Go Back   vb.org Archive > Community Central > vBulletin.org Site Feedback
  #211  
Old 04-10-2014, 08:51 PM
AuroraStorm's Avatar
AuroraStorm AuroraStorm is offline
 
Join Date: Nov 2006
Location: ATHell
Posts: 332
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

*singing voice*

IT'S THE MOWWWWWWWWWWWWST WONDERFUL TYYYYYYYYYYYYME OF THE YEAR!
WHEN YOUR IP GETS HACKED AND YOUR PASSWORDS GET JACKED!
ON VB DOT OAAAAAAAAAAAAAAARRRG! IT'S THE MOST - WONDERFUL TIME OF THE YEAAAAAAAAAAAAAR!
Reply With Quote
  #212  
Old 04-10-2014, 09:07 PM
VargTimmen VargTimmen is offline
 
Join Date: May 2008
Location: Munich - Germany
Posts: 39
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I am also affected. Changed my password. Maybe this is caused through the heartbleed case?
Reply With Quote
  #213  
Old 04-10-2014, 09:12 PM
petteyg359 petteyg359 is offline
 
Join Date: Dec 2007
Posts: 57
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by VargTimmen View Post
I am also affected. Changed my password. Maybe this is caused through the heartbleed case?
I farted at the same time the plane they found near Australia went off its planned route. Maybe they were related?

Seriously, random failbots attempting to break into vBulletin accounts have nothing to do with OpenSSL bugs.
Reply With Quote
  #214  
Old 04-10-2014, 09:15 PM
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Location: California/Idaho
Posts: 41,180
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You guys who say this only happens on vbulletin.org - do you ever check your server access logs? I'm not talking about the apache access_logs, but the ones that show when someone tries to brute force your server. This, at vbulletin.org, is nothing compared to that!
Reply With Quote
2 благодарности(ей) от:
blind-eddie, Max Taxable
  #215  
Old 04-10-2014, 09:57 PM
USAMustangs.com USAMustangs.com is offline
 
Join Date: Mar 2007
Location: D/FW, Texas
Posts: 159
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Come on vb.org, this is absolutely ridiculous. What's the issue here and what have you done to address it?


Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 183.220.40.221

The person trying to log into your account had the following IP address: 195.189.30.10

The person trying to log into your account had the following IP address: 116.213.62.122
Reply With Quote
  #216  
Old 04-10-2014, 10:33 PM
AuroraStorm's Avatar
AuroraStorm AuroraStorm is offline
 
Join Date: Nov 2006
Location: ATHell
Posts: 332
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Seriously, I'm not trying to be an a-hole about this, but if you check this thread from the beginning, this type of attack happens around this time every year. I caught on to that fact when I got caught last year. If my account had been locked down, I wouldn't have been able to get in and I keep this thing logged on all the time.

...and for real tho, when I really sit back and think about it, if this account gets hacked, could the hacker please go in and check off that I've installed some of the modifications? I keep forgetting to do that. THANKS!
Reply With Quote
Благодарность от:
blind-eddie
  #217  
Old 04-10-2014, 10:45 PM
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
Senior Member
 
Join Date: Jun 2008
Location: New York
Posts: 10,610
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You would never be locked out unless the attack was coming from your IP Address.
Reply With Quote
  #218  
Old 04-10-2014, 10:48 PM
blind-eddie's Avatar
blind-eddie blind-eddie is offline
 
Join Date: Apr 2006
Location: Michigan
Posts: 2,310
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Everyone in the forum software world knows the file structure of many forum software including vbulletin.

We all know bots crawl our sites everyday, they know that every member account path is "member.php?u=".
Its really easy to start with 1 then 2 then 3 ....etc...at the end of "member.php?u=" and paste your name in the login box and use a random password to see if it works.

You then get the locked account email...so what, it was not you... you know that.

Change your password to a stronger password for shits and giggles just to be safe.

Many requesting to add ip's to ban list should do a little research, its a waste of time to ban ip's... getting a new ip is easy to do.

There is nothing that can be done to stop it from happening..no one is to blame for this happening.. there is nothing wrong with vbulletin software... welcome to the internet.
Reply With Quote
3 благодарности(ей) от:
BirdOPrey5, Lynne, Max Taxable
  #219  
Old 04-10-2014, 10:53 PM
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Posts: 3,134
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by blind-eddie View Post
Everyone in the forum software world knows the file structure of many forum software including vbulletin.

We all know bots crawl our sites everyday, they know that every member account path is "member.php?u=".
Its really easy to start with 1 then 2 then 3 ....etc...at the end of "member.php?u=" and paste your name in the login box and use a random password to see if it works.

You then get the locked account email...so what, it was not you... you know that.

Change your password to a stronger password for shits and giggles just to be safe.

Many requesting to add ip's to ban list should do a little research, its a waste of time to ban ip's... getting a new ip is easy to do.

There is nothing that can be done to stop it from happening..no one is to blame for this happening.. there is nothing wrong with vbulletin software... welcome to the internet.
Very good post.

But.... vBorg could probably re-word the email message, making it say something like:

"We locked IP 123.456.789 out of login to your account, due to multiple failed attempts to log in. The login attempts failed but please insure you have a strong password."


Might save alot of this hand wringing every time this occurs.
Reply With Quote
Благодарность от:
Lynne
  #220  
Old 04-10-2014, 11:09 PM
MYU MYU is offline
 
Join Date: Dec 2013
Location: London
Posts: 9
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I'm getting the same thing, started yesterday and all different IP address.

6 attempts in the past hour.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 07:09 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04582 seconds
  • Memory Usage 2,281KB
  • Queries Executed 12 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)pagenav_pagelinkrel
  • (10)post_thanks_box
  • (7)post_thanks_box_bit
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (4)post_thanks_postbit
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete