People are trying to brute force my account

[Bluemax712]

For anyone keeping track here is the sorted list of previous 3 posts - with my own included:
42.121.16.222
49.0.124.102
49.0.124.122
49.0.124.150
49.0.124.230
58.56.33.99
59.57.15.71
60.191.19.198
62.210.226.142
66.35.68.145
77.110.120.200
78.134.255.43
78.85.39.109
80.250.35.180
82.200.254.250
82.99.255.68
84.241.52.97
84.55.76.228
85.133.162.132
103.10.22.229
103.246.146.149
103.247.16.2
109.224.1.110
110.139.118.95
110.139.141.104
111.161.30.218
111.221.3.218
112.5.254.20
113.106.191.164
113.9.163.101
115.182.33.11
115.238.83.98
116.25.237.211
118.96.110.208
118.96.52.126
118.97.133.66
118.97.79.124
119.235.54.23
123.125.74.212
125.39.66.147
125.39.66.154
125.88.74.95
177.53.104.9
180.250.130.186
186.0.194.26
186.103.129.84
186.103.136.228
186.94.178.236
186.95.122.15
187.126.88.225
187.174.250.131
187.5.228.123
187.72.187.57
190.1.162.42
190.153.5.95
190.205.230.226
190.221.174.130
190.248.67.118
190.37.38.210
190.76.248.144
197.251.194.167
200.141.202.162
200.70.25.51
200.88.113.147
201.208.49.238
201.209.69.131
202.51.118.14
202.69.105.154
208.163.36.221
210.14.143.53
211.100.47.244
212.57.3.94
213.154.203.148
218.94.149.114
222.57.81.198

[mykkal]

Brute force will block logins via IP, not username so if you have it configured correctly, you won't have to worry about them ever trying to break your passwords again. It would take too long.

I look at my brute force reports now and then... But mostly I don't worry cause it blocks them.

--------------- Added [DATE]1359852530[/DATE] at [TIME]1359852530[/TIME] ---------------

I'm considering blocking China too. I do get indexed by baidu but I receive relatively little traffic from China. Its strange that its beneficial to cut 1 billion people off.

China's government has to know about these things. They are heavily industrialized and they seem to steal everything they can. Our government is doing nothing about it.

Quote:

Originally Posted by DivisionByZero

99% of SPAM comes from China. I have no reason for anyone in China to view any content on my servers, so I block all Chinese IP space at the firewall level.

The current IP list by country is available from ARIN or here: http://www.nirsoft.net/countryip/cn.html

I get maybe one or two a month at this rate and ASL blocks the IP of any suspicious activity forever.

--------------- Added [DATE]1359852764[/DATE] at [TIME]1359852764[/TIME] ---------------

How did you make that trap? That's hella cool.

Quote:

Originally Posted by DAMINK

I made a fake admin/mod area that ultimately leads to a trap and .htaccess bans that ip address.
Nice simple easy solution.

[CableSux]

I just started receiving these emails now. Obviously it's working to keep them from getting into my account. But how do I set up my vbulletin to do the same for my site? Someone mentioned Brut Force?

[Amaury]

Quote:

Originally Posted by Alex_Grist

I've also had over 150 emails regarding my account being locked due to someone attempting to brute force my password; VBulletin should be better prepared for something like this, surely having an account locked means you can't attempt at all for 15 minutes? This is annoying spam that needs to be prevented.

Edit:

Added a GMail filter to automatically delete the annoying emails.

If you checked "Remember Me?" whenever you last logged in and just close your browser when you're done browsing instead of logging out, then these brute force attacks won't affect you.

They only lock you out from logging in, but if you're already logged in, then you can still use the site as you would any other day.

As for account locks, for the reference, I've got a total of 66 e-mails.

[BigJohnny]

Same here...just now. a few times.

I reset my password.

[CaseLogic]

Damn, this is happening to me now. I came to create a thread but apparently some botnet is having a field day on these forums.

And clearly VB staff doesn't care much about these attempts given no one has officially commented in the past few days?

[Bluemax712]

Quote:

Originally Posted by DivisionByZero

99% of SPAM comes from China. I have no reason for anyone in China to view any content on my servers, so I block all Chinese IP space at the firewall level.

The current IP list by country is available from ARIN or here: http://www.nirsoft.net/countryip/cn.html

I get maybe one or two a month at this rate and ASL blocks the IP of any suspicious activity forever.

Amazingly this is not true according to Spamhaus
most spam comes from US
http://www.spamhaus.org/statistics/countries/

[Amaury]

Quote:

Originally Posted by CaseLogic

Damn, this is happening to me now. I came to create a thread but apparently some botnet is having a field day on these forums.

And clearly VB staff doesn't care much about these attempts given no one has officially commented in the past few days?

The staff has no control over it.

[CableSux]

I like how I was notified by vB that someone attempted to login to my account. How do I set up my site to do the same thing... and track those attempts?

[CaseLogic]

Quote:

Originally Posted by Amaury25

The staff has no control over it.

First off, I disagree. They can start banning IP ranges so this doesn't keep happening slowly to their entire userbase.

Secondly, even if they don't take any action to prevent it, it couldn't hurt to send users emails to inform them that apparently botnets are trying to brute force their way into people's accounts, and to take the proper measures (ensure passwords are secured, etc).