Announcement

Collapse
No announcement yet.

Bot networks brute forcing forums - Locked accounts for 15min

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Bot networks brute forcing forums - Locked accounts for 15min

    Forgive me if this is old news, but it was new to me.

    As some people in this forum, and on the Internet have noted, there has been some attempts being made a guess passwords on vB forums.

    We also noted the same thing in our forums and posted some detail about it.

    However the problem appears to be more serious than we thought as it seems to be a bot network behind the attack, not just a single sad individual.

    After looking into our server logs we found that,

    1) We went from having about a dozen forum login attempts per day (before the attack) to having about 400 per day (during the current attack). So about 97% of all login attempts are hacker attempts.

    2) The attack is VERY wide spread. Over two days there were attempts to login from 244 unique IP addresses. So this is surely a automated attack from a zombie network.

    3) I could see certain IP addresses harvesting member names today from the member list in vB. These were not normal spiders as the user agent string was wrong.

    4) Many other forums on the web are being hit as well. Google showed people reporting similar problems on many forums.

    5) They appear to be trying to keep the login attempts below a certain level where it will remain mostly undetected (and not generate to many of the warning E-mails that some users are reporting).

    So people might want to black list the IP addresses in question and display the member list in vB.

  • #2
    Blocking all access to these bots is more effective that blocking IP addresses just in vB. So here is the list of bots to add to your .htaccess file.

    Of course all these IP addresses will probalby change over the next few weeks and different machines get added and removed from the zombie network. We think it is accurate as of today, but you might also want to check your own log files to confirm.

    order allow,deny
    deny from 70.86.138.114
    deny from 70.136.24.75
    deny from 72.233.34.186
    deny from 76.226.201.84
    deny from 67.82.251.154
    deny from 12.207.78.119
    deny from 121.190.149.35
    deny from 121.28.218.14
    deny from 121.30.120.45
    deny from 123.109.7.73
    deny from 123.200.35.142
    deny from 124.244.108.168
    deny from 151.23.141.72
    deny from 161.53.67.151
    deny from 165.166.60.77
    deny from 172.173.45.3
    deny from 189.5.44.27
    deny from 189.7.95.205
    deny from 190.32.178.41
    deny from 190.84.138.222
    deny from 192.117.105.247
    deny from 193.251.147.63
    deny from 195.190.178.140
    deny from 200.104.74.28
    deny from 200.114.209.26
    deny from 200.68.123.70
    deny from 200.82.62.213
    deny from 201.12.182.72
    deny from 201.13.149.63
    deny from 201.209.207.50
    deny from 201.212.83.188
    deny from 201.236.188.145
    deny from 201.253.255.73
    deny from 201.253.27.68
    deny from 201.255.232.97
    deny from 201.27.197.101
    deny from 201.27.71.13
    deny from 201.32.188.52
    deny from 201.81.252.143
    deny from 201.9.172.29
    deny from 201.92.235.148
    deny from 201.93.242.163
    deny from 202.59.157.87
    deny from 206.248.76.29
    deny from 210.56.20.125
    deny from 210.86.215.205
    deny from 211.177.164.208
    deny from 211.201.104.213
    deny from 211.226.197.120
    deny from 212.217.56.195
    deny from 212.40.252.49
    deny from 213.112.205.192
    deny from 213.220.231.89
    deny from 213.228.176.27
    deny from 213.47.109.175
    deny from 213.47.249.75
    deny from 213.60.104.92
    deny from 216.211.185.37
    deny from 217.129.154.246
    deny from 217.129.219.114
    deny from 217.132.29.230
    deny from 217.132.86.150
    deny from 217.175.148.131
    deny from 217.216.162.194
    deny from 217.233.95.52
    deny from 217.249.51.73
    deny from 217.77.217.184
    deny from 221.124.128.116
    deny from 221.140.114.232
    deny from 221.235.237.226
    deny from 221.245.89.149
    deny from 222.137.200.18
    deny from 222.223.140.226
    deny from 222.250.49.39
    deny from 222.93.173.10
    deny from 24.176.222.39
    deny from 24.222.239.98
    deny from 24.232.150.211
    deny from 41.249.4.137
    deny from 58.111.70.133
    deny from 59.112.164.175
    deny from 59.161.103.101
    deny from 59.23.39.239
    deny from 59.86.133.68
    deny from 59.93.53.156
    deny from 60.172.51.205
    deny from 60.243.9.57
    deny from 60.254.25.251
    deny from 60.26.251.133
    deny from 61.11.122.231
    deny from 61.157.88.90
    deny from 61.18.170.110
    deny from 61.33.66.119
    deny from 62.162.172.60
    deny from 62.56.130.135
    deny from 62.57.11.166
    deny from 62.57.95.143
    deny from 67.165.28.151
    deny from 67.83.170.174
    deny from 68.98.100.220
    deny from 69.114.217.184
    deny from 69.182.199.44
    deny from 69.209.227.181
    deny from 69.226.46.126
    deny from 70.244.60.98
    deny from 71.197.44.226
    deny from 71.197.97.12
    deny from 72.128.196.150
    deny from 74.192.236.135
    deny from 76.226.201.84
    deny from 76.98.20.85
    deny from 77.216.166.7
    deny from 77.250.36.61
    deny from 79.1.245.125
    deny from 79.12.130.94
    deny from 79.2.217.25
    deny from 79.9.206.240
    deny from 80.119.239.193
    deny from 80.236.60.208
    deny from 80.38.10.7
    deny from 80.38.26.64
    deny from 80.39.243.172
    deny from 80.52.238.18
    deny from 81.13.218.193
    deny from 81.198.135.201
    deny from 81.202.137.97
    deny from 81.203.4.58
    deny from 81.220.198.163
    deny from 81.220.50.233
    deny from 81.33.1.189
    deny from 81.35.122.133
    deny from 81.84.210.52
    deny from 81.9.165.89
    deny from 82.131.49.11
    deny from 82.155.163.148
    deny from 82.158.47.178
    deny from 82.158.65.45
    deny from 82.159.239.176
    deny from 82.159.73.68
    deny from 82.166.64.172
    deny from 82.198.53.7
    deny from 82.21.139.145
    deny from 82.212.19.45
    deny from 82.224.125.137
    deny from 82.224.139.106
    deny from 82.235.228.157
    deny from 82.237.63.15
    deny from 82.246.254.52
    deny from 82.53.128.110
    allow from all

    Comment

    widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
    Working...
    X