Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #196  
Old 10 Apr 2014, 16:40
Antivirus's Avatar
Antivirus Antivirus is offline
 
Join Date: Sep 2004
Yes - I've been getting the notifications as well. I just delete em, fortunately once the lock kicks in they seem to move on to another username until the following day - no biggie
__________________
Please feel free to PM me about custom work, installations, and upgrades!

Eclipse Records - Streetcult Street Team
Reply With Quote
  #197  
Old 10 Apr 2014, 16:42
carsafety carsafety is offline
 
Join Date: Apr 2006
Ditto. Started a few days ago, happening a lot more today.
Reply With Quote
  #198  
Old 10 Apr 2014, 16:59
whitetigergrowl whitetigergrowl is offline
 
Join Date: Jun 2004
Originally Posted by Antivirus View Post
Yes - I've been getting the notifications as well. I just delete em, fortunately once the lock kicks in they seem to move on to another username until the following day - no biggie
No biggie until they eventually hack into your account and get your password. Anyone that says this is no biggie is seriously underestimating what is going on and potentially willing to compromise their account and information here and elsewhere.

200.112.211.80
117.164.142.150

I had 2 attempts on my account at the same time today. (8:09am)

Do not underestimate or downplay this. One IP is from Columbia and another from China in my case.
Reply With Quote
  #199  
Old 10 Apr 2014, 17:04
JetLee JetLee is offline
 
Join Date: Mar 2012
Real name: Lee
I've had four attempts in the last few days.

117.164.49.220
117.163.197.94
117.164.132.11
174.140.166.54

What got me worrying is that someone also called my cell phone carrier trying to ascertain my home address. WTF? I've since put extra security measures in place with all utilities and banks as well as changing all forum passwords to something even more complicated than I was already using.
__________________
Buell Riders Online - Facebook
Reply With Quote
  #200  
Old 10 Apr 2014, 17:47
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Real name: Lynne
You've already had replies from Staff. This happens every couple of months. If you have a secure password, then you have nothing to worry about. I have not been told of one person who actually has had their account hacked through one of these attacks.
__________________
Former vBulletin.org Staff Member

Try a search before posting for help. Many users won't, and don't, help if the question has been answered several times before.
W3Schools -
Online vBulletin Manual
If I post some CSS and don't say where it goes, put it in the additional.css template.
I will NOT help via PM (you will be directed to post in the forums for help.)
Reply With Quote
  #201  
Old 10 Apr 2014, 18:30
Digital Jedi's Avatar
Digital Jedi Digital Jedi is offline
 
Join Date: Oct 2006
Real name: Mark Daniel Martinez
Originally Posted by X-or View Post
Does not mean nobody got hacked, just that nobody reported yet. I have looked in my user CP, there is a paypal email address field, maybe that's what the hackers are after. If they can get both a password and a paypal email address, it's potentially very dangerous. There is also the homepage field that can be potentially very dangerous. I recommend people to blank these fields if no measures are going to be taken.
As was mentioned multiple times, if your password is secure, you have nothing to worry about. You do realize that this happens on every account you have across the internet, right? Daily. It's just vBulletin has a built in notification process when it happens. Most places, you'd never know unless you have an awful password. Seriously, though. Knowing your PayPal email address is about as potentially dangerous as someone knowing your last name. Everyone we did business with already knows it.

We really have to stop this paranoia every time hacking bots randomly pick this site as a target. Everything that can be done on the administration end has been done. Now you have to secure your password, just like you would everywhere else on the web. I can't understand why this doesn't sink in.
__________________
Reply With Quote
  #202  
Old 10 Apr 2014, 18:39
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
 
Join Date: Jun 2008
Real name: Joe D.
Originally Posted by whitetigergrowl View Post
No biggie until they eventually hack into your account and get your password. Anyone that says this is no biggie is seriously underestimating what is going on and potentially willing to compromise their account and information here and elsewhere.

200.112.211.80
117.164.142.150

I had 2 attempts on my account at the same time today. (8:09am)

Do not underestimate or downplay this. One IP is from Columbia and another from China in my case.
If you have a secure password it would take hundreds of thousands or millions or more chances to brute force break your password. Even someone who got 50 emails only had 250 max unique passwords checked on their account. The chances of them getting it right are almost zero. If your password is even puppy1036 they are never going to get it with this attack.

They are looking for the extremely week passwords- such as-
password
123456
abcde
[your username]

etc...

Originally Posted by JetLee View Post
What got me worrying is that someone also called my cell phone carrier trying to ascertain my home address. WTF? I've since put extra security measures in place with all utilities and banks as well as changing all forum passwords to something even more complicated than I was already using.
I can assure you they are not related. This happens every few months around here- they are only looking for valid, licensed, accounts.
__________________
-Joe
Former vBulletin.org Staff Member

(@BirdOPrey5) Former vb.org Moderator. Fighting for a free & independent vb.org.
BirdOPrey5.com - Exclusive VB Mods! (Formerly Qapla.com) | Joe's Ultimate Off Topic
Note - I do not read my PMs often, do not expect quick replies.
Reply With Quote
  #203  
Old 10 Apr 2014, 18:42
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
 
Join Date: Jun 2008
Real name: Joe D.
Originally Posted by X-or View Post
Does not mean nobody got hacked, just that nobody reported yet. I have looked in my user CP, there is a paypal email address field, maybe that's what the hackers are after. If they can get both a password and a paypal email address, it's potentially very dangerous. There is also the homepage field that can be potentially very dangerous. I recommend people to blank these fields if no measures are going to be taken.
The paypal field is only of value to coders/designers who can receive donations from other members as thanks for their mods.

There is no risk so long as you don't have the same password for vbulletin.org and paypal.

My paypal email is: paypal@juot.net - I welcome any donations anyone wants to send - there is ZERO risk making this public.
__________________
-Joe
Former vBulletin.org Staff Member

(@BirdOPrey5) Former vb.org Moderator. Fighting for a free & independent vb.org.
BirdOPrey5.com - Exclusive VB Mods! (Formerly Qapla.com) | Joe's Ultimate Off Topic
Note - I do not read my PMs often, do not expect quick replies.
Reply With Quote
  #204  
Old 10 Apr 2014, 19:01
TNCclubman's Avatar
TNCclubman TNCclubman is offline
 
Join Date: Sep 2008
getting brute forced as well here getting notifications of wrong password.
Reply With Quote
  #205  
Old 10 Apr 2014, 19:02
whitetigergrowl whitetigergrowl is offline
 
Join Date: Jun 2004
It may happen every few months, but it doesn't make it any less serious. Maybe there is something the site can do to help prevent or minimize further attacks? I'm sure there are a number of things that can be done.

Vbulletin.org is the only site I have had this happen at. While its possible or likely it may have happened at others and I never knew about it, its still not reassuring IMO.

Or is it gonna take something catastrophic to happen and the damage done before its taken more seriously. Simply put this I don't think should be happening as often as it is to the point its affecting members here. Let alone to the point its making them jittery.

We don't know what they are after or what the true intention is. Having a good password may still not stop them. Its obvious they are looking for something. The question is if they get what they are looking for, is VB.org prepared to deal with the fallout and who will take responsibility for not trying to do more about it ahead of time when the chance was there?

This caught my attention. Downplaying it is not something I know I would be doing.
Reply With Quote
  #206  
Old 10 Apr 2014, 19:16
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
 
Join Date: Jun 2008
Real name: Joe D.
The only thing we will likely do at some point is stop having so many emails sent to the users since there is really nothing you can do about it.

We will monitor when these things happen but there isn't a whole lot anyone can do.

The fact these emails are generated frankly means the system is working.

vBulletin.org has no real sensitive data beyond forum holder email addresses- and as long as you use a unique password and a secure password there is no need to worry.
__________________
-Joe
Former vBulletin.org Staff Member

(@BirdOPrey5) Former vb.org Moderator. Fighting for a free & independent vb.org.
BirdOPrey5.com - Exclusive VB Mods! (Formerly Qapla.com) | Joe's Ultimate Off Topic
Note - I do not read my PMs often, do not expect quick replies.
Reply With Quote
  #207  
Old 10 Apr 2014, 20:16
HeloHi's Avatar
HeloHi HeloHi is offline
 
Join Date: Feb 2005
I just changed my password to something freakishly long and complex. I suggest others to do the same.
__________________
officer meow
Reply With Quote
  #208  
Old 10 Apr 2014, 20:19
owning_y0u owning_y0u is offline
 
Join Date: Dec 2008
Originally Posted by HeloHi View Post
I just changed my password to something freakishly long and complex. I suggest others to do the same.
32 chars FTW ;-)
Reply With Quote
  #209  
Old 10 Apr 2014, 21:14
Alan_SP's Avatar
Alan_SP Alan_SP is offline
 
Join Date: Nov 2009
Originally Posted by zackw View Post
The only email I might want is perhaps something that says that a successful login took place, from a different IP that my last login.
I have dynamic IP address. It's normal in my country.

Every time I login, I'm using different IP. This would mean I'd receive emails every time when I login.

On the other hand, something like this would mean a difference to people who wants to be extra safe.
Reply With Quote
  #210  
Old 10 Apr 2014, 21:28
RaiinbowEyes RaiinbowEyes is offline
 
Join Date: Jun 2011
Good to know I'm not alone, someone has been trying to hack my account with a proxy as well. How annoying >_< Guess it's time to change the PW to something ridiculous
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 00:10.

Layout Options | Width: Wide Color: