Go Back   vb.org Archive > Community Central > vBulletin.org Site Feedback
Reload this Page Account locked?
FAQ Community Calendar Today's Posts Search

Reply
Page 14 of 28 « First 41213 14 151624 Last »
 
Thread Tools Display Modes
  #131  
Old 06-12-2013, 05:26 PM
Kat-2's Avatar
Kat-2 Kat-2 is offline
 
Join Date: Feb 2011
Posts: 97
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Possible correct theory, but I run visible, and between 5 and 5:30 AM (central time), I received approximately 30 emails saying I was locked out. Umm...I was sound asleep then, so sure was not showing online...
Reply With Quote
  #132  
Old 06-12-2013, 05:27 PM
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Posts: 3,134
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Kat-2 View Post
Possible correct theory, but I run visible, and between 5 and 5:30 AM, I received approximately 30 emails saying I was locked out. Umm...I was sound asleep then, so sure was not showing online...
We don't know how long they keep us showing online though, and we also don't know when the brute force attackers are gathering their target lists. Could be minutes, hours, days? Between gathering the info and launching the attacks.

I only know I have never been targeted and also have never run visible here.
Reply With Quote
  #133  
Old 06-12-2013, 05:30 PM
Kat-2's Avatar
Kat-2 Kat-2 is offline
 
Join Date: Feb 2011
Posts: 97
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Max Taxable View Post
We don't know how long they keep us showing online though, and we also don't know when the brute force attackers are gathering their target lists. Could be minutes, hours, days? Between gathering the info and launching the attacks.

I suppose. Would have definitely had to have been keeping me showing online for a good 10/12 hours I'd say...if that were the case.
Reply With Quote
  #134  
Old 06-12-2013, 05:31 PM
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Posts: 3,134
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Kat-2 View Post
I suppose. Would have definitely had to have been keeping me showing online for a good 10/12 hours I'd say...if that were the case.
Not necessarily. It depends on when the attackers gathered their target data. This, we have no way to know.
Reply With Quote
  #135  
Old 06-12-2013, 05:33 PM
Kat-2's Avatar
Kat-2 Kat-2 is offline
 
Join Date: Feb 2011
Posts: 97
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
All is null as far as I am concerned. Was not a successful attack anyhow.
Reply With Quote
  #136  
Old 06-12-2013, 05:37 PM
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Posts: 3,134
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
They only need to get one successful attack.

Gathering the target usernames isn't necessarily happening at the same time the attacks are. In fact, were I doing this I would gather names over at least a week's period, entering them into the brute force cracking software, getting some thousands accumulated before launching the actual attack.
Reply With Quote
  #137  
Old 06-12-2013, 05:46 PM
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
Senior Member
  
Join Date: Jun 2008
Location: New York
Posts: 10,610
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Max Taxable View Post
I've never been hit by this here at vB dot org. And I am wondering if it's because I run "invisible." The brute force attacks might or might not be random - they might be getting active accounts to target from the bottom of the main forum page, the aggregate "what's going on" area.

Just a theory.
You haven't been hit because they always go in alphabetical order and they'be always stopped before M in the past.
Reply With Quote
Благодарность от:
Kat-2
  #138  
Old 06-12-2013, 05:47 PM
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Posts: 3,134
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by BirdOPrey5 View Post
You haven't been hit because they always go in alphabetical order and they'be always stopped before M in the past.
Are they hitting nonexistant accounts, or are they choosing correct names from 'who's online?"

They may have gone further than the letter M, at least one time:

https://vborg.vbsupport.ru/showpost....1&postcount=83
Reply With Quote
  #139  
Old 06-12-2013, 05:53 PM
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
Senior Member
  
Join Date: Jun 2008
Location: New York
Posts: 10,610
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
They are hitting people who haven't logged in for 7 years... so it's not who's online. It was either a copy of the member's list (made before the attack) or a spider that just crawled the site and captured all the usernames. They would need to sort them anyway to prevent duplicates so it makes sense they are in alphabetical order.

They seem to have skipped accounts that start with a special character, like !username, so I'm not convinced they used the member's list as those names are on top.
Reply With Quote
Благодарность от:
Max Taxable
  #140  
Old 06-12-2013, 05:55 PM
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Posts: 3,134
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by BirdOPrey5 View Post
They are hitting people who haven't logged in for 7 years... so it's not who's online. It was either a copy of the member's list (made before the attack) or a spider that just crawled the site and captured all the usernames. They would need to sort them anyway to prevent duplicates so it makes sense they are in alphabetical order.

They seem to have slipped accounts that start with a special character, like !username, so I'm not convinced they used the member's list as those names are on top.
And of course, they don't have a common item in their UA string, like Brutus for example, leaves.

Makes it really difficult to block or inhibit.
Reply With Quote
Reply
Page 14 of 28 « First 41213 14 151624 Last »

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 11:35 AM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04508 seconds
  • Memory Usage 2,288KB
  • Queries Executed 14 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (6)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (2)pagenav_pagelinkrel
  • (10)post_thanks_box
  • (2)post_thanks_box_bit
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (2)post_thanks_postbit
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete