Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
Reload this Page Spammers/Hackers attempting to hack our user's accounts
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 03-26-2009, 08:54 AM
Infinite Guitar Infinite Guitar is offline
 
Join Date: May 2007
Posts: 16
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Spammers/Hackers attempting to hack our user's accounts
Hey folks,

We're having some spammer/hacker problems.

Please see attached image. It shows our "Who's Online" log. Within a span of a couple minutes there are multiple login attempts from multiple IP addresses all over the world. All of them attempt to login to random user accounts.

We've been getting many emails from our members saying that they've been receiving the email that says "Your account has been locked for 15 minutes because someone tried to enter with wrong password, etc."

This is extremely annoying for our members. We don't want our members getting these emails all the time just because spammers are trying to access their accounts.

It seems obvious that whoever is attacking is using proxy servers hence the many random IP addresses. Do any of you have advice for this type of problem? We can block these IP addresses all day but it probably won't do much since they're using proxy.

Any advice or help would be much appreciated. Thanks.
Attached Images
File Type: jpg Untitled-1 copy.jpg (132.3 KB, 0 views)
Reply With Quote
  #2  
Old 03-26-2009, 10:27 AM
nexialys
Guest
  
Posts: n/a
Default
hum, funny, a new bot which is reading your memberslist and then try to lock your forum with this technique...

deactivate your memberslist, you will have no more problems...for now!

--------------- Added [DATE]1238066926[/DATE] at [TIME]1238066926[/TIME] ---------------

AdminCP >> vBulletin Options >> User Listing Options >> Members List Enabled
Reply With Quote
  #3  
Old 03-26-2009, 05:52 PM
Infinite Guitar Infinite Guitar is offline
 
Join Date: May 2007
Posts: 16
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Thanks for the reply nexialys. Yeah we actually removed the memberlist.php page a while ago, so I'm not sure how they're getting all the usernames.

We just disabled the Who's Online > Active Members list at the bottom of the forum to all logged out guests, so hopefully that might help. But I'd imagine this bot or spammers might simply be going through the forum threads getting usernames too.

Has this type of spammer activity happened with any of you guys? If it keeps up we might have to disable the email that's sent out to users when their account is locked for 15 minutes. I'd hate to do it but we can't tolerate our members getting those notification emails non-stop due to the bots.
Reply With Quote
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 12:36 AM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03356 seconds
  • Memory Usage 2,193KB
  • Queries Executed 14 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (3)post_thanks_box
  • (3)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (3)post_thanks_postbit_info
  • (3)postbit
  • (1)postbit_attachment
  • (2)postbit_onlinestatus
  • (3)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_attachment
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete