vb.org Archive
Page 3 of 7 12 3 45 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin.org Site Feedback (https://vborg.vbsupport.ru/forumdisplay.php?f=7)
-   -   Account locked? (https://vborg.vbsupport.ru/showthread.php?t=280796)

BirdOPrey5 06-11-2013 09:42 AM
Just delete the emails and don't worry about it.

Make sure you have a decently secure password. Make sure your password is not your username or 12345 or the word "password" or anything else very common.

Even if it is just lol#101 the chances they figure that out in 10, or 100, or even 500 chances is near zero.

fxwoody 06-11-2013 10:23 AM
1 Attachment(s)
Well, they have tried mine too....23 times lolll

One of the reason why i don't even know my own password over here nor my other 125 ones from different places rofl :)

People, just use Password Safe and make your pass 12 digits with random numbers,letters etc,etc........and it's free!!!!!

Hope they stop tho, it's freaking annoying for the emails :mad:

mikey1991 06-11-2013 10:47 AM
I got 51 emails from this site this morning from someone trying to brute force my account.

doctorsexy 06-11-2013 11:33 AM
Quote:
Originally Posted by setishock (Post 2315510)
What are they going to do when they find one? Or several? Or a bunch...
Space Aliens...run for the hills.....

BoostedK20 06-11-2013 01:02 PM
I had well over 100 emails...

Glockie 06-11-2013 01:03 PM
Yeah same here.. approx 21 emails so far with IP address: 89.77.33.126
Quick check reveals it to be Poland
Project Honey Pot reveals this too, perhaps you can ban their IP ranges?
CLICKY
I have a pretty secure pass but it always worries me when changing them during any form of attack..
Would you consider it to be safe to change it during the attack?

Hope they back off..

grayloon 06-11-2013 02:14 PM
I've received 8 of these in the span of a few minutes. IP addresses in China, India, etc.

109.224.62.197
114.251.216.194
125.39.66.150
218.204.23.4
58.252.56.149
61.8.72.99
94.200.252.195
120.29.153.78

Gradonil_Ral 06-11-2013 02:15 PM
Twice for me so far:

201.248.232.113
221.2.80.126

garyopa 06-11-2013 02:20 PM
Same for me also, over 50 attempts from 7:30am and upto just recently it finally stopped.

All different ips each time.

grecostimpy 06-11-2013 02:21 PM
Mine just got knocked about 6-7 times as well. I went in and updated my password to something much stronger. At least this was a wake up call for me to use a stronger password as I haven't visited here in quite a while.

IP's:

2.135.237.58
112.5.183.235
78.130.136.18
2.181.177.7
109.175.8.42
222.37.177.243
118.195.65.250

goyo 06-11-2013 02:45 PM
They're keep coming...It's not funny anymore...

Bat21 06-11-2013 02:55 PM
Quote:
Originally Posted by grecostimpy (Post 2427377)
.... I went in and updated my password to something much stronger. At least this was a wake up call for me to use a stronger password as I haven't visited here in quite a while.
Yes, did the same here too as I haven't logged in for a while :up:

Paul M 06-11-2013 05:23 PM
To repeat again - please dont post lists of IP addresses, its not serving any purpose, just filling up the thread.

This is just an automated system that uses zombie PCs all around the world (hence the hundreds of IPs) and tries a list of common, easy to guess passwords, and then moves on when it fails.

All you need to do is make sure you have a good password, that cannot be easily guessed, and delete the e-mails. You can of course change you password if you desire.

Chris8 06-11-2013 05:35 PM
Got like 10+ emails from yesterday about it as well. Uhmm some bots must be on fire. How about banning these bad bots? Maybe they have specific user-agent or lack of user-agent or specific referrer string so 1 small line in htaccess would do it, no? Maybe the vb.org login fields/page could be changed/tweaked, cmon you're wed devs you can do it. Bots follow some specific data within the page source, it's not that hard to fool them.

bleros 06-11-2013 06:19 PM
Today i got again only 8 attempt, i changed password with pass generator with 50 character :rolleyes:

kippesp 06-11-2013 07:41 PM
I've not visited this forum in 6 years. But this mess brought me back for a short visit.

