deleted

:)

There are many hackers and scammers that sell what we call " Dumps"

Just as there are email harvesters, so it is for many other places they want to get into.

Hackers in some of the countries that are not so rigid on cybercrime, run websites that advertise such things. I am chasing a guy in India who is actively running some of these websites, that sell programs for harvesting.

Below, chosen at random is part of one of these Dumps. This particular guy is from Nigeria.

Last night I also received 38 mails of failed login attempts.

But why are there 38 mails within a period of 2 minutes ???

After the first attempt, the mail is send and then the next 15 minutes no logins should be possible for my account. But it seems that you can immediately try to login again if you use a different IP adress as the attempts came from different ip's.

Is this normal behaviour or is this a bug in this version of vbulletin (3.6.12) ??

Even without that it's not hard to harvest vB usernames.

Anyway, my account is under attack, too, but I wish them luck with my 20 digit random password including caps, lowercase, digits and special chars. :D

Else, I totally agree with digital jedi - the software is doing its job, it locks out the bots and sends out notifications. All nice and dandy, nothing staff could do about that, really.

We process e-mails in batches, plus as far as remember, attempts from a different IP address will trigger a seperate e-mail.

Its obvious its targeting each username from a wide range of IPs. If you have no interest in the e-mails, simply delete them.

I really like vb.orgs email notification saying someone has been trying to log into your account.

How can I implement this on my forum? I find this very useful.

I have no problems with the mails, I was just surprised that the 'locked' account is unlocked directly when the request comes from another ip. I did not know that before.
I have just tested it with one of my forums (3.8.7) and indeed the same happens. When I try to login from another ip, I have 5 more possibilities to use bruteforce hacking.

Perhaps it would be better to lock the account for 15 minutes without checking if the ip has changed. The successrate for a hacker is minimized then and a forum member normally will not change IP if he has typed the wrong password.

The only disadvantage of this is that some joker could stop a real member from logging-in if he continues to do this. So maybe that's the reason for unlocking from a new ip.

AdminCP > Settings > Options > General Settings > Use Login "Stikes" System > Yes

Thanks, that works for the user, but I'd like the admin to get a copy of that e-mail, too. Anyone know a way to make that happen?

I meant to ask how non-members are getting to the members list. I'm assuming that a member is aggregating the list. Is there any way to pull up members within the offending IP range and verify their intent or restrict their permissions?