*singing voice*

IT'S THE MOWWWWWWWWWWWWST WONDERFUL TYYYYYYYYYYYYME OF THE YEAR!
WHEN YOUR IP GETS HACKED AND YOUR PASSWORDS GET JACKED!
ON VB DOT OAAAAAAAAAAAAAAARRRG! IT'S THE MOST - WONDERFUL TIME OF THE YEAAAAAAAAAAAAAR!

I am also affected. Changed my password. Maybe this is caused through the heartbleed case?

I farted at the same time the plane they found near Australia went off its planned route. Maybe they were related?

Seriously, random failbots attempting to break into vBulletin accounts have nothing to do with OpenSSL bugs.

You guys who say this only happens on vbulletin.org - do you ever check your server access logs? I'm not talking about the apache access_logs, but the ones that show when someone tries to brute force your server. This, at vbulletin.org, is nothing compared to that!

Come on vb.org, this is absolutely ridiculous. What's the issue here and what have you done to address it?


Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 183.220.40.221

The person trying to log into your account had the following IP address: 195.189.30.10

The person trying to log into your account had the following IP address: 116.213.62.122

Seriously, I'm not trying to be an a-hole about this, but if you check this thread from the beginning, this type of attack happens around this time every year. I caught on to that fact when I got caught last year. If my account had been locked down, I wouldn't have been able to get in and I keep this thing logged on all the time.

...and for real tho, when I really sit back and think about it, if this account gets hacked, could the hacker please go in and check off that I've installed some of the modifications? I keep forgetting to do that. THANKS!

You would never be locked out unless the attack was coming from your IP Address.

Everyone in the forum software world knows the file structure of many forum software including vbulletin.

We all know bots crawl our sites everyday, they know that every member account path is "member.php?u=".
Its really easy to start with 1 then 2 then 3 ....etc...at the end of "member.php?u=" and paste your name in the login box and use a random password to see if it works.

You then get the locked account email...so what, it was not you... you know that.

Change your password to a stronger password for shits and giggles just to be safe.

Many requesting to add ip's to ban list should do a little research, its a waste of time to ban ip's... getting a new ip is easy to do.

There is nothing that can be done to stop it from happening..no one is to blame for this happening.. there is nothing wrong with vbulletin software... welcome to the internet.

Very good post.

But.... vBorg could probably re-word the email message, making it say something like:

"We locked IP 123.456.789 out of login to your account, due to multiple failed attempts to log in. The login attempts failed but please insure you have a strong password."


Might save alot of this hand wringing every time this occurs.

I'm getting the same thing, started yesterday and all different IP address.

6 attempts in the past hour.