I know it is obvious, but people should be concerned that the harm from a successful username/password guess can do more harm than just spamming this forum or obtaining information from what this forum provides. Should that user still continue to use this same combination on other sites, say bankofamerica.com, then vbulletin forums can be a good testing ground for identifying valid combinations without triggering lockouts on other sites (without >1 factor improvements). Perhaps a design change to VB's log in such as reverting to a dreadded CAPTCHA after x-failed attempts. ...back to lurking.

columbonet 06-11-2013 10:38 PM
I had 47 emails today, all with different IP's trying to get into my account here on this site.

Digital Jedi 06-11-2013 10:56 PM
Quote:
Originally Posted by kippesp (Post 2427456)
I've not visited this forum in 6 years. But this mess brought me back for a short visit.

I know it is obvious, but people should be concerned that the harm from a successful username/password guess can do more harm than just spamming this forum or obtaining information from what this forum provides. Should that user still continue to use this same combination on other sites, say bankofamerica.com, then vbulletin forums can be a good testing ground for identifying valid combinations without triggering lockouts on other sites (without >1 factor improvements). Perhaps a design change to VB's log in such as reverting to a dreadded CAPTCHA after x-failed attempts. ...back to lurking.
That's not, in any way, shape or form, vB's responsibility. Preventing access to your bank account, or any other online accounts, is your job. How many times have we been told not to use the same password on multiple sites? How many times have we been told to use number/CAPS/Lowercase/Special Character combinations? How many times have we've been told not to give out our password to sites that don't have the same URL as the one they claim to be? We've been warned and warning people for nearly two decades now how to do this right, and if folks continue to think it won't happen to them, that's on them, not the developers of forum software who've already taken significant steps to preventing this in the first place.

grafbyte 06-11-2013 11:44 PM
HI

im becom 4 mails ..

PHP Code:
Dear grafbyte,

Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 timesYou will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address61.19.42.60

Don't forget that the password is case sensitive. Forgotten your password? Use the link below:
https://vborg.vbsupport.ru/login.php?do=lostpw

All the best,
vBulletin.org Forum 
PHP Code:
Dear grafbyte,

Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 timesYou will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address109.198.126.112

Don't forget that the password is case sensitive. Forgotten your password? Use the link below:
https://vborg.vbsupport.ru/login.php?do=lostpw

All the best,
vBulletin.org Forum 


PHP Code:
Dear grafbyte,

Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 timesYou will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address2.135.238.10

Don't forget that the password is case sensitive. Forgotten your password? Use the link below:
https://vborg.vbsupport.ru/login.php?do=lostpw

All the best,
vBulletin.org Forum 

PHP Code:
Dear grafbyte,

Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 timesYou will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address89.218.0.26

Don't forget that the password is case sensitive. Forgotten your password? Use the link below:
https://vborg.vbsupport.ru/login.php?do=lostpw

All the best,
vBulletin.org Forum 

inphoenix 06-11-2013 11:44 PM
Add me to this list. 26 emails so far.

hoadiem 06-12-2013 12:06 AM
i got same issue (from 2:52pm to 3:38pm 6/11/13) 18 emails

180.188.196.47 from Hong Kong
124.165.212.3
117.218.37.18
186.116.130.11
114.251.216.194
124.195.52.21
66.35.68.146
205.164.41.101
41.89.130.6
212.33.204.37
190.102.17.240
188.136.199.193
202.150.137.154
190.201.233.18
189.115.138.217
217.219.128.134
89.218.101.26
218.25.249.188

i think admin should ban these ip to prevent them from hacking to ours accounts.

blind-eddie 06-12-2013 12:11 AM
<a href="https://vborg.vbsupport.ru/showpost.php?p=2427427&postcount=93" target="_blank">https://vborg.vbsupport.ru/showp...7&postcount=93</a>

iogames 06-12-2013 03:05 AM
I have 7! did I win?

