Go Back   vb.org Archive > Community Central > vBulletin.org Site Feedback
FAQ Community Calendar Today's Posts Search

Closed Thread
 
Thread Tools Display Modes
  #81  
Old 02-05-2013, 03:07 PM
b6gm6n's Avatar
b6gm6n b6gm6n is offline
 
Join Date: Aug 2002
Location: UK
Posts: 691
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by cellarius View Post
Sorry, that's pretty much nonsense and backed up by nothing, just silly speculation. You don't need a database to do such a brute force attempt, you just harvest usernames either from the userlist or the posts and throw those usernames at the login form.
"Sorry, that's pretty much nonsense and backed up by nothing"

be well.
  #82  
Old 02-06-2013, 06:15 AM
cellarius's Avatar
cellarius cellarius is offline
 
Join Date: Aug 2005
Posts: 1,987
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You are the one claiming vb.org was hacked at some time in the past and the database stolen. You back that up by nothing, and you can't explain why the much simpler method everyone else in this thread assumes won't work. So...
Благодарность от:
Amaury
  #83  
Old 02-06-2013, 07:36 AM
Simon Lloyd's Avatar
Simon Lloyd Simon Lloyd is offline
 
Join Date: Aug 2008
Location: Manchester
Posts: 3,481
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

The fact that they are doing it in alphabetical order proves that they are scanning the members list as the database, if it was stolen, is not automatically in alphabetical order but in order of userid.

It's as simple as that, pretty soon they'll be through the entire list and all this will be forgotten, if you want advice, change your password to something strong and they wont get anywhere with their 5 attempts per ip.
Благодарность от:
Amaury
  #84  
Old 02-06-2013, 01:50 PM
mykkal's Avatar
mykkal mykkal is offline
 
Join Date: May 2007
Location: Atlanta, GA
Posts: 485
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Simon Lloyd View Post
The fact that they are doing it in alphabetical order proves that they are scanning the members list as the database, if it was stolen, is not automatically in alphabetical order but in order of userid.

It's as simple as that, pretty soon they'll be through the entire list and all this will be forgotten, if you want advice, change your password to something strong and they wont get anywhere with their 5 attempts per ip.
That actually depends on 'preferences', sort options, and how the data is exported. It could be a custom script. So even if it downloads in alphabetical order by username they could still resort by USERID.

Just my opinion but your accusation could have a lot of simpler truths. I don't think thats evidence of stealing.

Whenever I export data I almost always have to manipulate it. It's never in the form I need it to be at export.
  #85  
Old 02-06-2013, 01:56 PM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Well, as cellarius pointed out, if someone had stolen the database the thing to do would be to use the hashed passwords and salt values to try to crack the passwords on a local computer. Using a stolen database just to get the usernames for a brute force attack over the net would be pretty stupid (but, well, I suppose there are people like that around).

Edit: but of course the point is that there's no reason to think they have access to the database, since it can easily be done with the member list.
2 благодарности(ей) от:
Amaury, mykkal
  #86  
Old 02-06-2013, 02:01 PM
mykkal's Avatar
mykkal mykkal is offline
 
Join Date: May 2007
Location: Atlanta, GA
Posts: 485
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Cosign...

Quote:
Originally Posted by kh99 View Post
Well, as cellarius pointed out, if someone had stolen the database the thing to do would be to use the hashed passwords and salt values to try to crack the passwords on a local computer. Using a stolen database just to get the usernames for a brute force attack would be pretty stupid (but, well, I suppose there are people like that around).
--------------- Added [DATE]1360163835[/DATE] at [TIME]1360163835[/TIME] ---------------

brute force is an attempt to login...Not the aftermath of data stolen. If someone had the data they could just clone the site, login, and do whatever without fear of being caught.

I don't think brute force should be by username but by IP because the intruder is foreign and blocking by username would lock out the legitimate user. Just create a strong password and that is enough. Mixed with symbols, numbers, and letters a strong password would take until infinity to crack. That's totally safe.
Благодарность от:
Amaury
  #87  
Old 02-06-2013, 03:24 PM
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Location: Nottingham, UK
Posts: 23,748
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

No one has stolen any data. Thats enough of such nonsense, any more such ridiculous posts will be removed. Stick to the topic and facts, not wild imagination.
2 благодарности(ей) от:
Amaury, mykkal
  #88  
Old 02-06-2013, 04:07 PM
Simon Lloyd's Avatar
Simon Lloyd Simon Lloyd is offline
 
Join Date: Aug 2008
Location: Manchester
Posts: 3,481
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

@Paul M, do you not think this thread has run its course now?
  #89  
Old 02-06-2013, 04:10 PM
mykkal's Avatar
mykkal mykkal is offline
 
Join Date: May 2007
Location: Atlanta, GA
Posts: 485
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

it should be closed.
  #90  
Old 02-06-2013, 04:16 PM
ForceHSS ForceHSS is offline
 
Join Date: Apr 2008
Posts: 6,357
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Agree close this, it should of been closed a long time ago
Closed Thread


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 12:48 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.08389 seconds
  • Memory Usage 2,269KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (3)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (10)post_thanks_box
  • (7)post_thanks_box_bit
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (5)post_thanks_postbit
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete