Thread: Account locked?
View Single Post
  #232  
Old 04-11-2014, 08:11 AM
teou teou is offline
 
Join Date: May 2008
Posts: 9
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Several more ips from today:
119.46.203.37
183.221.174.3
117.172.66.7

Quote:
Originally Posted by ANGLICO View Post
I would like to be able to block IP addresses that appear to originate from certain countries from trying to log into my account. Is there a way to do that? Perhaps an easier option would be to PERMIT only an IP address originating in the USA to log into my account.

Ideas?

Belay the previous, I just saw this:
I have researched this matter 1-2 years ago. There are such geo-ip apache modules - you need root access to your server to install it. But it is reasonable to do only for very localized non-english language forums. Not to mention that this approach gives false positives or negatives sometimes.

Quote:
Originally Posted by zackw View Post
I think the solution is simple, the forum should just stop sending these emails. Clearly, if the block is only IP based, then it doesn't affect your own login attempts, and since no harm is done, your account was always safe.

The only email I might want is perhaps something that says that a successful login took place, from a different IP that my last login.

All I need to know is if someone is changing my password or changing my email or even if they have logged in from an IP not normal for me. This could alert me to a compromised account.

These emails about lockouts don't seem to serve any purpose if the intention is NOT to block every single IP that comes through. I personally can't do jack with the emails, it's not like I can come here and do IP blocks myself. So this may be a case of TMI. Just stop emailing people about failed login attempts.

Is that hard?
99% of the ordinary users in the world, esp. in the "post ip v4" era when there is shortage and recycling of IP blocks, are using DYNAMIC addresses. So, unless this is made as an option in the User Control Panel that can be turned off, this is not very clever solution.

Quote:
Originally Posted by Digital Jedi View Post
As was mentioned multiple times, if your password is secure, you have nothing to worry about. You do realize that this happens on every account you have across the internet, right? Daily. It's just vBulletin has a built in notification process when it happens. Most places, you'd never know unless you have an awful password. Seriously, though. Knowing your PayPal email address is about as potentially dangerous as someone knowing your last name. Everyone we did business with already knows it.

We really have to stop this paranoia every time hacking bots randomly pick this site as a target. Everything that can be done on the administration end has been done. Now you have to secure your password, just like you would everywhere else on the web. I can't understand why this doesn't sink in.
I agree it is not really dangerous, but it is just very annoying. VB Staff should just turn off these emails - can't be that hard.

Quote:
Originally Posted by VargTimmen View Post
I am also affected. Changed my password. Maybe this is caused through the heartbleed case?
This has nothing to do with it.

Quote:
Originally Posted by Lynne View Post
You guys who say this only happens on vbulletin.org - do you ever check your server access logs? I'm not talking about the apache access_logs, but the ones that show when someone tries to brute force your server. This, at vbulletin.org, is nothing compared to that!
That is true. I am administering also a PHPBB3 forum - on a very micro forum (read less than 10 K posts) i get around 10-20 such bruteforce attempts per day on average. Initially i was annoyed at the PHPBB guys, because these were not logged, not autobanned, there in no notification and these are stored in a temporary SQL table that gets auto-cleared. But after i looked at how many times these attacks happen i saw this was the right decision, otherwise the logs on the server will get HUGE.
Here is how it looks in mysql right now:

Code:
attempt_ip 	attempt_browser 	attempt_forwarded_for 	attempt_time 	user_id 	username 	username_clean
89.169.5.251 	Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/53... 		1397188458 	0 	Claytonwemn 	claytonwemn
199.15.233.139 	Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (K... 		1397172673 	0 	TimothyKACH 	timothykach
89.169.5.251 	Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/53... 		1397184431 	0 	Claytonwemn 	claytonwemn
95.26.157.169 	Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (K... 		1397199455 	0 	FishPn 	fishpn
46.119.6.88 	Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (K... 		1397153747 	0 	Ormostere 	ormostere
89.169.5.251 	Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (K... 		1397180266 	0 	Claytonwemn 	claytonwemn
95.28.228.160 	Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (K... 		1397160780 	0 	FishPn 	fishpn

The conclusion: VB Staff, please disable email spam, thank you.
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01365 seconds
  • Memory Usage 1,793KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code
  • (5)bbcode_quote
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete