Warning Emails

[recon2010]

Who said they dont have passwords yet ?

Passwords and logins in diferent database place, so they trying to pick right. They dont know what password for what account lol. How otherise they know my login while i almoust not posted anything few years

[ukcobra]

I have been getting the same since 10am UK time on Wednesday, and the IP addresses trying to gain access have been in Thailand and Ukraine amongst others.

It would be nice to hear from the Moderators what suggested actions we should take.
I have already changed my password to one that is very unlikely to be cracked by brute force.

I don't believe in co-incidences, and the timing along with Heartbleed is intriguing.

[AdrianH]

Quote:

Originally Posted by ukcobra

I have been getting the same since 10am UK time on Wednesday, and the IP addresses trying to gain access have been in Thailand and Ukraine amongst others.

It would be nice to hear from the Moderators what suggested actions we should take.
I have already changed my password to one that is very unlikely to be cracked by brute force.

I don't believe in co-incidences, and the timing along with Heartbleed is intriguing.

Heartbleed?.......... no way.


Ignore them is what you do. This has happened on all forum software since the 'net began.

I have had this at both VB sites several times a year for the last 7 years, and on every forum I have membership of.

It is called a BOT. Never heard of XRumer?

Just make sure you have a decent password that the Bot can't break.

Surely as forum admins you should know what is happening?

[kollam003]

Thank god I'm not alone in this

[flapjack]

Seems pretty clear someone is launching a pretty big brute force attack against the site., probably using known passwords from sources like the Adobe cache (although that's pure speculation..).

I've been getting these emails for days, and my poor account has been inactive for ages. Most of the IPs hitting me are located throughout EU and Asia, leading me to believe it's the work if a botnet.

Whatever the case, it has nothing to do with Heartbleed. If you know anything about the exploit, you'd know if they'd used it (which is NOT by any means easy), they would not be getting passwords wrong and would not be hitting accounts like mine that haven't been used in years.

[BirdOPrey5]

We apologize to all those being inconvenienced by these emails. We will work on preventing such mass emails in the future- but for this "attack" the damage is already done.

First, the vast vast majority of you should just delete/ignore the emails- we do not need to know the IP addresses in them.

If you are not using a secure (complex / uncommon) password OR not using a password unique to vBulletin.org then you should change your password as soon as possible to be as safe as can be.

Anyone with a complex and unique password should feel absolutely safe.

Even if you got 50 such emails that translates to only a max of 250 passwords being tried against your account- likely the 250 most common passwords wich are simple words and numbers like 123456. There is no chance they will randomly get a password like monKEY$803, not with vBulletin's built in lock out system, which is the reason for the emails you are getting.

This is absolutely unrelated to the well publicized OpenSSL (Heartbleed) bug. vBulletin.org does not use SSL and that vulnerability doesn't present itself as a brute force attack.

It is also unlikely they are using passwords from Adobe or any other site- This is a brute force attack where they are using password lists of the most common passwords including those people who have the same username and password. Unfortunately this can be very effective on a site like this with many user accounts near a decade old, some of which haven't been touched in years and created at a time when password security was much less a concern.

In the mean time if you want to read more there is an open thread if the Site Feedback forum: https://vborg.vbsupport.ru/showthread.php?t=280796

If you no longer wish to have a vBulletin.org account I am sorry but we do not delete accounts. What you can do to stop getting emails is to go to Edit your Email Address: https://vborg.vbsupport.ru/profile.php?do=editpassword

Provide some new/random and undeliverable email address like 9djsbsjh@djdhdhd7shs.com and save changes. Your account will never get reconfirmed and you will no longer get any further emails, you can consider the account dead at that point.

Once again, we apologize for the inconvenience.