vb.org Archive
Page 9 of 10 « First 78 9 10
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin.org Site Feedback (https://vborg.vbsupport.ru/forumdisplay.php?f=7)
-   -   People are trying to brute force my account (https://vborg.vbsupport.ru/showthread.php?t=294547)

b6gm6n 02-05-2013 03:07 PM
Quote:
Originally Posted by cellarius (Post 2402021)
Sorry, that's pretty much nonsense and backed up by nothing, just silly speculation. You don't need a database to do such a brute force attempt, you just harvest usernames either from the userlist or the posts and throw those usernames at the login form.
"Sorry, that's pretty much nonsense and backed up by nothing"

be well.

cellarius 02-06-2013 06:15 AM
You are the one claiming vb.org was hacked at some time in the past and the database stolen. You back that up by nothing, and you can't explain why the much simpler method everyone else in this thread assumes won't work. So...

Simon Lloyd 02-06-2013 07:36 AM
The fact that they are doing it in alphabetical order proves that they are scanning the members list as the database, if it was stolen, is not automatically in alphabetical order but in order of userid.

It's as simple as that, pretty soon they'll be through the entire list and all this will be forgotten, if you want advice, change your password to something strong and they wont get anywhere with their 5 attempts per ip.

mykkal 02-06-2013 01:50 PM
Quote:
Originally Posted by Simon Lloyd (Post 2402325)
The fact that they are doing it in alphabetical order proves that they are scanning the members list as the database, if it was stolen, is not automatically in alphabetical order but in order of userid.

It's as simple as that, pretty soon they'll be through the entire list and all this will be forgotten, if you want advice, change your password to something strong and they wont get anywhere with their 5 attempts per ip.
That actually depends on 'preferences', sort options, and how the data is exported. It could be a custom script. So even if it downloads in alphabetical order by username they could still resort by USERID.

Just my opinion but your accusation could have a lot of simpler truths. I don't think thats evidence of stealing.

Whenever I export data I almost always have to manipulate it. It's never in the form I need it to be at export.

kh99 02-06-2013 01:56 PM
Well, as cellarius pointed out, if someone had stolen the database the thing to do would be to use the hashed passwords and salt values to try to crack the passwords on a local computer. Using a stolen database just to get the usernames for a brute force attack over the net would be pretty stupid (but, well, I suppose there are people like that around).

Edit: but of course the point is that there's no reason to think they have access to the database, since it can easily be done with the member list.

mykkal 02-06-2013 02:01 PM
Cosign...

Quote:
Originally Posted by kh99 (Post 2402380)
Well, as cellarius pointed out, if someone had stolen the database the thing to do would be to use the hashed passwords and salt values to try to crack the passwords on a local computer. Using a stolen database just to get the usernames for a brute force attack would be pretty stupid (but, well, I suppose there are people like that around).
--------------- Added [DATE]1360163835[/DATE] at [TIME]1360163835[/TIME] ---------------

brute force is an attempt to login...Not the aftermath of data stolen. If someone had the data they could just clone the site, login, and do whatever without fear of being caught.

I don't think brute force should be by username but by IP because the intruder is foreign and blocking by username would lock out the legitimate user. Just create a strong password and that is enough. Mixed with symbols, numbers, and letters a strong password would take until infinity to crack. That's totally safe.

Paul M 02-06-2013 03:24 PM
No one has stolen any data. Thats enough of such nonsense, any more such ridiculous posts will be removed. Stick to the topic and facts, not wild imagination.

Simon Lloyd 02-06-2013 04:07 PM
@Paul M, do you not think this thread has run its course now? :)

mykkal 02-06-2013 04:10 PM
it should be closed.

ForceHSS 02-06-2013 04:16 PM
Agree close this, it should of been closed a long time ago


All times are GMT. The time now is 05:52 PM.
Page 9 of 10 « First 78 9 10
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01158 seconds
  • Memory Usage 1,739KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (3)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete