I had 17 attempts this morning. China? Go figure. I've banned the entire country from my web server.

This isn't really related to this thread, and probably not the place to post it, but I've been using SpamTrawler on my vBulletin site (and several other of my sites) for several months now and it's done a fantastic job of keeping most of the spammers out.

My account

222.124.19.210
110.74.218.146
125.216.144.199
110.50.80.30
61.153.98.6
178.217.9.18
119.36.87.32
210.43.128.18
80.191.48.210
190.0.17.202
95.161.7.13
189.11.198.141
177.135.236.245
189.115.138.217
223.4.233.162
201.73.70.33
125.39.66.149
78.38.23.242
92.39.54.161
220.132.19.136
222.73.233.146
74.221.211.12


Dear Hakan39,

Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 110.74.218.146

Don't forget that the password is case sensitive. Forgotten your password? Use the link below:
https://vborg.vbsupport.ru/login.php?do=lostpw

All the best,
vBulletin.org Forum


these not my ip number i dont use these any. i think one wanted to seize my account.
at www.vbulletin.org

I have had almost 50 emails saying my account as been locked. Someone is trying to hack in and alot. Every email has a different IP address so posting then would take awhile.

Same problem. What is the solution?

Woke up to a bunch of emails this morning, all within a few seconds of each other.

I know it would lead to a DoS situation, but can the 15 minute lockout apply to any IP trying to access that account? Or at least any IP that hasn't previously logged in, since vBulletin does track that.

:edit:

Figured I would add that all my emails are dated the 12th, but the banner says my last visit was on the 10th. So it doesn't look like they got anywhere.

why the authorities can not find the solution?

There is no real solution. There are much too many IP addresses to block. For the most part these are IP addresses of "innocent" people whose computers are compromised by a virus and being used in this attack.

While we understand it is annoying the reality is for any one user they will get emails for a few minutes to a few hours, after which they stop and move on.

Short of shutting off all forum email (which would cause more issues for people trying to register or change email addresses, and waiting for thread updates) there isn't a whole lot that can be done.

Code modifications can be discussed in the future but they will not come soon enough to help anyone who has already been hit.

Thank you BirdOPrey5

There is something wrong with the cookie that tells the forum that I'm locked out of my account, or however it works. I've been trying every 15 minutes to get into this account and I'm being denied access every single time, no matter which browser I use or which computer I use. I had to reset my password because the password that I was using for this account was not working. I'm currently using a different machine on a completely different connection, which seems to be working fine for me at the moment.

Does 15 minutes really mean something like 60 minutes?

I've never been hit by this here at vB dot org. And I am wondering if it's because I run "invisible." The brute force attacks might or might not be random - they might be getting active accounts to target from the bottom of the main forum page, the aggregate "what's going on" area.

Just a theory.

Possible correct theory, but I run visible, and between 5 and 5:30 AM (central time), I received approximately 30 emails saying I was locked out. Umm...I was sound asleep then, so sure was not showing online... :)

We don't know how long they keep us showing online though, and we also don't know when the brute force attackers are gathering their target lists. Could be minutes, hours, days? Between gathering the info and launching the attacks.

I only know I have never been targeted and also have never run visible here.

I suppose. Would have definitely had to have been keeping me showing online for a good 10/12 hours I'd say...if that were the case.

Not necessarily. It depends on when the attackers gathered their target data. This, we have no way to know.

All is null as far as I am concerned. Was not a successful attack anyhow.

They only need to get one successful attack.

Gathering the target usernames isn't necessarily happening at the same time the attacks are. In fact, were I doing this I would gather names over at least a week's period, entering them into the brute force cracking software, getting some thousands accumulated before launching the actual attack.

You haven't been hit because they always go in alphabetical order and they'be always stopped before M in the past.

Are they hitting nonexistant accounts, or are they choosing correct names from 'who's online?"

They may have gone further than the letter M, at least one time:

https://vborg.vbsupport.ru/showpost....1&postcount=83

They are hitting people who haven't logged in for 7 years... so it's not who's online. It was either a copy of the member's list (made before the attack) or a spider that just crawled the site and captured all the usernames. They would need to sort them anyway to prevent duplicates so it makes sense they are in alphabetical order.

They seem to have skipped accounts that start with a special character, like !username, so I'm not convinced they used the member's list as those names are on top.

And of course, they don't have a common item in their UA string, like Brutus for example, leaves.

Makes it really difficult to block or inhibit.

Thank You :rolleyes:

I have certainly logged in more recently than 7 years??!:erm:

He was simply saying they they are hitting those people who haven't logged in for 7 years.... along with those of us who logged in today.

I see many of your members have experienced the same problems as I have had, and continue to do so. Your service responded quickly and stopped the hackers and advised me by many emails.

I dont have time to research and give your members all the IP addies that attempted to hack our accounts, but here are a few details to help you guys

Quote:

Dear Ladybbird, Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times.

Some of the people trying to log into my account had the following IP addresses:

84.22.28.242 - Bulgaria

78.130.136.18 - Bulgaria

194.141.252.102 - Bulgaria

2.133.92.138 - Kazakhstan

211.161.152.108 - China

72.29.4.111 - New Zealand

118.195.65.247 - China

58.252.56.148 - China

202.182.50.130 - Indonesia

Hope this helps in some way, and thank you vBe Forum for stopping the hackers. :)

Perhaps you should add these suggestions to the e-mail template so the forum isn't inundated with posts with IPs and asking what to do? Just a thought.

Session Timeout is set to 30 minutes here.

[quote=BirdOPrey5;2314376]I also am getting the lockout notice. Good thing I never log out***** snipped


What setting do I need to have so that I'm never logged out while my site is open in my browser?

--------------- Added [DATE]1371143135[/DATE] at [TIME]1371143135[/TIME] ---------------

One thing I've done is to limit anyone from accessing my site if they are not within the time zones I have selected.

And they are hitting me. I wonder how many others are being hit. Remember - change all your passwords everywhere since the people trying to hack in here may be trying to use the passwords that they got from the vBulletin database a few months ago.

Yeah... Just got hit, too.

Got seven such notifications today.

None of those passwords are valid (unless you reset it to the same password you had, which would be somewhat foolish).

This is going on again. No need to hit the Contact Us link to let us know about it.

Just got this message as well:

Dear HM666,

Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 2.95.43.207

Don't forget that the password is case sensitive. Forgotten your password? Use the link below:
https://vborg.vbsupport.ru/login.php?do=lostpw

All the best,
vBulletin.org Forum

Hi HM666,

don't worry, that's spam-bots who try to enter our accounts. ;)
Same here.... i've got this email with the IP 81.195.44.54 (from Russia) today as well.

They have just 5 attempts before your account will be locked for the next 15 minutes and if your pw is strong enough, they will have no chance!

Maybe editing the contact us page with info telling members not to send message regarding this would be a good idea?:up:

Probably would have been a good idea since I got 15 emails about it this morning. :)

I am getting the same thing.
83.211.216.45 Italy
117.171.69.182 China
221.215.173.78 China
IPs are from china.

Just got one now: The person trying to log into your account had the following IP address: 46.209.70.74

197.255.254.246 from Nigeria
first time for us
obviously, they got to P :D

this happened to me earlier.. i've just updated my pw but i'm still worried..

anyways.. say if they did hacked our account and changed our pw, how would one get it back?