Go Back   vb.org Archive > Community Central > vBulletin.org Site Feedback
Reload this Page Account locked?
FAQ Community Calendar Today's Posts Search

Reply
Page 24 of 28 « First 142223 24 2526 Last »
 
Thread Tools Display Modes
  #231  
Old 04-11-2014, 06:02 AM
Brandon Sheley's Avatar
Brandon Sheley Brandon Sheley is offline
 
Join Date: Mar 2005
Location: Google Kansas
Posts: 4,678
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
got this message the other day, then just now as well..

The person trying to log into your account had the following IP address: 223.84.180.232

I deleted the other email, so no idea what the proxy ip was.. not that it really matters
Reply With Quote
  #232  
Old 04-11-2014, 08:11 AM
teou teou is offline
 
Join Date: May 2008
Posts: 9
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Several more ips from today:
119.46.203.37
183.221.174.3
117.172.66.7

Quote:
Originally Posted by ANGLICO View Post
I would like to be able to block IP addresses that appear to originate from certain countries from trying to log into my account. Is there a way to do that? Perhaps an easier option would be to PERMIT only an IP address originating in the USA to log into my account.

Ideas?

Belay the previous, I just saw this:
I have researched this matter 1-2 years ago. There are such geo-ip apache modules - you need root access to your server to install it. But it is reasonable to do only for very localized non-english language forums. Not to mention that this approach gives false positives or negatives sometimes.

Quote:
Originally Posted by zackw View Post
I think the solution is simple, the forum should just stop sending these emails. Clearly, if the block is only IP based, then it doesn't affect your own login attempts, and since no harm is done, your account was always safe.

The only email I might want is perhaps something that says that a successful login took place, from a different IP that my last login.

All I need to know is if someone is changing my password or changing my email or even if they have logged in from an IP not normal for me. This could alert me to a compromised account.

These emails about lockouts don't seem to serve any purpose if the intention is NOT to block every single IP that comes through. I personally can't do jack with the emails, it's not like I can come here and do IP blocks myself. So this may be a case of TMI. Just stop emailing people about failed login attempts.

Is that hard?
99% of the ordinary users in the world, esp. in the "post ip v4" era when there is shortage and recycling of IP blocks, are using DYNAMIC addresses. So, unless this is made as an option in the User Control Panel that can be turned off, this is not very clever solution.

Quote:
Originally Posted by Digital Jedi View Post
As was mentioned multiple times, if your password is secure, you have nothing to worry about. You do realize that this happens on every account you have across the internet, right? Daily. It's just vBulletin has a built in notification process when it happens. Most places, you'd never know unless you have an awful password. Seriously, though. Knowing your PayPal email address is about as potentially dangerous as someone knowing your last name. Everyone we did business with already knows it.

We really have to stop this paranoia every time hacking bots randomly pick this site as a target. Everything that can be done on the administration end has been done. Now you have to secure your password, just like you would everywhere else on the web. I can't understand why this doesn't sink in.
I agree it is not really dangerous, but it is just very annoying. VB Staff should just turn off these emails - can't be that hard.

Quote:
Originally Posted by VargTimmen View Post
I am also affected. Changed my password. Maybe this is caused through the heartbleed case?
This has nothing to do with it.

Quote:
Originally Posted by Lynne View Post
You guys who say this only happens on vbulletin.org - do you ever check your server access logs? I'm not talking about the apache access_logs, but the ones that show when someone tries to brute force your server. This, at vbulletin.org, is nothing compared to that!
That is true. I am administering also a PHPBB3 forum - on a very micro forum (read less than 10 K posts) i get around 10-20 such bruteforce attempts per day on average. Initially i was annoyed at the PHPBB guys, because these were not logged, not autobanned, there in no notification and these are stored in a temporary SQL table that gets auto-cleared. But after i looked at how many times these attacks happen i saw this was the right decision, otherwise the logs on the server will get HUGE.
Here is how it looks in mysql right now:

Code:
attempt_ip 	attempt_browser 	attempt_forwarded_for 	attempt_time 	user_id 	username 	username_clean
89.169.5.251 	Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/53... 		1397188458 	0 	Claytonwemn 	claytonwemn
199.15.233.139 	Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (K... 		1397172673 	0 	TimothyKACH 	timothykach
89.169.5.251 	Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/53... 		1397184431 	0 	Claytonwemn 	claytonwemn
95.26.157.169 	Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (K... 		1397199455 	0 	FishPn 	fishpn
46.119.6.88 	Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (K... 		1397153747 	0 	Ormostere 	ormostere
89.169.5.251 	Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (K... 		1397180266 	0 	Claytonwemn 	claytonwemn
95.28.228.160 	Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (K... 		1397160780 	0 	FishPn 	fishpn

The conclusion: VB Staff, please disable email spam, thank you.
Reply With Quote
  #233  
Old 04-11-2014, 09:16 AM
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
Senior Member
  
Join Date: Jun 2008
Location: New York
Posts: 10,610
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Mr.Windows View Post
Is there a way to just delete my account? I no longer participate in the VB community and would rather just remove this vector of internet from attachment to me.
In the future I hope we can make some changes to stop sending these emails to customers and instead send them to a local email address where network admins can keep an eye out. However- with the nature of the way things work here- it won't come soon enough to stop this attack, only hope it won't happen again in the future.

Quote:
Originally Posted by SyrLinus View Post
Add 117.164.9.166 as they tried again tonight. I will be glad when this OpenSSL issue is addressed.
Not an OpenSSL issue. Completely unrelated- vBulletin.org doesn't use SSL. Even if it did, a brute force attack isn't a symptom of the OpenSSL issue- they would already have the sensitive data, they wouldn't be trying to figure it out.

Quote:
Originally Posted by sb225 View Post
I am too getting a lot of emails from the past, that some one is trying to loginto my account, can you keep my account in safe place.
As long as you have a decently secure password you are safe. Make sure all websites, especially vBulletin.org has a secure (complex/long) and unique password. The unique part being perhaps the most importing. With a unique password the absolute worst thing a hacker could do is post as you- which isn't high on the severity meter.

Quote:
Originally Posted by teou View Post
c
The conclusion: VB Staff, please disable email spam, thank you.
We hear you and will do something as soon as we can, but it won't be today unfortunately.
Reply With Quote
  #234  
Old 04-11-2014, 09:40 AM
AdrianH AdrianH is offline
 
Join Date: Sep 2007
Posts: 222
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Joe, I would think long and hard about turning off the warnings.

All that will happen is on the next attack , staff and the forum will be swamped with people whining that their account was locked, that they couldn't get mods, that nobody warned them, and they should have been told that someone was attempting to access their account.

Been there, done it .......... you can't win.

As forum admins the members here should know what the emails mean, after all their own forums do exactly the same when the Bots are active.
Reply With Quote
  #235  
Old 04-11-2014, 09:51 AM
Lightly_Toasted Lightly_Toasted is offline
 
Join Date: Mar 2013
Posts: 9
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Very irritating... 5 emails concerning this in less than a minute.
Reply With Quote
  #236  
Old 04-11-2014, 10:29 AM
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
Senior Member
  
Join Date: Jun 2008
Location: New York
Posts: 10,610
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by AdrianH View Post
All that will happen is on the next attack , staff and the forum will be swamped with people whining that their account was locked,
No one is locked out. Even when they get the emails, they aren't locked out. The lock only applies to the IP address causing the problem, so unless their own computer is part of the attack they can always access their account.
Reply With Quote
  #237  
Old 04-11-2014, 10:37 AM
smacklan's Avatar
smacklan smacklan is offline
 
Join Date: Mar 2005
Posts: 497
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Got an email about the account lock myself yesterday. IP was 80.80.209.186 (Uzbekistan). First time I've logged in here in a very long time...last time was to change my password from the last big security flaw in vB.
Reply With Quote
  #238  
Old 04-11-2014, 11:00 AM
JeansJoe JeansJoe is offline
 
Join Date: Sep 2009
Posts: 8
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I got around 20 of these emails. 10 yesterday 10 today in my inbox.
I switched Passwords just to be safe.

It's a lot of different IP's tho.
Could this be a DDoS?
Reply With Quote
  #239  
Old 04-11-2014, 11:24 AM
HawkeBoE HawkeBoE is offline
 
Join Date: Mar 2012
Posts: 12
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Same here, got lots of lockout mails with different IPs.
Because of timedifference my phone made me crazy last night... & had to turn of nortifications for mail receive
Reply With Quote
  #240  
Old 04-11-2014, 12:45 PM
lgnd's Avatar
lgnd lgnd is offline
 
Join Date: Jun 2007
Posts: 47
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I got 5 emails in two days also changed my pw is there anything else I can do to prevent this? Thanks!
Reply With Quote
Reply
Page 24 of 28 « First 142223 24 2526 Last »

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 05:24 AM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.07129 seconds
  • Memory Usage 2,293KB
  • Queries Executed 14 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_code
  • (10)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)pagenav_pagelinkrel
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete