Brute Force attacks on vBulletin.org

**anwar513** · Mon 10 Jun '13, 6:39am

I am also the same problem, vbulletin.org receive an email notification 40 multisection

**Lynne** · Mon 10 Jun '13, 9:00am

There are already a couple of threads about this over on vbulletin.org. This happens every few months. As far as I know, no one has ever successfully been hacked. If you have a strong password, you really have nothing to worry about.

**BirdOPrey5** · Mon 10 Jun '13, 1:14pm

My guess is they are using bots to try the 50 most common passwords for example and hope they get lucky- they probably will, we know many people use simple passwords or their username as their password (luckily that was stopped in VB 3.8) - but when you have a site as large as vBulletin.org if you randomly try 100 people I bet a few have either "password" or 12345 as their password.

There is no reason to fear logging in- they aren't going to get access to the database by trying to get user passwords- at worst they would use the accounts for spam or to download the mods without a license.

Also, just because it says you are locked out for 15 minutes YOU personally are not. It only locks out the IP address, you (assuming you have a different IP) can log in at anytime.

**Amaury** · Mon 10 Jun '13, 1:48pm

Originally posted by Joe D.

My guess is they are using bots to try the 50 most common passwords for example and hope they get lucky- they probably will, we know many people use simple passwords or their username as their password (luckily that was stopped in VB 3.8) - but when you have a site as large as vBulletin.org if you randomly try 100 people I bet a few have either "password" or 12345 as their password.

There is no reason to fear logging in- they aren't going to get access to the database by trying to get user passwords- at worst they would use the accounts for spam or to download the mods without a license.

Also, just because it says you are locked out for 15 minutes YOU personally are not. It only locks out the IP address, you (assuming you have a different IP) can log in at anytime.

I always thought it didn't let you log in at all from any place. Not that it affects since I use "Remember Me?" and I don't log out when I'm done with my session, I just close the tab (or browser if I'm going to bed) and let it time me out.

**beishe8** · Mon 10 Jun '13, 1:51pm

Originally posted by Joe D.

My guess is they are using bots to try the 50 most common passwords for example and hope they get lucky-

They are using more than that.
I have 46 warnings with different IP addresses. (have to use each of them 5 times to be locked out)
(Found the last two emails in the spam folder, seems my email provider started to block vB.org.)

**Paul M** · Mon 10 Jun '13, 5:57pm

This is not relevant to vb.com, please post on vb.org. Thanks.

Brute Force attacks on vBulletin.org

Brute Force attacks on vBulletin.org

Comment

Comment

Comment

Comment

Comment

Comment