Go Back   vb.org Archive > Community Central > vBulletin.org Site Feedback
  #91  
Old 06-11-2013, 02:45 PM
goyo goyo is offline
 
Join Date: Mar 2002
Posts: 89
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

They're keep coming...It's not funny anymore...
Reply With Quote
  #92  
Old 06-11-2013, 02:55 PM
Bat21 Bat21 is offline
 
Join Date: Jan 2003
Location: UK
Posts: 62
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by grecostimpy View Post
.... I went in and updated my password to something much stronger. At least this was a wake up call for me to use a stronger password as I haven't visited here in quite a while.
Yes, did the same here too as I haven't logged in for a while :up:
Reply With Quote
  #93  
Old 06-11-2013, 05:23 PM
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Location: Nottingham, UK
Posts: 23,748
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

To repeat again - please dont post lists of IP addresses, its not serving any purpose, just filling up the thread.

This is just an automated system that uses zombie PCs all around the world (hence the hundreds of IPs) and tries a list of common, easy to guess passwords, and then moves on when it fails.

All you need to do is make sure you have a good password, that cannot be easily guessed, and delete the e-mails. You can of course change you password if you desire.
Reply With Quote
  #94  
Old 06-11-2013, 05:35 PM
Chris8's Avatar
Chris8 Chris8 is offline
 
Join Date: Nov 2009
Posts: 188
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Got like 10+ emails from yesterday about it as well. Uhmm some bots must be on fire. How about banning these bad bots? Maybe they have specific user-agent or lack of user-agent or specific referrer string so 1 small line in htaccess would do it, no? Maybe the vb.org login fields/page could be changed/tweaked, cmon you're wed devs you can do it. Bots follow some specific data within the page source, it's not that hard to fool them.
Reply With Quote
  #95  
Old 06-11-2013, 06:19 PM
bleros's Avatar
bleros bleros is offline
 
Join Date: Oct 2008
Location: Macedonia
Posts: 200
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Today i got again only 8 attempt, i changed password with pass generator with 50 character
Reply With Quote
  #96  
Old 06-11-2013, 07:41 PM
kippesp kippesp is offline
 
Join Date: Jan 2002
Posts: 52
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I've not visited this forum in 6 years. But this mess brought me back for a short visit.

I know it is obvious, but people should be concerned that the harm from a successful username/password guess can do more harm than just spamming this forum or obtaining information from what this forum provides. Should that user still continue to use this same combination on other sites, say bankofamerica.com, then vbulletin forums can be a good testing ground for identifying valid combinations without triggering lockouts on other sites (without >1 factor improvements). Perhaps a design change to VB's log in such as reverting to a dreadded CAPTCHA after x-failed attempts. ...back to lurking.
Reply With Quote
  #97  
Old 06-11-2013, 10:38 PM
columbonet columbonet is offline
 
Join Date: Jan 2006
Posts: 77
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I had 47 emails today, all with different IP's trying to get into my account here on this site.
Reply With Quote
  #98  
Old 06-11-2013, 10:56 PM
Digital Jedi's Avatar
Digital Jedi Digital Jedi is offline
 
Join Date: Oct 2006
Location: PopCulturalReferenceLand
Posts: 5,171
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by kippesp View Post
I've not visited this forum in 6 years. But this mess brought me back for a short visit.

I know it is obvious, but people should be concerned that the harm from a successful username/password guess can do more harm than just spamming this forum or obtaining information from what this forum provides. Should that user still continue to use this same combination on other sites, say bankofamerica.com, then vbulletin forums can be a good testing ground for identifying valid combinations without triggering lockouts on other sites (without >1 factor improvements). Perhaps a design change to VB's log in such as reverting to a dreadded CAPTCHA after x-failed attempts. ...back to lurking.
That's not, in any way, shape or form, vB's responsibility. Preventing access to your bank account, or any other online accounts, is your job. How many times have we been told not to use the same password on multiple sites? How many times have we been told to use number/CAPS/Lowercase/Special Character combinations? How many times have we've been told not to give out our password to sites that don't have the same URL as the one they claim to be? We've been warned and warning people for nearly two decades now how to do this right, and if folks continue to think it won't happen to them, that's on them, not the developers of forum software who've already taken significant steps to preventing this in the first place.
Reply With Quote
Благодарность от:
Amaury
  #99  
Old 06-11-2013, 11:44 PM
inphoenix inphoenix is offline
 
Join Date: Sep 2011
Posts: 78
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Add me to this list. 26 emails so far.
Reply With Quote
  #100  
Old 06-11-2013, 11:44 PM
grafbyte grafbyte is offline
 
Join Date: Apr 2007
Posts: 29
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

HI

im becom 4 mails ..

PHP Code:
Dear grafbyte,

Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 timesYou will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address61.19.42.60

Don
't forget that the password is case sensitive. Forgotten your password? Use the link below:
https://vborg.vbsupport.ru/login.php?do=lostpw

All the best,
vBulletin.org Forum 
PHP Code:
Dear grafbyte,

Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 timesYou will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address109.198.126.112

Don
't forget that the password is case sensitive. Forgotten your password? Use the link below:
https://vborg.vbsupport.ru/login.php?do=lostpw

All the best,
vBulletin.org Forum 


PHP Code:
Dear grafbyte,

Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 timesYou will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address2.135.238.10

Don
't forget that the password is case sensitive. Forgotten your password? Use the link below:
https://vborg.vbsupport.ru/login.php?do=lostpw

All the best,
vBulletin.org Forum 

PHP Code:
Dear grafbyte,

Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 timesYou will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address89.218.0.26

Don
't forget that the password is case sensitive. Forgotten your password? Use the link below:
https://vborg.vbsupport.ru/login.php?do=lostpw

All the best,
vBulletin.org Forum 
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:15 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04737 seconds
  • Memory Usage 2,288KB
  • Queries Executed 14 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (4)bbcode_php
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)pagenav_pagelinkrel
  • (10)post_thanks_box
  • (1)post_thanks_box_bit
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete