Cracking / Hacking Bots

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • logicola
    Member
    • Sep 2006
    • 49
    #1

    Cracking / Hacking Bots

    There have been some hacking bots recently targeting at accounts with weak vbulletin passwords. I got one from musicat(dot)com, ip ranging from 212.143.129.000 - 212.143.129.255

    It keeps logging in our user accounts and changes its IP after 5 times login failure. and spammed the forum with PM flood via hacked user accounts with weak passwords.

    Although the whole IP ranges have been banned, I have no idea how to prevent this in the future.
    Tags: None
    • Steve Machol
      Former Customer Support Manager
      • Jul 2000
      • 154499
      • 5.7.5
      #2
      Other than banning that IP range and using Captcha or Q&A, there is not much more you can do.
      Steve Machol, Founder of the OptiBoard Discussion Forums for Eyecare Professionals

      Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.

        Comment

        • logicola
          Member
          • Sep 2006
          • 49
          #3
          No.. It didn't register a new account. The bot simply hacks old accounts with weak passwords.

          I think vBullleitn can do something.. such as AJAXly force strong password in the registration page.

            Comment

            • Zachery
              Former vBulletin Support
              • Jul 2002
              • 59097
              #4
              Originally posted by logicola
              No.. It didn't register a new account. The bot simply hacks old accounts with weak passwords.

              I think vBullleitn can do something.. such as AJAXly force strong password in the registration page.
              ajax has nothing to do with making passwords more secure (except show them on that page)

                Comment

                • Nick
                  Senior Member
                  • Feb 2008
                  • 3507
                  • 3.8.x
                  #5
                  Originally posted by Zachery
                  ajax has nothing to do with making passwords more secure (except show them on that page)
                  I think he means a way to display (via AJAX) if the password is strong or not.
                  You know how sometimes on sites when you register, there is a little meter that fluctuates as you choose a password?
                  I think that's what he means
                  Regards,
                  Nick

                    Comment

                    • j3ph
                      New Member
                      • Jul 2005
                      • 16
                      • 3.0.8
                      #6
                      Failed Login Notification on "My Forum" multiple times

                      Originally posted by My forum
                      Someone has tried to log into your account ... with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes.

                      The person trying to log into your account had the following IP address: 58.65.232.113
                      I have gotten 11 of these since Jul 8, 2008. What concerns me is that it's the same IP over and over, and it's targeting the admin. I'm not worried that it will succeed, but I would love to ban that IP from even attempting to login.

                      There are no account creation attempts, just admin logins; I'm using Q&A...any suggestions? It is a bit disconcerting....

                        Comment

                        • Andy Huang
                          Senior Member
                          • Feb 2004
                          • 4602
                          #7
                          Add this bit to your .htaccess (if you're on an Apache server):
                          Code:
                          order allow,deny
allow from all
deny from 58.65.232.113
                          You can add more deny from xxxx after the deny from line I've listed for you if you need to ban more IP addresses.

                          This will disallow them to view your site all together (let along attempt to log in).
                          Best Regards,
                          Andy Huang

                            Comment

                            • j3ph
                              New Member
                              • Jul 2005
                              • 16
                              • 3.0.8
                              #8
                              Excellent! Just what I needed. Thank you....

                                Comment

                                Previous template Next
                                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                                Working...