Someone is trying to hack my account
 

they have tried at least 12 times.
the IPs are

221.2.80.126
212.33.204.37
88.85.106.146
213.164.18.147
183.62.192.186
182.72.174.190
125.39.68.194
89.218.0.202
2.135.238.10
202.137.22.182
180.96.64.181
202.90.198.78

Mine too.

Between 7:28-7:38 am CST this morning - 12 IP addresses tried cracking mine too.

200.8.30.70
58.252.56.149
222.192.185.68
123.231.237.118
202.182.51.42
200.27.129.12
142.54.188.180
217.219.190.209
61.136.93.38
178.217.154.50
183.13.68.65
77.94.48.5

This happens periodically. They're looking for common passwords, so as long as you have a strong password you don't have to worry.

add me to the list as well..

59.60.7.146
190.151.122.38
190.201.233.18
119.187.148.34
176.62.74.90
189.85.24.242
83.212.108.97

Me also

I got hit too.
Surely there are spam prevention mods that would help prevent us from getting those emails?
Maybe a "log in under x seconds" mod?

I think a lot of us got those...

you can use this mod and see if it helps https://vborg.vbsupport.ru/showthread.php?t=297834

You don't want to be told that someone tried to brute force their way into your account? I like to be told. I throw them away, but I do like to know.

Me too, just got 4 attempts on my account.

--------------- Added [DATE]1370809012[/DATE] at [TIME]1370809012[/TIME] ---------------

Add another 19 attempts to that. All from separate IP's. Quite the extensive attack on vBulletin.ORG right now.

Here's another IP to toss on the barbie - 85.234.22.126

I got it too... Note the usernames... All A's and B's... they go in alphabetical order.

They've done this before and given up!

Is someone from vb.org going to control these attacks
To break into people's accounts ? Please add a block
Based on the IP addressed reported by members or invest into WAF to prevent this in
The future.

WTF ? this is not first time

Unfortunately short of disabling board emails there's nothing worthwhile to be done. There are hundreds, maybe thousands of IP addresses involved so banning individual ones is not feasible.

This usually lasts a couple days and then ends- in the mean time the easiest/best course of action is just to delete the emails.

Nor will it be the last time.

This happens every few months.
The software does what it is designed to do, it blocks them, and informs you.

Change your password if it worries you, otherwise just delete them.

If they aren't members, how are they getting our usernames?!

Just scraping them off the members list!

This sort of thing has been happening all the time on many sites and forum, so it was inevitable that it will happen here eventually. New Bots are being written to seek out lits of embers and then using brute force attacks to find weak passwords. This is why you always need to change your passwords.

I implemented a very simple, yet effective ways to fight these Bots. There are on the other hand a real person attack 'Hacker' which can visit your site. With some ISP providing proxy IPs and redirects, blocking IP number will be a total waste of time.

I can tell you that most of the attacks are coming out of Asia, Poland, Turkey, Federation, Germany, Ukrane, UK and yes USA. So if you block these IPs you also block possible effective members.

I too received the same notifications of attacks to my account, and when I read the IPs I just laughed. You see these all the time on my other sites, and they will tire and soon return as always. Scan you user database for weak passwords, notify the user to regularly change them. Most importantly, implement a simple and effect means to filter those Bots.

Sorry for this lengthy reply, but we do tend to panic over very simple and rectifiable problems.

Proverb: If your house has a door, expect some one to knock on it....

I kind of feel unworthy since they only used 1 IP to try to crack my password :(

Nice to see the typical corporate response to something like this. Ignore it and it'll go away.

What would shock me is if someone actually started to get proactive with crap like this. You have server logs. Turn the cretins in.

Well since they can get a new ip as quick as anyone can block them
it is pretty much useless to block them by IP

the vB s/w is doing it's job - doesn't seem like anything more need or can be done to be proactive -do you have any ideas?

There are many many ways of limiting their access, here's one if you know their useragent https://vborg.vbsupport.ru/showthread.php?t=264932, but there are simpler thinsg you can do, don't allow guests to view members list, dont allow guests to view who's online, force password changing (vb3.8 onwards) every xx days.......the list goes on :)

Looking at my logs under last attack - noticed they rotated through multiple User Agents all in the same 1 minute span ..that option of defense really seems to be a very minor hindrance to a real attack. Highly Agree about blocking the member list to guests help - vB.org should really consider this - especially the way this last attack occured alphabetically - I don't even see a valid reason to make the list available to registered users . Hate forced password changes myself - seems to encourage users to pin them to their workstation to keep up.

Set guest to post limits of five or more before they can view lists. As we all mentioned earlier, it is only when a human spammer directly invades your forum, that you need to worry and report them. Bots just like any other insect, is a pest that can be dealt with in very simple precautionary measures.

As for cataloging these IP, that has already been done at 'stopforumspam.com' they already have a long list of reported IPs you can check against.

Whaaaaaat!!!! DON'T ALLOW GUESTS TO POST, bad, bad, bad!

--------------- Added [DATE]1370827366[/DATE] at [TIME]1370827366[/TIME] ---------------

Unfortunately i stopped using this a long long while ago as it kept catching legitimate users!

I meant to say they cannot view members list

I second that. Especially if that's the way they get the names.
At this moment the are busy with BL from the alphabet, because I could dozens of mails since yesterday evening.:D

I've received 27 emails, all with different IP's attempting to login to my account.

I have been getting these emails all day today.

250 attempts on mine in the past hour.

And I am getting hit a second round now.

B B B B ;)

190.124.165.194
125.210.131.49
118.123.242.112
118.195.65.250
202.59.128.254
186.116.130.90
61.247.176.126
125.39.66.132
218.29.54.105
187.20.38.139

(a list of ip's/proxies to ban)

Add me to this list. 51 emails. trying to figure out what access to my account would give anybody

Aw man, I only had about 15...my log in wasn't so important...

*insert sad face here*

Yes, me too. Have now had more than 60 emails advising me that I am locked out of registration due five incorrect attempts to login and to try again after 15 minutes. Let me see now ... that's 60 x 5 = 300+ login attempts - maybe I should feel honoured. :rolleyes:

Persistent little morons, aren't they? Just to be on the safe side, I've changed my password and made it longer and more complex.

Hope that does the trick and stops 'em getting in to use my fictitious username, though I too wonder what advantage that will actually give this annoying hacker. Seems to me he/she/they will only be able to post or possibly download mods using my name. Is there a threat beyond that which I am not seeing?

Incidentally, on my own website, I place blocks on guests and REGISTERED MEMBERS with regard to seeing the member list. I don't see a valid reason or a need for them to look at who is a member until they have joined us and posted enough times for me to know whether or not they are real persons who are genuinely interested in the site. And I allow nobody but Admins to see who's online.

More than 50 attempts on my accont :)

I only got 11 so far..
It would be fun if we could get a list of the top passwords they try..

As mentioned somewhere prior, make sure on your own forums that guests cannot view the members list.

As you can see all the posts above are from registered usernames that begin with an "A" or a "B". I bet we all wouldn't be having this issue if vBulletin.org also hid the members list from guests!