got this message the other day, then just now as well..

The person trying to log into your account had the following IP address: 223.84.180.232

I deleted the other email, so no idea what the proxy ip was.. not that it really matters ;)

Several more ips from today:
119.46.203.37
183.221.174.3
117.172.66.7

I have researched this matter 1-2 years ago. There are such geo-ip apache modules - you need root access to your server to install it. But it is reasonable to do only for very localized non-english language forums. Not to mention that this approach gives false positives or negatives sometimes.

99% of the ordinary users in the world, esp. in the "post ip v4" era when there is shortage and recycling of IP blocks, are using DYNAMIC addresses. So, unless this is made as an option in the User Control Panel that can be turned off, this is not very clever solution.

I agree it is not really dangerous, but it is just very annoying. VB Staff should just turn off these emails - can't be that hard.

This has nothing to do with it.

That is true. I am administering also a PHPBB3 forum - on a very micro forum (read less than 10 K posts) i get around 10-20 such bruteforce attempts per day on average. Initially i was annoyed at the PHPBB guys, because these were not logged, not autobanned, there in no notification and these are stored in a temporary SQL table that gets auto-cleared. But after i looked at how many times these attacks happen i saw this was the right decision, otherwise the logs on the server will get HUGE.
Here is how it looks in mysql right now:


The conclusion: VB Staff, please disable email spam, thank you.

In the future I hope we can make some changes to stop sending these emails to customers and instead send them to a local email address where network admins can keep an eye out. However- with the nature of the way things work here- it won't come soon enough to stop this attack, only hope it won't happen again in the future.

Not an OpenSSL issue. Completely unrelated- vBulletin.org doesn't use SSL. Even if it did, a brute force attack isn't a symptom of the OpenSSL issue- they would already have the sensitive data, they wouldn't be trying to figure it out.

As long as you have a decently secure password you are safe. Make sure all websites, especially vBulletin.org has a secure (complex/long) and unique password. The unique part being perhaps the most importing. With a unique password the absolute worst thing a hacker could do is post as you- which isn't high on the severity meter.

We hear you and will do something as soon as we can, but it won't be today unfortunately.

Joe, I would think long and hard about turning off the warnings.

All that will happen is on the next attack , staff and the forum will be swamped with people whining that their account was locked, that they couldn't get mods, that nobody warned them, and they should have been told that someone was attempting to access their account.

Been there, done it .......... you can't win.

As forum admins the members here should know what the emails mean, after all their own forums do exactly the same when the Bots are active.

Very irritating... 5 emails concerning this in less than a minute.

No one is locked out. Even when they get the emails, they aren't locked out. The lock only applies to the IP address causing the problem, so unless their own computer is part of the attack they can always access their account.

Got an email about the account lock myself yesterday. IP was 80.80.209.186 (Uzbekistan). First time I've logged in here in a very long time...last time was to change my password from the last big security flaw in vB. ;)

I got around 20 of these emails. 10 yesterday 10 today in my inbox.
I switched Passwords just to be safe.

It's a lot of different IP's tho.
Could this be a DDoS?

Same here, got lots of lockout mails with different IPs.
Because of timedifference my phone made me crazy last night... & had to turn of nortifications for mail receive

I got 5 emails in two days also changed my pw is there anything else I can do to prevent this? Thanks!