Register Members List Search Today's Posts Mark Forums Read

Closed Thread
 
Thread Tools
  #1  
Old 11 Apr 2014, 02:49
DirtRider DirtRider is offline
 
Join Date: Feb 2011
Warning Emails

Since I have sold my VB licence I keep getting loads of these mails

Dear DirtRider,

Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 195.199.173.201

Don't forget that the password is case sensitive. Forgotten your password? Use the link below:
http://www.vbulletin.org/forum/login.php?do=lostpw

All the best,
vBulletin.org Forum
  #2  
Old 11 Apr 2014, 03:02
SyrLinus SyrLinus is offline
 
Join Date: Apr 2008
It's likely due to Heartbleed. Someone is trying to compromise the site.
  #3  
Old 11 Apr 2014, 03:04
ssoc ssoc is offline
 
Join Date: Oct 2011
In the last 2 days I too have received around 20 of these emails.
I have just changed my password to something more secure just to be on the safe side, but I hope vBulletin are looking into this.

The first load of logins attempts were on Wednesday night, and then tonight (thursday) they started coming through again.

The person/bot that is trying to login to my account must be using a proxy as the logged IP address changes on each login attempt. I did search a few of the IP's and most of them seem to be in China.
  #4  
Old 11 Apr 2014, 03:36
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Originally Posted by SyrLinus View Post
It's likely due to Heartbleed. Someone is trying to compromise the site.
Total nonsense. What's generating these emails is the work of just a typical dumbass, script kiddie running a brute force password cracker such as Brutus.

The "heartbleed" exploit is totally unrelated to this and is completely unrelated to vBulletin.

Last edited by Max Taxable; 11 Apr 2014 at 03:44.
  #5  
Old 11 Apr 2014, 06:02
Kirschtorte Kirschtorte is offline
 
Join Date: Jun 2009
Thumbs down

Originally Posted by ssoc View Post
In the last 2 days I too have received around 20 of these emails.
Me too.

Originally Posted by ssoc View Post
I did search a few of the IP's and most of them seem to be in China.
I agree.
  #6  
Old 11 Apr 2014, 06:19
Areku Areku is offline
 
Join Date: Feb 2002
Im in too ((
  #7  
Old 11 Apr 2014, 06:44
Raphaelx Raphaelx is offline
 
Join Date: Apr 2007
The person trying to log into your account had the following IP address: 197.255.60.78
The person trying to log into your account had the following IP address: 183.220.233.153
The person trying to log into your account had the following IP address: 184.82.27.226
The person trying to log into your account had the following IP address: 177.129.157.1
The person trying to log into your account had the following IP address: 78.25.82.66
The person trying to log into your account had the following IP address: 223.83.129.198
  #8  
Old 11 Apr 2014, 07:03
Brandon Sheley's Avatar
Brandon Sheley Brandon Sheley is offline
 
Join Date: Mar 2005
Real name: Brandon
Originally Posted by SyrLinus View Post
It's likely due to Heartbleed. Someone is trying to compromise the site.
These have been happening for years.. It wouldn't solely be on this new exploit IMO.
__________________

Email me for website help: brandon[at]sheley[dot]org
  #9  
Old 11 Apr 2014, 07:32
recon2010 recon2010 is offline
 
Join Date: Aug 2010
Bulletin.org Forum [email protected]

04:18 (6 hours ago)

to me
Dear recon2010,

Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 113.190.253.180


-------------------------------------------------------------------->

vBulletin.org Forum [email protected]

03:55 (6 hours ago)

to me
Dear recon2010,

Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 187.65.84.96
----------------------------------------------------->

vBulletin.org Forum [email protected]

03:54 (6 hours ago)

to me
Dear recon2010,

Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 79.99.24.7

Don't forget that the password is case sensitive. Forgotten your password? Use the link below:
http://www.vbulletin.org/forum/login.php?do=lostpw

All the best,
vBulletin.org Forum

-------------------------------->
vBulletin.org Forum [email protected]

04:00 (6 hours ago)

to me
Dear recon2010,

Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 85.185.82.13
---------------------------------------------->

Need to do something. They attacking other vbulletin account sites too.

--------------- Added 11 Apr 2014 at 07:34 ---------------

Need just shut down compromissed servers. If they not do it we use same cure in ddos.
  #10  
Old 11 Apr 2014, 07:49
Chris27 Chris27 is offline
 
Join Date: Oct 2010
I've been receiving the same emails.

If this were related to Heartbleed the hacker would likely have our passwords already by pulling them out of the server's RAM and not trying to get in with a bunch of incorrect passwords.
  #11  
Old 11 Apr 2014, 08:10
recon2010 recon2010 is offline
 
Join Date: Aug 2010
Who said they dont have passwords yet ?

Passwords and logins in diferent database place, so they trying to pick right. They dont know what password for what account lol. How otherise they know my login while i almoust not posted anything few years
  #12  
Old 11 Apr 2014, 08:18
ukcobra ukcobra is offline
 
Join Date: Dec 2002
I have been getting the same since 10am UK time on Wednesday, and the IP addresses trying to gain access have been in Thailand and Ukraine amongst others.

It would be nice to hear from the Moderators what suggested actions we should take.
I have already changed my password to one that is very unlikely to be cracked by brute force.

I don't believe in co-incidences, and the timing along with Heartbleed is intriguing.
__________________
Mark Hayden
Forum - www.mocgb.net/forums
  #13  
Old 11 Apr 2014, 09:26
AdrianH AdrianH is offline
 
Join Date: Sep 2007
Originally Posted by ukcobra View Post
I have been getting the same since 10am UK time on Wednesday, and the IP addresses trying to gain access have been in Thailand and Ukraine amongst others.

It would be nice to hear from the Moderators what suggested actions we should take.
I have already changed my password to one that is very unlikely to be cracked by brute force.

I don't believe in co-incidences, and the timing along with Heartbleed is intriguing.

Heartbleed?.......... no way.


Ignore them is what you do. This has happened on all forum software since the 'net began.

I have had this at both VB sites several times a year for the last 7 years, and on every forum I have membership of.

It is called a BOT. Never heard of XRumer?

Just make sure you have a decent password that the Bot can't break.

Surely as forum admins you should know what is happening?
  #14  
Old 11 Apr 2014, 10:25
kollam003 kollam003 is offline
 
Join Date: May 2007
Thank god I'm not alone in this
__________________
Gratitude for everything I have
  #15  
Old 11 Apr 2014, 10:28
flapjack flapjack is offline
 
Join Date: Jan 2006
Real name: Andrew
Seems pretty clear someone is launching a pretty big brute force attack against the site., probably using known passwords from sources like the Adobe cache (although that's pure speculation..).

I've been getting these emails for days, and my poor account has been inactive for ages. Most of the IPs hitting me are located throughout EU and Asia, leading me to believe it's the work if a botnet.

Whatever the case, it has nothing to do with Heartbleed. If you know anything about the exploit, you'd know if they'd used it (which is NOT by any means easy), they would not be getting passwords wrong and would not be hitting accounts like mine that haven't been used in years.
Closed Thread

Similar Threads
Thread Thread Starter Forum Replies Last Post
Mini Mods Warning about Report Icon/Warning Block on Profile Page cheat-master30 vBulletin 3.7 Template Modifications 13 24 Nov 2008 12:44



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 13:29.

Layout Options | Width: Wide Color: