Announcement

Collapse
No announcement yet.

Brute Force attacks on vBulletin.org

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Brute Force attacks on vBulletin.org

    Hi guys I have an account on vbulletin.org, I keep getting email notifications saying somebody is trying to access my account and it has been locked for 15 minutes.

    The IP addresses where these attempts are coming from are very random. It's been going on for the last 20 minutes and my inbox is getting filled up.

    I'm afraid to log back onto the vbulletin.org site just in case it has been compromised and my password gets stolen.

    If anybody is in contact with the other site please inform them of this problem and get somebody to find a resolution to it asap.

    Cheers

  • #2
    I am also the same problem, vbulletin.org receive an email notification 40 multisection
    [ATTACH=CONFIG]temp_64550_1413220742153_785[/ATTACH]

    Comment


    • #3
      There are already a couple of threads about this over on vbulletin.org. This happens every few months. As far as I know, no one has ever successfully been hacked. If you have a strong password, you really have nothing to worry about.

      Please don't PM or VM me for support - I only help out in the threads.
      vBulletin Manual & vBulletin 4.0 Code Documentation (API)
      Want help modifying your vbulletin forum? Head on over to vbulletin.org
      If I post CSS and you don't know where it goes, throw it into the additional.css template.

      W3Schools <- awesome site for html/css help

      Comment


      • #4
        My guess is they are using bots to try the 50 most common passwords for example and hope they get lucky- they probably will, we know many people use simple passwords or their username as their password (luckily that was stopped in VB 3.8) - but when you have a site as large as vBulletin.org if you randomly try 100 people I bet a few have either "password" or 12345 as their password.

        There is no reason to fear logging in- they aren't going to get access to the database by trying to get user passwords- at worst they would use the accounts for spam or to download the mods without a license.

        Also, just because it says you are locked out for 15 minutes YOU personally are not. It only locks out the IP address, you (assuming you have a different IP) can log in at anytime.

        Comment


        • #5
          Originally posted by Joe D. View Post
          My guess is they are using bots to try the 50 most common passwords for example and hope they get lucky- they probably will, we know many people use simple passwords or their username as their password (luckily that was stopped in VB 3.8) - but when you have a site as large as vBulletin.org if you randomly try 100 people I bet a few have either "password" or 12345 as their password.

          There is no reason to fear logging in- they aren't going to get access to the database by trying to get user passwords- at worst they would use the accounts for spam or to download the mods without a license.

          Also, just because it says you are locked out for 15 minutes YOU personally are not. It only locks out the IP address, you (assuming you have a different IP) can log in at anytime.
          I always thought it didn't let you log in at all from any place. Not that it affects since I use "Remember Me?" and I don't log out when I'm done with my session, I just close the tab (or browser if I'm going to bed) and let it time me out.
          Former vBulletin user

          Comment


          • #6
            Originally posted by Joe D. View Post
            My guess is they are using bots to try the 50 most common passwords for example and hope they get lucky-
            They are using more than that.
            I have 46 warnings with different IP addresses. (have to use each of them 5 times to be locked out)
            (Found the last two emails in the spam folder, seems my email provider started to block vB.org.)


            vB5 is unequivocally the best forum software, but not yet...

            Comment


            • #7
              This is not relevant to vb.com, please post on vb.org. Thanks.
              Baby, I was born this way

              Comment

              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
              Working...
              X