Quote:
Dear iogames,

Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.
125.39.66.155
213.186.122.123
46.29.78.20
201.217.252.67
218.108.242.108
187.73.70.14
125.39.66.146

jemiller226 06-12-2013 03:54 AM
19 in the last half hour. Seriously? Can you seriously not prevent login flooding? Can you seriously not block access to the member list?

And don't you dare tell me it's my problem!

blind-eddie 06-12-2013 04:47 AM
Quote:
Originally Posted by iogames (Post 2427545)
I have 7! did I win?



125.39.66.155
213.186.122.123
46.29.78.20
201.217.252.67
218.108.242.108
187.73.70.14
125.39.66.146
Nope, I had 24 on the 9th....

Joemadden1989 06-12-2013 05:47 AM
This morning i woke up to a number of emails calming to try and login as me.

------------------------

Thats all for now, if i get anymore i'll let you know.

Joe.

john h 06-12-2013 06:13 AM
I'm getting the same emails. Someone trying a brute force attack?

jasff 06-12-2013 06:16 AM
I just got hit with about 10. I went in and made a difficult long password with all characters, numbers, etc.

All the IPS are out of Russia Federation.

Zachery 06-12-2013 06:16 AM
<a href="https://vborg.vbsupport.ru/showthread.php?t=280796" target="_blank">https://vborg.vbsupport.ru/showthread.php?t=280796</a>

jluerken 06-12-2013 08:06 AM
I am now getting the same stuff. Looks like someone is trying to brute force vbulletin.org accounts.

Any official Feedback please?

kafi 06-12-2013 08:42 AM
Same emails in my inbox.

Jonm 06-12-2013 10:31 AM
22 emails about this!

114.141.162.60
95.181.40.202
86.123.226.93
100.45.50.131
94.73.62.44
116.50.153.66
200.196.51.130
178.77.243.110
58.242.249.31
140.112.174.24
72.29.4.111
190.102.17.240
210.43.128.18
210.14.133.202
121.12.167.197
2.133.94.42
91.228.53.28
183.62.139.214
202.77.119.114
119.36.87.26
58.22.151.184
85.15.227.78
118.97.206.254
190.111.122.2
89.218.101.26
197.220.163.75

JonUrban 06-12-2013 10:38 AM
I got about 50 of those locked out account emails as well from 3:15AM ET to 4:16AM ET, June 12, all saying my account was locked out. Funny thing is, when I came here, it was not! I changed my password, but it's a bit freaky to wake up to all of this.

I did a WhoIs on the IPs, and they are mostly from China. What do they expect to get from this.

I noticed in my CPanel for my webspace that my forum is getting a lot of hits from China. I wish I knew what they were up to.

Spooky stuff.

Quote:
Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 91.103.127.37

Don't forget that the password is case sensitive. Forgotten your password? Use the link below:
https://vborg.vbsupport.ru/login.php?do=lostpw

All the best,
vBulletin.org Forum
Here are all the IPs, in the order that I got the emails, for those interested:

86.96.229.68
206.251.61.230
24.172.34.114
23.30.90.105
222.37.177.243
60.220.212.60
187.185.71.90
183.166.191.243
218.5.74.174
189.85.24.242
222.89.154.6
218.188.13.237
186.103.135.82
118.195.65.243
2.133.92.242
118.98.233.6
61.136.93.38
202.182.53.57
201.77.202.68
58.252.56.148
110.138.239.223
58.252.56.149
113.200.214.42
78.38.23.242
116.228.55.217
176.33.138.156
203.215.48.38
119.187.148.81
58.22.151.184
203.189.136.17
60.223.228.2
197.160.56.108
202.102.26.136
211.161.152.108
95.161.7.13
46.21.240.253
119.36.87.26
192.110.163.22
46.16.180.58
112.220.224.187
187.6.252.146
190.124.165.194
202.150.137.154
60.223.255.141
77.94.48.5
85.15.227.78
91.103.127.37
193.160.225.13
221.0.90.54
223.4.118.98

kitsch 06-12-2013 11:23 AM
Same emails in my inbox too.

KenDude 06-12-2013 12:26 PM
Quote:
Originally Posted by Paul M (Post 2427427)
To repeat again - please dont post lists of IP addresses, its not serving any purpose, just filling up the thread.

This is just an automated system that uses zombie PCs all around the world (hence the hundreds of IPs) and tries a list of common, easy to guess passwords, and then moves on when it fails.

All you need to do is make sure you have a good password, that cannot be easily guessed, and delete the e-mails. You can of course change you password if you desire.
Paul,
Why do you say this? Why couldn't I take that list of IP addresses and block them on my own forum? If those are known bad zombie PCs then I don't want them hitting my site for any reason, password hacking or otherwise. Knowing their IP address would allow me to add them to the blocked list on my site. Thus, I fail to see the harm in posting the IP addresses if others wish to do something with the list. Am I missing something here?

jimsflies 06-12-2013 12:51 PM
Got about 40 of these emails this morning.

One question I have is why doesn't vb.org block known spammers at the htaccess level? On my site, I block ips from known spammers and IP ranges from countries known to be rife with illicit internet activity (granted the later option probably isn't viable here on vb.org).

As an example a couple months ago, I posted a link to a new test site here on vb.org because I had a question about something I was working on and within a day I had more than 10 new spammer accounts on the new forum...that was the only link I ever posted and ended up editing my post to remove the link the next day. I think vb.org is used a lot by spammers because it is a treasure trove of links to other forums.

Jonm 06-12-2013 01:21 PM
Quote:
Originally Posted by KenDude (Post 2427607)
Paul,
Why do you say this? Why couldn't I take that list of IP addresses and block them on my own forum? If those are known bad zombie PCs then I don't want them hitting my site for any reason, password hacking or otherwise. Knowing their IP address would allow me to add them to the blocked list on my site. Thus, I fail to see the harm in posting the IP addresses if others wish to do something with the list. Am I missing something here?
I echo this.

Digital Jedi 06-12-2013 01:50 PM
Quote:
Originally Posted by KenDude (Post 2427607)
Paul,
Why do you say this? Why couldn't I take that list of IP addresses and block them on my own forum? If those are known bad zombie PCs then I don't want them hitting my site for any reason, password hacking or otherwise. Knowing their IP address would allow me to add them to the blocked list on my site. Thus, I fail to see the harm in posting the IP addresses if others wish to do something with the list. Am I missing something here?
I'm not sure how many different ways this can be said to you guys. You will spend each day, every day, adding new IPs to your .htaccess if you try to do it that way. That's would not just be time consuming, it would be ultimately fruitless. It wouldn't do the job of preventing these IPs from hacking into your account.* What you would need is a system that prevents ANY automated system from getting into your account based on known hacking behavior. Wanna guess what that system is?

Guys, the only reason you even know about this is because you got an email letting you know the attempt failed. That's really the only reason you even noticed. The same thing is happening to any account you have anywhere on the internet, and only a handful of those site are going to alert you of the suspicious behavior. It just so happens vB is small enough of a website (by comparison) that a larger group of us have noticed. But the site is doing it's job. If you're password is safe, then you're account is safe. When you do get emails that someone was blocked, you should be sighing relief, not freaking out and wondering what went wrong.

*Blocking IPs is to prevent spam on already registered accounts, which is pretty much a fruitless endevour in of itself. Spam should be block on the registration level. What these IPs are doing is trying to hack passwords for other purposes.)

lapiervb 06-12-2013 02:02 PM
Same thing is happening to me right now. Coming from China..... go figure.

LaBella 06-12-2013 02:50 PM
This just happened to me, as well. Right now from these IP addresses:

190.111.122.2
2.133.93.90
58.250.87.123
109.175.8.42
222.35.61.196


All times are GMT. The time now is 01:02 PM.
Page 3 of 7 12 3 45 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01751 seconds
  • Memory Usage 1,852KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (4)bbcode_php_printable
  • (9)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (40)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete