• The site migration is complete! Hopefully everything transferred properly from the multiple decades old software we were using before. If you notice any issues please let me know, thanks! Also, I'm still working on things like chatbox, etc so hopefully those will be working in the next week or two.

Attempted account breach

harner

harner

New member
Just got this email. I highly recommend blocking the IP in vBulletin. I rarely frequent the forum mind have no other breach attempts. I have a degree in Cyber Security and tend to take this stuff seriously. The IP resolves to a Thai login website for streaming.

Email:

Dear harner,

Someone has tried to log into your account on Pontiac Grand Prix Forums : Grandprix with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes.

The person trying to log into your account had the following IP address: 183.89.155.127

All the best,
Pontiac Grand Prix Forums : Grandprix
 


Haha so I'm not alone. Admins- is the forum software up to date? Sounds like this community has/is being targeted. Feel free to PM me if you'd like an extra set of hands on the matter.

I don't own a W body anymore but the community helped me in the past. I don't mind helping back.
 
I have made this a topic on our part, hopefully we can discuss this soon and try and figure something out.

Maybe an admin will contact you with further questions, seeing how you understand what is happing and how this IP stuff works.
 
that IP address isn't registered to any user currently.

beyond that i don't think there's a whole lot i can do..
 


I got same email few weeks ago. Did a reverse ip search.and.it was an.ip in china. I just figured.china was teying.to.get intell on.how.to.build a sweet as car :)
 
Bio248 said:
that IP address isn't registered to any user currently.

beyond that i don't think there's a whole lot i can do..
Click to expand...

Last time I checked, you can block a range of IP's from accessing vB. I would start there. How many members here access the site from China or Asia?
 
I've had a few of these messages over the past few days, for multiple boards that I am on..... the spam bots have been busy!
 
harner said:
Last time I checked, you can block a range of IP's from accessing vB. I would start there. How many members here access the site from China or Asia?
Click to expand...

Doesn't make a difference. A VPN would take care of that. I could turn mine on now and be in China or wherever lol
 
HighOctaneRacing said:
Doesn't make a difference. A VPN would take care of that. I could turn mine on now and be in China or wherever lol
Click to expand...

Oh, but it does matter. Every little bit of security in place helps. A VPN would work, but a couple proxied jumps would be more effective. Besides, this attempted breach came from China. Block off China and other IP blocks found from known hackers in other parts of the world is step 1.

Hint to get started: http://www.parkansky.com/china.htm
 


Last time I played with vB was 2010ish. You may need to do it through the .htaccess file. Google should turn up some useful results.
 
There is only one small problem with blocking IPs, it takes 2 seconds to bypass.... Log in with TOR and done, no more IP Ban... IP's can change whenever you want em to if you know what you are doing.... Blocking them will just be chasing your own tail, have a secure password and you'll be fine.
 
I'm not saying to block an IP address, but rather a range or ranges. Yes an IP is easy to get around. But blocking known ranges is start, not the answer. Not much you can do with a hosted solution besides locking down the software.
 
You must log in or register to reply here.
Back
Top