Thread: Warning Emails
View Single Post
  #16  
Old 04-11-2014, 09:29 AM
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
Senior Member
  
Join Date: Jun 2008
Location: New York
Posts: 10,610
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
We apologize to all those being inconvenienced by these emails. We will work on preventing such mass emails in the future- but for this "attack" the damage is already done.

First, the vast vast majority of you should just delete/ignore the emails- we do not need to know the IP addresses in them.

If you are not using a secure (complex / uncommon) password OR not using a password unique to vBulletin.org then you should change your password as soon as possible to be as safe as can be.

Anyone with a complex and unique password should feel absolutely safe.

Even if you got 50 such emails that translates to only a max of 250 passwords being tried against your account- likely the 250 most common passwords wich are simple words and numbers like 123456. There is no chance they will randomly get a password like monKEY$803, not with vBulletin's built in lock out system, which is the reason for the emails you are getting.

This is absolutely unrelated to the well publicized OpenSSL (Heartbleed) bug. vBulletin.org does not use SSL and that vulnerability doesn't present itself as a brute force attack.

It is also unlikely they are using passwords from Adobe or any other site- This is a brute force attack where they are using password lists of the most common passwords including those people who have the same username and password. Unfortunately this can be very effective on a site like this with many user accounts near a decade old, some of which haven't been touched in years and created at a time when password security was much less a concern.

In the mean time if you want to read more there is an open thread if the Site Feedback forum: https://vborg.vbsupport.ru/showthread.php?t=280796

If you no longer wish to have a vBulletin.org account I am sorry but we do not delete accounts. What you can do to stop getting emails is to go to Edit your Email Address: https://vborg.vbsupport.ru/profile.php?do=editpassword

Provide some new/random and undeliverable email address like 9djsbsjh@djdhdhd7shs.com and save changes. Your account will never get reconfirmed and you will no longer get any further emails, you can consider the account dead at that point.

Once again, we apologize for the inconvenience.
2 благодарности(ей) от:
Kat-2, RichieBoy67
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01118 seconds
  • Memory Usage 1,770KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (2)post_thanks_box_bit
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete