vb.org Archive
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin.org Site Feedback (https://vborg.vbsupport.ru/forumdisplay.php?f=7)
-   -   What to do if someone is trying to distributed brute force my account? (https://vborg.vbsupport.ru/showthread.php?t=264343)

WetWired 05-28-2011 10:12 PM
What to do if someone is trying to distributed brute force my account?
 
I recieved three e-mails within a minute of three different IPs being locked out for trying the wrong password on this forum...

azspeedbullet 05-28-2011 10:29 PM
I noticed the same thing on my account. I had to create this new account so i can post about it since i am unable to log in. The 3 emails i received are from IPs 78.x,200.x, and 219.x. When i do an IP lookup, these IPs is from Indoneisa, Argentina, and Czech Republic

Black Tiger 05-28-2011 10:45 PM
I had the same 2 times. But I don't see any reason to mask the ip adresses of the abusive users:
94.228.204.2
and
178.213.33.129

But I'm not locked out which the mail says, because I'm always logged in.:)

However it's no good news when it seems people are trying to bruteforce accounts. Maybe somebody can do a good thing and put up some ip bans if they are not dynamic ip's.

popowich 05-28-2011 10:55 PM
I received a couple of emails too.

Both 114.141.50.11 and 125.167.233.138 are trying to access my account.

azspeedbullet 05-28-2011 10:55 PM
Here is the 3 IPs from the email:
200.117.239.246
78.41.17.230
219.83.101.234

Interesting they all of the IP address is different

cbiweb 05-28-2011 10:59 PM
A few minutes ago I received this notice in my email:
Quote:
Dear cbiweb,

Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 200.94.71.73

Don't forget that the password is case sensitive. Forgotten your password? Use the link below:
https://vborg.vbsupport.ru/login.php?do=lostpw

All the best,
vBulletin.org Forum
I'm glad the intruder didn't get in, because my password wasn't all that strong, but evidently strong enough... this time.

I have changed my password to something very strong now, and I'm only posting this as a heads up for anyone who either doesn't have a strong password, or thinks it's strong enough, or hasn't changed it in a while. It's time to check it out.

SpanishHarlem 05-28-2011 11:01 PM
ear SpanishHarlem,

Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 194.44.172.18

Don't forget that the password is case sensitive. Forgotten your password? Use the link below:
https://vborg.vbsupport.ru/login.php?do=lostpw

All the best,
vBulletin.org Forum

SpanishHarlem 05-28-2011 11:01 PM
I got the same email just now

WetWired 05-28-2011 11:02 PM
203.29.27.114
222.173.42.106
218.98.192.202

Here

Boofo 05-28-2011 11:03 PM
I got one too from another IP. The IP resolves to Bangkok, Thailand. Looks like a bot might have been at work.

Quote:
Dear Boofo,

Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 119.46.110.247

Don't forget that the password is case sensitive. Forgotten your password? Use the link below:
https://vborg.vbsupport.ru/login.php?do=lostpw

All the best,
vBulletin.org Forum

KevinL 05-28-2011 11:03 PM
Same here

189.90.254.146

Beav` 05-28-2011 11:03 PM
Just got one too...

Dear Beav`,

Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 93.114.63.249

Don't forget that the password is case sensitive. Forgotten your password? Use the link below:
https://vborg.vbsupport.ru/login.php?do=lostpw

All the best,
vBulletin.org Forum

DarknessDivine 05-28-2011 11:05 PM
I just logged on here because I am also getting the emails. The IP's are: 222.124.29.242 & 201.22.184.4

TheEnd 05-28-2011 11:09 PM
The person trying to log into your account had the following IP address: 201.209.69.134 4:20 PM
The person trying to log into your account had the following IP address: 222.124.217.170 4:20pm
The person trying to log into your account had the following IP address: 195.191.168.5 4:20PM

I changed my password to something super secure. Combo of all my high tech passwords. Good luck h4x0rs

DarknessDivine 05-28-2011 11:10 PM
Quote:
Originally Posted by TheEnd (Post 2201057)
I changed my password to something super secure. Combo of all my high tech passwords. Good luck h4x0rs
I also changed mine.

Zidane007nl 05-28-2011 11:15 PM
Same thing happened here.
221.1.96.22 from China is the culprit at 01:40 (GMT+2).

Limey-YMR 05-28-2011 11:16 PM
218.28.111.46 which resolves to pc0.zz.ha.cn just locked out my account here.

A forum that I regularly visit was hacked last night and has been taken down, but strangely, my username is slightly different there, and the password is completely different.

regeneration 05-28-2011 11:24 PM
Got the same email.. twice.

The person trying to log into your account had the following IP address: 213.197.81.50

The person trying to log into your account had the following IP address: 203.113.117.139

Xplorer4x4 05-28-2011 11:24 PM
Not sure if I need to report this or not, but my account was locked out as some one was trying to guess/hack my password. I have updated it to something a little bit more secure just to be safe. The IP reported in the email was 122.225.100.5 which traces back to china.

I realize this isnt relevant to this forum btw, but no where else an unlicensed member can post that I know of.

regeneration 05-28-2011 11:28 PM
Got the same emails.

You can't do anything. vB.org admins should disable the "Member list" feature:

https://vborg.vbsupport.ru/memberlist.php

Bots are taking usernames from that list and using brute force attack on this site.

I sent a PM to the admins about this.

underESTIMATED 05-28-2011 11:30 PM
Quote:
Originally Posted by Xplorer4x4 (Post 2201063)
Not sure if I need to report this or not, but my account was locked out as some one was trying to guess/hack my password. I have updated it to something a little bit more secure just to be safe. The IP reported in the email was 122.225.100.5 which traces back to china.

I realize this isnt relevant to this forum btw, but no where else an unlicensed member can post that I know of.
Happened to me as well 2x earlier. I logged in and also updated the password.

Wired1 05-28-2011 11:36 PM
Ditto, 3 tries in the same minute from Bulgaria, Italy, and Brazil based upon the IPs. Password was already pretty secure, but just to be safe I changed it to a REALLY long (randomly generated) password.

KeePass FTW :)

smacklan 05-28-2011 11:37 PM
Same here...from 120.29.159.14 and 210.245.85.33

Xplorer4x4 05-28-2011 11:44 PM
Glad to see its not just me. Atleast I know I wasnt specifically targeted lol.

kylek 05-28-2011 11:49 PM
Yup, same thing about an hour ago.

Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 60.28.212.184

Ip shows China.

syrus.xl 05-28-2011 11:56 PM
Strange, someone tried to access my account 3 times - each time failing. About 45 minutes ago.

I.P's used were:
78.41.17.230
222.124.5.82
200.117.239.246

Well, they can carry on trying - since I use alpha-numerics with symbols.

I just checked my password on http://passwordchecker.co.uk/ its states 100% strong! ;)

sbryan 05-28-2011 11:57 PM
Yep same thing here, got 2 of those emails this morning. IP's were from Indonesia.

cbiweb 05-28-2011 11:57 PM
<a href="https://vborg.vbsupport.ru/showthread.php?t=264345" target="_blank">https://vborg.vbsupport.ru/showthread.php?t=264345</a>

NBSFlak 05-28-2011 11:58 PM
Are any of you guys on PSN? I'm getting all kinds of password reset requests today.

shof515 05-28-2011 11:58 PM
i got the same thing, check the other topic and you will see you are not alone:
https://vborg.vbsupport.ru/showthrea...74#post2201074

syrus.xl 05-29-2011 12:16 AM
Quote:
Originally Posted by NBSFlak (Post 2201077)
Are any of you guys on PSN? I'm getting all kinds of password reset requests today.
I'm not... I do not play any game consoles at all.

I had someone try and get in to my Facebook account, but again they failed. If you're using secure hashed passwords I would very much doubt they could crack it anyway.

warnmar10 05-29-2011 12:20 AM
203.153.31.27
200.96.37.206

Biker_GA 05-29-2011 12:20 AM
Both myself and the owner of our site got notices as well. We're not pleased.

Hurricane 05-29-2011 12:20 AM
91.203.178.139
109.238.238.242

This was at 7pm EST for me.

ThorstenA 05-29-2011 12:42 AM
46.0.203.92
77.247.211.160

SCRIPT3R 05-29-2011 12:51 AM
118.97.81.155
222.124.29.242

SCRIPT3R 05-29-2011 12:52 AM
118.97.81.155
222.124.29.242

SCRIPT3R 05-29-2011 12:53 AM
118.97.81.155
222.124.29.242

JonUrban 05-29-2011 01:09 AM
I just got two. However, when I logged in here, my original password worked without issue. Very odd. What would they accomplish? I checked the login link in the email and it looked like a direct link, not a redirect.

Mine occured at 7:24PM, IP addresses were 201.24.152.98
and 178.213.33.129

Quote:
Dear JonUrban,

Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 178.213.33.129

Don't forget that the password is case sensitive. Forgotten your password? Use the link below:
https://vborg.vbsupport.ru/login.php?do=lostpw

All the best,
vBulletin.org Forum
--------------- Added [DATE]1306635143[/DATE] at [TIME]1306635143[/TIME] ---------------

Here's the header, minus my email address:

Quote:
Status: U
Return-Path: <webmaster@vbulletin.org>
Received: from mx-dipper.atl.sa.earthlink.net ([207.69.195.166])
by mdl-glean.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP id 1qqsRV1T93Nl34L0; Sat, 28 May 2011 19:24:31 -0400 (EDT)
Received: from mx5.internetbrands.com ([98.158.194.50])
by mx-dipper.atl.sa.earthlink.net (EarthLink SMTP Server) with ESMTP id 1qqsRU3hE3Nl36u0
for <removed>; Sat, 28 May 2011 19:24:30 -0400 (EDT)
Received: from jelsoft3.internetbrands.com (jelsoft3.internetbrands.com [172.16.229.76])
by mx5.internetbrands.com (Postfix) with ESMTP id 678E3213E1
for <removed>; Sat, 28 May 2011 16:24:30 -0700 (PDT)
Received: from jelsoft3.internetbrands.com (localhost.localdomain [127.0.0.1])
by jelsoft3.internetbrands.com (8.13.8/8.13.8) with ESMTP id p4SNOU7P031866
for <removed>; Sat, 28 May 2011 16:24:30 -0700
Received: (from jelsoft@localhost)
by jelsoft3.internetbrands.com (8.13.8/8.13.8/Submit) id p4SNOUVh031863;
Sat, 28 May 2011 16:24:30 -0700
Date: Sat, 28 May 2011 16:24:30 -0700
X-Authentication-Warning: jelsoft3.internetbrands.com: jelsoft set sender to webmaster@vbulletin.org using -f
To: <removed>
Subject: Account on vBulletin.org Forum locked out
From: "vBulletin.org Forum" <webmaster@vbulletin.org>
Auto-Submitted: auto-generated
Message-ID: <201105282330.c21fda88bfd0@www.vbulletin.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-Mailer: vBulletin Mail via PHP
X-ELNK-Received-Info: spv=0;
X-ELNK-AV: 0
X-ELNK-Info: sbv=0; sbrc=.0; sbf=00; sbw=000;
X-Brightmail-Tracker: AAAAARgtX4o=
X-Brightmail-Tracker: AAAAAA==

WetWired 05-29-2011 01:17 AM
I'm pretty sure the mails are legit. Especially since the guy with the first reply actually got his account hacked.


All times are GMT. The time now is 09:31 PM.
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01290 seconds
  • Memory Usage 1,822KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (7)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (40)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete