vb.org Archive - People are trying to brute force my account

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- vBulletin.org Site Feedback (https://vborg.vbsupport.ru/forumdisplay.php?f=7)

- - People are trying to brute force my account (https://vborg.vbsupport.ru/showthread.php?t=294547)

Quote:

Originally Posted by BigAl205 (Post 2401694)

I meant to ask how non-members are getting to the members list. I'm assuming that a member is aggregating the list. Is there any way to pull up members within the offending IP range and verify their intent or restrict their permissions?

Nope!, here memberlist.php is available to guests!

Oh, OK...seems like hiding the member list to the public would be a nice first step.

Ok So I see I'm not the only one. I got 78 messages about being locked out. I agree its annoying as hell.

got the same thing yesterday, looks like it started again.. annoying but i use a save password :)

Quote:

Originally Posted by BigAl205 (Post 2401696)

Oh, OK...seems like hiding the member list to the public would be a nice first step.

Would be futile... The entire site is open to the public to read (posts) - You could skim usernames by simply browsing threads and capturing the usernames- it would be nothing to build the same list assuming you ever made a post.

Same Problem here:

Quote:

Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

134.181.130.86
81.169.135.82
202.228.204.224
207.158.26.16
103.246.145.184
177.70.8.162
195.69.191.204
125.216.144.199

If the people enter here the IPs ,maybe you can ban in the firewall server.

Same here, brute force from following IPs:
180.244.193.110
218.107.193.59
186.90.153.5
77.37.168.32
109.185.118.156
202.51.226.140
218.28.254.242
141.170.239.132
212.175.88.3
124.240.187.81
202.46.85.107
190.207.185.188
112.133.201.70
203.223.47.206
78.38.30.146
91.232.102.134

Blocking IPs will not help, you should set locking accounts based on username attempts, not IPs.

Quote:

Originally Posted by BigAl205 (Post 2401696)

Oh, OK...seems like hiding the member list to the public would be a nice first step.

Ditto.

Got 12 emails myself. These are the IPs:

112.133.201.70
190.207.185.188
182.48.107.219
59.60.7.146
91.98.128.97
180.244.193.110
124.160.104.132
80.250.35.180
124.240.187.81
183.61.244.47
218.107.193.59
124.129.30.74

I got the same, I thought I'd come here to find this thread...

It seems to me that some one/group has been sold a database of 'older' user names & password combinations for various sites/forums etc... most likely gleaned some years ago due to past hacks, key-loggers, infected email accounts and probably a raft of other exploits which all exact the same purpose... to ultimately fund organized crime through spamming which results in revenue generation sadly, they just don't want to sell you sex-aids and cheap trainers and then live a life of access themselves... there's a reason to the madness, it's prevalent and widespread and it's organized, racketeering bodies are sold on databases of such information over and over, year in year out.. the older they get the more useless they become (and cheaper to the gangs) so they take the data and do a sweep to see what falls... any monies made go's back to the source, in years past it was drug trafficking and such & such.. today the internet and such data the public pass through their keyboards is used both commercially by the sites themselves and illegally by criminals if they can get at it... you've all heard of the high-profile attacks on 'steam' accounts for example... well guess what happens to all those accounts? yup that's it... sold on and used not right away but some years later... they'll be due to pop-up soon... i think this round of attacks shows that either the vb.org database was compromised some years back and no-one told you about it... or it's just a collection for username/password combos from an older collection of data... so all of us in this thread is on some kind of older database being sold on to gullible new gangs in the hope of making some illicit funds, i bet it wasn't just vb that was hit recently...

oh and twitter was hacked, apparently... tell you what, that's old data again... old account longs since setup lost to a gang, ripe for spamming and making some money from... all go's back to the same people... Kim Dotcom or whatever he calls himself these days made a million or 20 out of hosting ripped off content... he didn't make that kinda money selling space to students making maps for games or for people to hold their music files online... no, it was rife piracy... he still has lots on the boil... they hack the sites, share the content amount the higher echelons of their content-mules then dish it out multiple times across many forums... all going back to a pay download option...

anyhew if you have an older account... bet you had a little bit-tickle recently... silly sods.

Sorry, that's pretty much nonsense and backed up by nothing, just silly speculation. You don't need a database to do such a brute force attempt, you just harvest usernames either from the userlist or the posts and throw those usernames at the login form.

X vBulletin 3.8.12 by vBS Debug Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (4)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (4)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages:

Phrase Groups Available:

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.02355 seconds Memory Usage 1,741KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (4)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (4)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: