Account locked?

[kafi]

Same emails in my inbox.

[Jonm]

22 emails about this!

114.141.162.60
95.181.40.202
86.123.226.93
100.45.50.131
94.73.62.44
116.50.153.66
200.196.51.130
178.77.243.110
58.242.249.31
140.112.174.24
72.29.4.111
190.102.17.240
210.43.128.18
210.14.133.202
121.12.167.197
2.133.94.42
91.228.53.28
183.62.139.214
202.77.119.114
119.36.87.26
58.22.151.184
85.15.227.78
118.97.206.254
190.111.122.2
89.218.101.26
197.220.163.75

[JonUrban]

I got about 50 of those locked out account emails as well from 3:15AM ET to 4:16AM ET, June 12, all saying my account was locked out. Funny thing is, when I came here, it was not! I changed my password, but it's a bit freaky to wake up to all of this.

I did a WhoIs on the IPs, and they are mostly from China. What do they expect to get from this.

I noticed in my CPanel for my webspace that my forum is getting a lot of hits from China. I wish I knew what they were up to.

Spooky stuff.

Quote:

Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 91.103.127.37

Don't forget that the password is case sensitive. Forgotten your password? Use the link below:
https://vborg.vbsupport.ru/login.php?do=lostpw

All the best,
vBulletin.org Forum

Here are all the IPs, in the order that I got the emails, for those interested:

86.96.229.68
206.251.61.230
24.172.34.114
23.30.90.105
222.37.177.243
60.220.212.60
187.185.71.90
183.166.191.243
218.5.74.174
189.85.24.242
222.89.154.6
218.188.13.237
186.103.135.82
118.195.65.243
2.133.92.242
118.98.233.6
61.136.93.38
202.182.53.57
201.77.202.68
58.252.56.148
110.138.239.223
58.252.56.149
113.200.214.42
78.38.23.242
116.228.55.217
176.33.138.156
203.215.48.38
119.187.148.81
58.22.151.184
203.189.136.17
60.223.228.2
197.160.56.108
202.102.26.136
211.161.152.108
95.161.7.13
46.21.240.253
119.36.87.26
192.110.163.22
46.16.180.58
112.220.224.187
187.6.252.146
190.124.165.194
202.150.137.154
60.223.255.141
77.94.48.5
85.15.227.78
91.103.127.37
193.160.225.13
221.0.90.54
223.4.118.98

[kitsch]

Same emails in my inbox too.

[KenDude]

Quote:

Originally Posted by Paul M

To repeat again - please dont post lists of IP addresses, its not serving any purpose, just filling up the thread.

This is just an automated system that uses zombie PCs all around the world (hence the hundreds of IPs) and tries a list of common, easy to guess passwords, and then moves on when it fails.

All you need to do is make sure you have a good password, that cannot be easily guessed, and delete the e-mails. You can of course change you password if you desire.

Paul,
Why do you say this? Why couldn't I take that list of IP addresses and block them on my own forum? If those are known bad zombie PCs then I don't want them hitting my site for any reason, password hacking or otherwise. Knowing their IP address would allow me to add them to the blocked list on my site. Thus, I fail to see the harm in posting the IP addresses if others wish to do something with the list. Am I missing something here?

[jimsflies]

Got about 40 of these emails this morning.

One question I have is why doesn't vb.org block known spammers at the htaccess level? On my site, I block ips from known spammers and IP ranges from countries known to be rife with illicit internet activity (granted the later option probably isn't viable here on vb.org).

As an example a couple months ago, I posted a link to a new test site here on vb.org because I had a question about something I was working on and within a day I had more than 10 new spammer accounts on the new forum...that was the only link I ever posted and ended up editing my post to remove the link the next day. I think vb.org is used a lot by spammers because it is a treasure trove of links to other forums.

[Jonm]

Quote:

Originally Posted by KenDude

Paul,
Why do you say this? Why couldn't I take that list of IP addresses and block them on my own forum? If those are known bad zombie PCs then I don't want them hitting my site for any reason, password hacking or otherwise. Knowing their IP address would allow me to add them to the blocked list on my site. Thus, I fail to see the harm in posting the IP addresses if others wish to do something with the list. Am I missing something here?

I echo this.

[Digital Jedi]

Quote:

Originally Posted by KenDude

Paul,
Why do you say this? Why couldn't I take that list of IP addresses and block them on my own forum? If those are known bad zombie PCs then I don't want them hitting my site for any reason, password hacking or otherwise. Knowing their IP address would allow me to add them to the blocked list on my site. Thus, I fail to see the harm in posting the IP addresses if others wish to do something with the list. Am I missing something here?

I'm not sure how many different ways this can be said to you guys. You will spend each day, every day, adding new IPs to your .htaccess if you try to do it that way. That's would not just be time consuming, it would be ultimately fruitless. It wouldn't do the job of preventing these IPs from hacking into your account.* What you would need is a system that prevents ANY automated system from getting into your account based on known hacking behavior. Wanna guess what that system is?

Guys, the only reason you even know about this is because you got an email letting you know the attempt failed. That's really the only reason you even noticed. The same thing is happening to any account you have anywhere on the internet, and only a handful of those site are going to alert you of the suspicious behavior. It just so happens vB is small enough of a website (by comparison) that a larger group of us have noticed. But the site is doing it's job. If you're password is safe, then you're account is safe. When you do get emails that someone was blocked, you should be sighing relief, not freaking out and wondering what went wrong.

*Blocking IPs is to prevent spam on already registered accounts, which is pretty much a fruitless endevour in of itself. Spam should be block on the registration level. What these IPs are doing is trying to hack passwords for other purposes.)

[lapiervb]

Same thing is happening to me right now. Coming from China..... go figure.

[LaBella]

This just happened to me, as well. Right now from these IP addresses:

190.111.122.2
2.133.93.90
58.250.87.123
109.175.8.42
222.35.61.196