Hey I just got an Auto-Email telling me that my account had been locked out. It looks like someone is trying to hack into my account. I was just wondering if anyone else has had this happen recently.

The IP address that is trying to access my account is: 74.53.243.34 which resolves to theplanet.com a webhosting company.

Same thing here - my account locked after 5 failed attempts as well. Source IP was 74.53.243.34

Same thing.... Same IP

I have blocked that ip address from accessing the server.

Please email me the ip address if this happens to you.

I have contacted the ISP for the reported IP address so hopefully they will look further into it on their end.

I just received this too:



Your account on Ext JS Forums has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 74.53.243.34


My password is too weird to guess!

Animal what is the time on that email?

Ok I have just added that ip address to the drop rules of the firewall, which wont allow him in any more with that ip address.

Animal what is the time on that email?

The date header in the source looks like this:

Date: 8 Aug 2007 07:29:15 -0500

I have contacted the ISP for the reported IP address so hopefully they will look further into it on their end.

Those folks rarely do. :-\

zero c00l is coming to get you!
http://www.impossiblefunky.com/images/archives/issue_9/hack1.jpg

on a side note, i got one of these msgs from the parallels forum.



Dear djliquidice,

Your account on Parallels Support Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 74.53.243.34

Don't forget that the password is case sensitive. Forgotten your password? Use the link below:
http://forum.parallels.com/login.php?do=lostpw

All the best,
Parallels Support Forum

Yeah, Parallels seems to be having the same issue (I got the same email also). Wonder if someone is targeting vBulletin forums.

there are always folks trying to hack vb and other forums to post spam and/or hijack the intarweb. ;)

There is an updated for the forums that fixed some XSS stuff and a few other things. Will will test it out on my test board tonight so i know what i need to update when i post it to the live forums sometime this weekend

Not that there is anything related with these.

something that might help... remove the

That will do little to nothing. Any experienced automations person will grab the javascript, login forms, etc. There are many places they can test to see if it's a VB install or not.

true any "experienced" automations person would find it, still the vast majority of attacks are not done by experienced people. and even if they were and you have a fully patched system an experienced hacker most likely would have undisclosed vulnerabilities to attack the system with...

We could argue about it... but i was only attempting to make a suggestion. similar to the quick fix of changing the default port for ssh which would not stop all attacks but does greatly reduce the numbers of attacks... obviously it's not a perfect or elegant solution but again it's just a quick fix until the site is patched.

but hell do what you will :) not a big deal to me

We can not remove the vBulletin copyright as we did not pay for that option when we bought the software and even if we did it's not that hard to figure out which board you are using.

wow, i can't believe you have to pay for that. :-\

glad i don't have to pay to get my nissan emblem off of my car. ;)