vb.org Archive
Page 3 of 10 12 3 45 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin.org Site Feedback (https://vborg.vbsupport.ru/forumdisplay.php?f=7)
-   -   People are trying to brute force my account (https://vborg.vbsupport.ru/showthread.php?t=294547)

Amit86 02-02-2013 08:57 PM
Just received 180 emails about my account being locked for wrong password

Amenadiel 02-02-2013 08:58 PM
A few more IPs from last hours

111.221.3.218
85.133.162.132
84.241.52.97
213.154.203.148
59.57.15.71
111.161.30.218
187.5.228.123
42.121.16.222
180.250.130.186
62.210.226.142
202.69.105.154
190.153.5.95
78.134.255.43
111.221.3.218
77.110.120.200
210.14.143.53
186.95.122.150

at least they bothered to hire a botnet to perform the attack.

Alex_Grist 02-02-2013 09:10 PM
I've also had over 150 emails regarding my account being locked due to someone attempting to brute force my password; VBulletin should be better prepared for something like this, surely having an account locked means you can't attempt at all for 15 minutes? This is annoying spam that needs to be prevented.

Edit:

Added a GMail filter to automatically delete the annoying emails.

Azunai 02-02-2013 10:00 PM
Well how about an email WHENEVER someone SUCCESSFULLY logs into your account
this would be very intersting to now + avoid "login try" spam

BarelyHangingOn 02-02-2013 10:11 PM
I am getting a pole load of them too. Annoying.

DAMINK 02-02-2013 10:18 PM
I changed locations for my admin and mod areas.
Never had an issue with false logins unless its me screwing up (happens often).

I made a fake admin/mod area that ultimately leads to a trap and .htaccess bans that ip address.
Nice simple easy solution.
I imagine these attacks are automated and looking for /admincp/ sort of thing.

I highly recommend renaming your admin and mod areas.
Not to mention hiding your version number as they often use the 2 as a means of targeting the desired board.

Bluemax712 02-02-2013 10:50 PM
Yes - it should be redesigned to lockout for 15 minutes from any IP
I got 14 emails listing 14 different IPs within 5 minutes

or maybe it is locking out from all IPs for 15 minutes
and it's the message that should be changed when there are more attempts from different IPs during the lockout period:

Account already locked but another attempt has been made by xxx.xxx.xxx.xxx

AuroraStorm 02-02-2013 10:57 PM
Yep...I got the same thing from an IP 180.241.113.26 that I tracked to Indonesia...

Digital Jedi 02-02-2013 11:01 PM
Quote:
Originally Posted by Alex_Grist (Post 2401419)
I've also had over 150 emails regarding my account being locked due to someone attempting to brute force my password; VBulletin should be better prepared for something like this, surely having an account locked means you can't attempt at all for 15 minutes? This is annoying spam that needs to be prevented.

Edit:

Added a GMail filter to automatically delete the annoying emails.
Better prepared? The didn't get in. They got locked out. Your account did not get compromised. AND you were informed. Exactly what would be better than that?

Beretta1526 02-02-2013 11:18 PM
More IP's from about 45 minutes ago, and then 36 minutes ago:

190.37.38.210
190.221.174.130
186.103.129.84
177.53.104.9
186.103.136.228
84.55.76.228

I guess it's a good thing I didn't use "monkey" for my password, huh?

.


All times are GMT. The time now is 06:36 AM.
Page 3 of 10 12 3 45 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01117 seconds
  • Memory Usage 1,735KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete