyond forum holder email addresses- and as long as you use a unique password and a secure password there is no need to worry.

I just changed my password to something freakishly long and complex. I suggest others to do the same.

32 chars FTW ;-)

I have dynamic IP address. It's normal in my country.

Every time I login, I'm using different IP. This would mean I'd receive emails every time when I login.

On the other hand, something like this would mean a difference to people who wants to be extra safe.

Good to know I'm not alone, someone has been trying to hack my account with a proxy as well. How annoying >_< Guess it's time to change the PW to something ridiculous ;)