Go Back   vb.org Archive > News and Announcements > News and Announcements

Closed Thread
 
Thread Tools Display Modes
  #1  
Old 05-29-2011, 01:33 PM
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Location: California/Idaho
Posts: 41,180
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Yesterday's brute force attempts at password hacking

Yesterday afternoon, it seems there was somebody (or a group of somebodies) who decided to try to brute force their way to hacking vbulletin.org user accounts. Several of you got emails about being locked out of your accounts after the five attempts were made. Unfortunately, there is no one IP, or even an IP range, that we can block to stop this as the IPs came from all over.

I would strongly suggest that users change their passwords. You should pick a password that is at least fourteen characters long and utilize both lower and upper case letters as well as numbers and other keyboard characters

There is a password generator here that you may use to create a random, strong, password - http://strongpasswordgenerator.com/
  #2  
Old 05-29-2011, 03:42 PM
wraggster wraggster is offline
 
Join Date: Mar 2005
Posts: 78
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

ahh i wondered why i got the message, my site had been hacked recently and we have introduced a heck of a lot of new security measures and ive made my passwords 30 chars long.

Thank god it wasnt just me
  #3  
Old 05-29-2011, 04:12 PM
gamerzhut gamerzhut is offline
 
Join Date: Jan 2010
Posts: 136
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

But what happened to me was different, even after entering the right password it said incorrect. After 15mins i got the account locked email . .But i manually entered my password for all the 5times.
  #4  
Old 05-29-2011, 04:46 PM
AdrianH AdrianH is offline
 
Join Date: Sep 2007
Posts: 222
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by gamerzhut View Post
But what happened to me was different, even after entering the right password it said incorrect. After 15mins i got the account locked email . .But i manually entered my password for all the 5times.
Then you should PM an admin for help.
  #5  
Old 05-29-2011, 05:28 PM
Alfa1's Avatar
Alfa1 Alfa1 is offline
 
Join Date: Dec 2005
Location: Netherlands
Posts: 3,537
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Lynne View Post
Unfortunately, there is no one IP, or even an IP range, that we can block to stop this as the IPs came from all over.
You can block the useragent and other aspects with vB Bad Behavior.
  #6  
Old 05-29-2011, 05:37 PM
Adem GEN?'s Avatar
Adem GEN? Adem GEN? is offline
 
Join Date: Apr 2005
Location: İstanbul / T?rkiye
Posts: 377
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I got the email
Quote:
The person trying to log into your account had the following IP address: 196.1.70.202
Now I changed my password, vbulletin.org & vbulletin.com
Now my passwords 33 characters
  #7  
Old 05-29-2011, 11:00 PM
Lumina's Avatar
Lumina Lumina is offline
 
Join Date: Sep 2002
Location: France
Posts: 17
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Lynne View Post
I would strongly suggest that users change their passwords. You should pick a password that is at least fourteen characters long and utilize both lower and upper case letters as well as numbers and other keyboard characters

There is a password generator here that you may use to create a random, strong, password - http://strongpasswordgenerator.com/
Dear administrator,

1) vbulletin.org Lost Password Recovery Form generates base 10 only passwords (0-9), 8 characters long. PHP suggests the following characters for higher bases:
*base 16: (0-9, a-f)
*base 32: (0-9, a-v)
*base 64: (0-9, a-z, A-Z, "-", ",")
You should adopt the base 64 for generated passwords and make it 16 chars long.

2) Wysisyg mode on Google Chrome will prevent you from replying to this thread and your message will be lost. I had to write it again.
  #8  
Old 05-29-2011, 11:43 PM
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Location: California/Idaho
Posts: 41,180
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Lumina View Post
Dear administrator,

1) vbulletin.org Lost Password Recovery Form generates base 10 only passwords (0-9), 8 characters long. PHP suggests the following characters for higher bases:
*base 16: (0-9, a-f)
*base 32: (0-9, a-v)
*base 64: (0-9, a-z, A-Z, "-", ",")
You should adopt the base 64 for generated passwords and make it 16 chars long.
You should not be keeping the generated password. You should only use it to login and then you should be setting it yourself.
  #9  
Old 05-30-2011, 09:08 AM
DragonByte Tech's Avatar
DragonByte Tech DragonByte Tech is offline
 
Join Date: Feb 2010
Location: Scotland
Posts: 8,814
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

82.145.242.38
201.22.130.226
120.136.20.91

Those are the IPs I got for my old "Revan" account, in case you wanted to ban them or write them down or whatever


Fillip
  #10  
Old 05-30-2011, 04:58 PM
qryztufre qryztufre is offline
 
Join Date: May 2005
Posts: 10
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

The person trying to log into your account had the following IP address: 200.181.109.18

add this IP to the list...
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:20 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04835 seconds
  • Memory Usage 2,249KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (5)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete