Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #136  
Old 12 Jun 2013, 18:37
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
They only need to get one successful attack.

Gathering the target usernames isn't necessarily happening at the same time the attacks are. In fact, were I doing this I would gather names over at least a week's period, entering them into the brute force cracking software, getting some thousands accumulated before launching the actual attack.
Reply With Quote
  #137  
Old 12 Jun 2013, 18:46
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
 
Join Date: Jun 2008
Real name: Joe D.
Originally Posted by Max Taxable View Post
I've never been hit by this here at vB dot org. And I am wondering if it's because I run "invisible." The brute force attacks might or might not be random - they might be getting active accounts to target from the bottom of the main forum page, the aggregate "what's going on" area.

Just a theory.
You haven't been hit because they always go in alphabetical order and they'be always stopped before M in the past.
__________________
-Joe
Former vBulletin.org Staff Member

(@BirdOPrey5) Former vb.org Moderator. Fighting for a free & independent vb.org.
BirdOPrey5.com - Exclusive VB Mods! (Formerly Qapla.com) | Joe's Ultimate Off Topic
Note - I do not read my PMs often, do not expect quick replies.
Reply With Quote
  #138  
Old 12 Jun 2013, 18:47
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Originally Posted by BirdOPrey5 View Post
You haven't been hit because they always go in alphabetical order and they'be always stopped before M in the past.
Are they hitting nonexistant accounts, or are they choosing correct names from 'who's online?"

They may have gone further than the letter M, at least one time:

http://www.vbulletin.org/forum/showp...1&postcount=83
Reply With Quote
  #139  
Old 12 Jun 2013, 18:53
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
 
Join Date: Jun 2008
Real name: Joe D.
They are hitting people who haven't logged in for 7 years... so it's not who's online. It was either a copy of the member's list (made before the attack) or a spider that just crawled the site and captured all the usernames. They would need to sort them anyway to prevent duplicates so it makes sense they are in alphabetical order.

They seem to have skipped accounts that start with a special character, like !username, so I'm not convinced they used the member's list as those names are on top.
__________________
-Joe
Former vBulletin.org Staff Member

(@BirdOPrey5) Former vb.org Moderator. Fighting for a free & independent vb.org.
BirdOPrey5.com - Exclusive VB Mods! (Formerly Qapla.com) | Joe's Ultimate Off Topic
Note - I do not read my PMs often, do not expect quick replies.
Reply With Quote
  #140  
Old 12 Jun 2013, 18:55
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Originally Posted by BirdOPrey5 View Post
They are hitting people who haven't logged in for 7 years... so it's not who's online. It was either a copy of the member's list (made before the attack) or a spider that just crawled the site and captured all the usernames. They would need to sort them anyway to prevent duplicates so it makes sense they are in alphabetical order.

They seem to have slipped accounts that start with a special character, like !username, so I'm not convinced they used the member's list as those names are on top.
And of course, they don't have a common item in their UA string, like Brutus for example, leaves.

Makes it really difficult to block or inhibit.
Reply With Quote
  #141  
Old 12 Jun 2013, 18:58
LeventX's Avatar
LeventX LeventX is offline
 
Join Date: Dec 2010
Real name: Levent
Originally Posted by Lynne View Post
They did this last year also - Yesterday's brute force attempts at password hacking

Please make sure you do not use your username as your password.

Thank You
__________________
bilgisayar forum
Reply With Quote
  #142  
Old 12 Jun 2013, 20:35
LaBella's Avatar
LaBella LaBella is offline
 
Join Date: Sep 2007
Real name: Ron
Wink

Originally Posted by BirdOPrey5 View Post
They are hitting people who haven't logged in for 7 years... so it's not who's online. It was either a copy of the member's list (made before the attack) or a spider that just crawled the site and captured all the usernames. They would need to sort them anyway to prevent duplicates so it makes sense they are in alphabetical order.

They seem to have skipped accounts that start with a special character, like !username, so I'm not convinced they used the member's list as those names are on top.
I have certainly logged in more recently than 7 years??!
__________________
JerzeeDevil Forums
Reply With Quote
  #143  
Old 12 Jun 2013, 20:50
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Real name: Lynne
He was simply saying they they are hitting those people who haven't logged in for 7 years.... along with those of us who logged in today.
__________________
Former vBulletin.org Staff Member

Try a search before posting for help. Many users won't, and don't, help if the question has been answered several times before.
W3Schools -
Online vBulletin Manual
If I post some CSS and don't say where it goes, put it in the additional.css template.
I will NOT help via PM (you will be directed to post in the forums for help.)
Reply With Quote
  #144  
Old 13 Jun 2013, 04:55
Ladybbird Ladybbird is offline
 
Join Date: Sep 2011
Thumbs up Thank YOU for Stopping the Hackers!-More Info

I see many of your members have experienced the same problems as I have had, and continue to do so. Your service responded quickly and stopped the hackers and advised me by many emails.

I dont have time to research and give your members all the IP addies that attempted to hack our accounts, but here are a few details to help you guys

Dear Ladybbird,
Your account on vBulletin.org Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times.


Some of the people trying to log into my account had the following IP addresses:

84.22.28.242 - Bulgaria

78.130.136.18 - Bulgaria

194.141.252.102 - Bulgaria

2.133.92.138 - Kazakhstan

211.161.152.108 - China

72.29.4.111 - New Zealand

118.195.65.247 - China

58.252.56.148 - China

202.182.50.130 - Indonesia

Hope this helps in some way, and thank you vBe Forum for stopping the hackers.
Reply With Quote
  #145  
Old 13 Jun 2013, 13:40
CableSux CableSux is offline
 
Join Date: Jul 2008
Originally Posted by BirdOPrey5 View Post
Just delete the emails and don't worry about it.

Make sure you have a decently secure password. Make sure your password is not your username or 12345 or the word "password" or anything else very common.

Even if it is just lol#101 the chances they figure that out in 10, or 100, or even 500 chances is near zero.
Perhaps you should add these suggestions to the e-mail template so the forum isn't inundated with posts with IPs and asking what to do? Just a thought.
Reply With Quote
  #146  
Old 13 Jun 2013, 16:32
Amaury Amaury is offline
 
Join Date: Nov 2011
Real name: Amaury
Originally Posted by Max Taxable View Post
We don't know how long they keep us showing online though, and we also don't know when the brute force attackers are gathering their target lists. Could be minutes, hours, days? Between gathering the info and launching the attacks.

I only know I have never been targeted and also have never run visible here.
Session Timeout is set to 30 minutes here.
__________________
I am a former vBulletin user and am no longer regularly active here.

KH-Flare moved to XenForo on January 1, 2014.
Reply With Quote
  #147  
Old 13 Jun 2013, 17:02
K4GAP K4GAP is offline
 
Join Date: Mar 2008
[quote=BirdOPrey5;2314376]I also am getting the lockout notice. Good thing I never log out***** snipped


What setting do I need to have so that I'm never logged out while my site is open in my browser?

--------------- Added 13 Jun 2013 at 17:05 ---------------

One thing I've done is to limit anyone from accessing my site if they are not within the time zones I have selected.
__________________

Reply With Quote
  #148  
Old 29 Jan 2014, 22:45
slinky slinky is offline
 
Join Date: Dec 2001
And they are hitting me. I wonder how many others are being hit. Remember - change all your passwords everywhere since the people trying to hack in here may be trying to use the passwords that they got from the vBulletin database a few months ago.
Reply With Quote
  #149  
Old 30 Jan 2014, 00:13
jake73 jake73 is offline
 
Join Date: Dec 2010
Yeah... Just got hit, too.
Reply With Quote
  #150  
Old 30 Jan 2014, 05:55
thomas thomas is offline
 
Join Date: Mar 2002
Got seven such notifications today.
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 08:25.

Layout Options | Width: Wide Color: