Go Back   vb.org Archive > Community Central > vBulletin.org Site Feedback
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #201  
Old 04-10-2014, 05:30 PM
Digital Jedi's Avatar
Digital Jedi Digital Jedi is offline
 
Join Date: Oct 2006
Location: PopCulturalReferenceLand
Posts: 5,171
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by X-or View Post
Does not mean nobody got hacked, just that nobody reported yet. I have looked in my user CP, there is a paypal email address field, maybe that's what the hackers are after. If they can get both a password and a paypal email address, it's potentially very dangerous. There is also the homepage field that can be potentially very dangerous. I recommend people to blank these fields if no measures are going to be taken.
As was mentioned multiple times, if your password is secure, you have nothing to worry about. You do realize that this happens on every account you have across the internet, right? Daily. It's just vBulletin has a built in notification process when it happens. Most places, you'd never know unless you have an awful password. Seriously, though. Knowing your PayPal email address is about as potentially dangerous as someone knowing your last name. Everyone we did business with already knows it.

We really have to stop this paranoia every time hacking bots randomly pick this site as a target. Everything that can be done on the administration end has been done. Now you have to secure your password, just like you would everywhere else on the web. I can't understand why this doesn't sink in.
Reply With Quote
  #202  
Old 04-10-2014, 05:39 PM
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
Senior Member
 
Join Date: Jun 2008
Location: New York
Posts: 10,610
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by whitetigergrowl View Post
No biggie until they eventually hack into your account and get your password. Anyone that says this is no biggie is seriously underestimating what is going on and potentially willing to compromise their account and information here and elsewhere.

200.112.211.80
117.164.142.150

I had 2 attempts on my account at the same time today. (8:09am)

Do not underestimate or downplay this. One IP is from Columbia and another from China in my case.
If you have a secure password it would take hundreds of thousands or millions or more chances to brute force break your password. Even someone who got 50 emails only had 250 max unique passwords checked on their account. The chances of them getting it right are almost zero. If your password is even puppy1036 they are never going to get it with this attack.

They are looking for the extremely week passwords- such as-
password
123456
abcde
[your username]

etc...

Quote:
Originally Posted by JetLee View Post
What got me worrying is that someone also called my cell phone carrier trying to ascertain my home address. WTF? I've since put extra security measures in place with all utilities and banks as well as changing all forum passwords to something even more complicated than I was already using.
I can assure you they are not related. This happens every few months around here- they are only looking for valid, licensed, accounts.
Reply With Quote
  #203  
Old 04-10-2014, 05:42 PM
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
Senior Member
 
Join Date: Jun 2008
Location: New York
Posts: 10,610
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by X-or View Post
Does not mean nobody got hacked, just that nobody reported yet. I have looked in my user CP, there is a paypal email address field, maybe that's what the hackers are after. If they can get both a password and a paypal email address, it's potentially very dangerous. There is also the homepage field that can be potentially very dangerous. I recommend people to blank these fields if no measures are going to be taken.
The paypal field is only of value to coders/designers who can receive donations from other members as thanks for their mods.

There is no risk so long as you don't have the same password for vbulletin.org and paypal.

My paypal email is: paypal@juot.net - I welcome any donations anyone wants to send - there is ZERO risk making this public.
Reply With Quote
  #204  
Old 04-10-2014, 06:01 PM
TNCclubman's Avatar
TNCclubman TNCclubman is offline
 
Join Date: Sep 2008
Posts: 690
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

getting brute forced as well here getting notifications of wrong password.
Reply With Quote
  #205  
Old 04-10-2014, 06:02 PM
whitetigergrowl whitetigergrowl is offline
 
Join Date: Jun 2004
Posts: 243
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

It may happen every few months, but it doesn't make it any less serious. Maybe there is something the site can do to help prevent or minimize further attacks? I'm sure there are a number of things that can be done.

Vbulletin.org is the only site I have had this happen at. While its possible or likely it may have happened at others and I never knew about it, its still not reassuring IMO.

Or is it gonna take something catastrophic to happen and the damage done before its taken more seriously. Simply put this I don't think should be happening as often as it is to the point its affecting members here. Let alone to the point its making them jittery.

We don't know what they are after or what the true intention is. Having a good password may still not stop them. Its obvious they are looking for something. The question is if they get what they are looking for, is VB.org prepared to deal with the fallout and who will take responsibility for not trying to do more about it ahead of time when the chance was there?

This caught my attention. Downplaying it is not something I know I would be doing.
Reply With Quote
  #206  
Old 04-10-2014, 06:16 PM
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
Senior Member
 
Join Date: Jun 2008
Location: New York
Posts: 10,610
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

The only thing we will likely do at some point is stop having so many emails sent to the users since there is really nothing you can do about it.

We will monitor when these things happen but there isn't a whole lot anyone can do.

The fact these emails are generated frankly means the system is working.

vBulletin.org has no real sensitive data beyond forum holder email addresses- and as long as you use a unique password and a secure password there is no need to worry.
Reply With Quote
  #207  
Old 04-10-2014, 07:16 PM
HeloHi's Avatar
HeloHi HeloHi is offline
 
Join Date: Feb 2005
Posts: 42
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I just changed my password to something freakishly long and complex. I suggest others to do the same.
Reply With Quote
  #208  
Old 04-10-2014, 07:19 PM
owning_y0u owning_y0u is offline
 
Join Date: Dec 2008
Location: Netherlands
Posts: 159
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by HeloHi View Post
I just changed my password to something freakishly long and complex. I suggest others to do the same.
32 chars FTW ;-)
Reply With Quote
  #209  
Old 04-10-2014, 08:14 PM
Alan_SP's Avatar
Alan_SP Alan_SP is offline
 
Join Date: Nov 2009
Posts: 1,122
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by zackw View Post
The only email I might want is perhaps something that says that a successful login took place, from a different IP that my last login.
I have dynamic IP address. It's normal in my country.

Every time I login, I'm using different IP. This would mean I'd receive emails every time when I login.

On the other hand, something like this would mean a difference to people who wants to be extra safe.
Reply With Quote
  #210  
Old 04-10-2014, 08:28 PM
RaiinbowEyes RaiinbowEyes is offline
 
Join Date: Jun 2011
Posts: 17
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Good to know I'm not alone, someone has been trying to hack my account with a proxy as well. How annoying >_< Guess it's time to change the PW to something ridiculous
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 02:27 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04642 seconds
  • Memory Usage 2,282KB
  • Queries Executed 12 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (6)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)pagenav_pagelinkrel
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete