Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #226  
Old 11 Apr 2014, 03:19
nochkin nochkin is offline
 
Join Date: May 2008
Just found this thread after I got about 10+ emails saying my account was locked out.
All IPs are different and from all other the world, so looks like some kind of botnet.

I originally thought... No... My precious myself thought this attack is directed to me only, but after finding this thread I realized that I'm no special. Good.
So it seems like this is just a silly bruteforce to get a hold for some forum accounts to post spam, etc.
Nothing special, no mystery, no hidden kittens. Oh, well.
Reply With Quote
  #227  
Old 11 Apr 2014, 03:33
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Originally Posted by SyrLinus View Post
Add 117.164.9.166 as they tried again tonight. I will be glad when this OpenSSL issue is addressed.
That's completely unrelated to this and is also not a vbulletin issue. The heartbleed exploit is not a brute force password cracker.

If you're concerned about site vulnerability to the heartbleed SSL issue, test it here.
Reply With Quote
  #228  
Old 11 Apr 2014, 03:34
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Originally Posted by Mr.Windows View Post
Is there a way to just delete my account? I no longer participate in the VB community and would rather just remove this vector of internet from attachment to me.
Remove your email address from the account via UserCP, then log out.
Reply With Quote
  #229  
Old 11 Apr 2014, 06:29
30022 30022 is offline
 
Join Date: Apr 2010
Same

Dear 30022,

Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 117.165.180.90
Reply With Quote
  #230  
Old 11 Apr 2014, 06:58
Kyo-dono Kyo-dono is offline
 
Join Date: Jun 2010
Same here:

Dear Kyo-dono,

Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 194.126.181.47
The person trying to log into your account had the following IP address: 183.238.133.43
The person trying to log into your account had the following IP address: 212.247.140.71
Reply With Quote
  #231  
Old 11 Apr 2014, 07:02
Brandon Sheley's Avatar
Brandon Sheley Brandon Sheley is offline
 
Join Date: Mar 2005
Real name: Brandon
got this message the other day, then just now as well..

The person trying to log into your account had the following IP address: 223.84.180.232

I deleted the other email, so no idea what the proxy ip was.. not that it really matters
__________________

Email me for website help: brandon[at]sheley[dot]org
Reply With Quote
  #232  
Old 11 Apr 2014, 09:11
teou teou is offline
 
Join Date: May 2008
Several more ips from today:
119.46.203.37
183.221.174.3
117.172.66.7

Originally Posted by ANGLICO View Post
I would like to be able to block IP addresses that appear to originate from certain countries from trying to log into my account. Is there a way to do that? Perhaps an easier option would be to PERMIT only an IP address originating in the USA to log into my account.

Ideas?

Belay the previous, I just saw this:
I have researched this matter 1-2 years ago. There are such geo-ip apache modules - you need root access to your server to install it. But it is reasonable to do only for very localized non-english language forums. Not to mention that this approach gives false positives or negatives sometimes.

Originally Posted by zackw View Post
I think the solution is simple, the forum should just stop sending these emails. Clearly, if the block is only IP based, then it doesn't affect your own login attempts, and since no harm is done, your account was always safe.

The only email I might want is perhaps something that says that a successful login took place, from a different IP that my last login.

All I need to know is if someone is changing my password or changing my email or even if they have logged in from an IP not normal for me. This could alert me to a compromised account.

These emails about lockouts don't seem to serve any purpose if the intention is NOT to block every single IP that comes through. I personally can't do jack with the emails, it's not like I can come here and do IP blocks myself. So this may be a case of TMI. Just stop emailing people about failed login attempts.

Is that hard?
99% of the ordinary users in the world, esp. in the "post ip v4" era when there is shortage and recycling of IP blocks, are using DYNAMIC addresses. So, unless this is made as an option in the User Control Panel that can be turned off, this is not very clever solution.

Originally Posted by Digital Jedi View Post
As was mentioned multiple times, if your password is secure, you have nothing to worry about. You do realize that this happens on every account you have across the internet, right? Daily. It's just vBulletin has a built in notification process when it happens. Most places, you'd never know unless you have an awful password. Seriously, though. Knowing your PayPal email address is about as potentially dangerous as someone knowing your last name. Everyone we did business with already knows it.

We really have to stop this paranoia every time hacking bots randomly pick this site as a target. Everything that can be done on the administration end has been done. Now you have to secure your password, just like you would everywhere else on the web. I can't understand why this doesn't sink in.
I agree it is not really dangerous, but it is just very annoying. VB Staff should just turn off these emails - can't be that hard.

Originally Posted by VargTimmen View Post
I am also affected. Changed my password. Maybe this is caused through the heartbleed case?
This has nothing to do with it.

Originally Posted by Lynne View Post
You guys who say this only happens on vbulletin.org - do you ever check your server access logs? I'm not talking about the apache access_logs, but the ones that show when someone tries to brute force your server. This, at vbulletin.org, is nothing compared to that!
That is true. I am administering also a PHPBB3 forum - on a very micro forum (read less than 10 K posts) i get around 10-20 such bruteforce attempts per day on average. Initially i was annoyed at the PHPBB guys, because these were not logged, not autobanned, there in no notification and these are stored in a temporary SQL table that gets auto-cleared. But after i looked at how many times these attacks happen i saw this was the right decision, otherwise the logs on the server will get HUGE.
Here is how it looks in mysql right now:


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.


The conclusion: VB Staff, please disable email spam, thank you.
Reply With Quote
  #233  
Old 11 Apr 2014, 10:16
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
 
Join Date: Jun 2008
Real name: Joe D.
Originally Posted by Mr.Windows View Post
Is there a way to just delete my account? I no longer participate in the VB community and would rather just remove this vector of internet from attachment to me.
In the future I hope we can make some changes to stop sending these emails to customers and instead send them to a local email address where network admins can keep an eye out. However- with the nature of the way things work here- it won't come soon enough to stop this attack, only hope it won't happen again in the future.

Originally Posted by SyrLinus View Post
Add 117.164.9.166 as they tried again tonight. I will be glad when this OpenSSL issue is addressed.
Not an OpenSSL issue. Completely unrelated- vBulletin.org doesn't use SSL. Even if it did, a brute force attack isn't a symptom of the OpenSSL issue- they would already have the sensitive data, they wouldn't be trying to figure it out.

Originally Posted by sb225 View Post
I am too getting a lot of emails from the past, that some one is trying to loginto my account, can you keep my account in safe place.
As long as you have a decently secure password you are safe. Make sure all websites, especially vBulletin.org has a secure (complex/long) and unique password. The unique part being perhaps the most importing. With a unique password the absolute worst thing a hacker could do is post as you- which isn't high on the severity meter.

Originally Posted by teou View Post
c
The conclusion: VB Staff, please disable email spam, thank you.
We hear you and will do something as soon as we can, but it won't be today unfortunately.
__________________
-Joe
Former vBulletin.org Staff Member

(@BirdOPrey5) Former vb.org Moderator. Fighting for a free & independent vb.org.
BirdOPrey5.com - Exclusive VB Mods! (Formerly Qapla.com) | Joe's Ultimate Off Topic
Note - I do not read my PMs often, do not expect quick replies.
Reply With Quote
  #234  
Old 11 Apr 2014, 10:40
AdrianH AdrianH is offline
 
Join Date: Sep 2007
Joe, I would think long and hard about turning off the warnings.

All that will happen is on the next attack , staff and the forum will be swamped with people whining that their account was locked, that they couldn't get mods, that nobody warned them, and they should have been told that someone was attempting to access their account.

Been there, done it .......... you can't win.

As forum admins the members here should know what the emails mean, after all their own forums do exactly the same when the Bots are active.
Reply With Quote
  #235  
Old 11 Apr 2014, 10:51
Lightly_Toasted Lightly_Toasted is offline
 
Join Date: Mar 2013
Very irritating... 5 emails concerning this in less than a minute.
__________________
Server Administrator
Forum Administrator TreatingYourself.ORG Current VB version: 4.2.1
Website Development
Reply With Quote
  #236  
Old 11 Apr 2014, 11:29
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
 
Join Date: Jun 2008
Real name: Joe D.
Originally Posted by AdrianH View Post
All that will happen is on the next attack , staff and the forum will be swamped with people whining that their account was locked,
No one is locked out. Even when they get the emails, they aren't locked out. The lock only applies to the IP address causing the problem, so unless their own computer is part of the attack they can always access their account.
__________________
-Joe
Former vBulletin.org Staff Member

(@BirdOPrey5) Former vb.org Moderator. Fighting for a free & independent vb.org.
BirdOPrey5.com - Exclusive VB Mods! (Formerly Qapla.com) | Joe's Ultimate Off Topic
Note - I do not read my PMs often, do not expect quick replies.
Reply With Quote
  #237  
Old 11 Apr 2014, 11:37
smacklan's Avatar
smacklan smacklan is offline
 
Join Date: Mar 2005
Real name: John
Got an email about the account lock myself yesterday. IP was 80.80.209.186 (Uzbekistan). First time I've logged in here in a very long time...last time was to change my password from the last big security flaw in vB.
Reply With Quote
  #238  
Old 11 Apr 2014, 12:00
JeansJoe JeansJoe is offline
 
Join Date: Sep 2009
I got around 20 of these emails. 10 yesterday 10 today in my inbox.
I switched Passwords just to be safe.

It's a lot of different IP's tho.
Could this be a DDoS?
Reply With Quote
  #239  
Old 11 Apr 2014, 12:24
HawkeBoE HawkeBoE is offline
 
Join Date: Mar 2012
Same here, got lots of lockout mails with different IPs.
Because of timedifference my phone made me crazy last night... & had to turn of nortifications for mail receive
Reply With Quote
  #240  
Old 11 Apr 2014, 13:45
lgnd's Avatar
lgnd lgnd is offline
 
Join Date: Jun 2007
I got 5 emails in two days also changed my pw is there anything else I can do to prevent this? Thanks!
__________________
Honda Legend Club Hungary
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 10:29.

Layout Options | Width: Wide Color: