Hi all,

 

This is just a quick notice to make sure everyone has a very secure password for this site.

 

It has came to our attention that the site is currently under some sort of cyber attack and that the attackers are attempting to change user passwords after viewing user profiles.

 

I must stress that security is key and the last thing we want is your account getting hacked by some 15 year old :censored: sitting in china.

 

I'm going to keep an eye on the site for the next 30 mins or so but if anyone suspects hacked accounts or suspicious activity please reports it to either a mod or to a committee member asap.

 

Thanks

 

Lee

Hi all,

 

This is just a quick notice to make sure everyone has a very secure password for this site.

 

It has came to our attention that the site is currently under some sort of cyber attack and that the attackers are attempting to change user passwords after viewing user profiles.

 

I must stress that security is key and the last thing we want is your account getting hacked by some 15 year old :censored: sitting in china.

 

I'm going to keep an eye on the site for the next 30 mins or so but if anyone suspects hacked accounts or suspicious activity please reports it to either a mod or to a committee member asap.

 

Thanks

 

Lee

 

How would they even be-able to view the account profiles without an activate account on the forum mate, look in the users on the admin site of things and see what the ip address is which is attacking the site and block it, or block the range.

If you look at the active users we have over 100 guests viewing profiles and trying to change passwords !

 

All from the same IP range, i dont have admin privledges to block a range so until an admin can do that best keep an eye out.

Pm me the ip address mate and i will see what i can do.

Murt have a look at the currently active users at the bottom of the bulletin board and page 2 on wards you will see the IP addresses

Murt have a look at the currently active users at the bottom of the bulletin board and page 2 on wards you will see the IP addresses

 

Only Mods/Admins do matey, i have sent Jaikai alot of info, i hope it helps

Ok All the IP's are 180.76. 5 throughout a range here is a copy of one page

 

 

 

 

 

Page 2 of 5

Reload this Page 24 members and 89 guests

Most users ever online was 197, 6th September 2011 at 16:55.

Last Activity User Name Reverse Sort Order Location IP Address Instant Messaging

00:19 Guest

/forum/index.php? Viewing Index

300zx.co.uk Club Bulletin Board

 

180.76.5.23

 

00:37 Guest

/forum/faq.php? Viewing FAQ

 

180.76.5.111

 

00:37 Guest

/forum/faq.php? Viewing FAQ

 

180.76.5.64

 

00:33 Guest

/forum/faq.php? Viewing FAQ

 

180.76.5.187

 

00:39 Guest

Viewing 'No Permission' Message /forum/member.php?u=17572 Viewing User Profile

sorge

 

180.76.5.137

 

00:36 Guest

Viewing 'No Permission' Message /forum/member.php?u=1849 Viewing User Profile

jonnyz32

 

180.76.5.56

 

00:19 Guest

Viewing 'No Permission' Message /forum/member.php?u=11122 Viewing User Profile

foster_300zx

 

180.76.5.158

 

00:39 Guest

/forum/faq.php? Viewing FAQ

 

180.76.5.196

 

00:30 Guest

/forum/faq.php? Viewing FAQ

 

180.76.5.97

 

00:38 Guest

/forum/faq.php? Viewing FAQ

 

180.76.5.59

 

00:31 Guest

/forum/faq.php? Viewing FAQ

 

180.76.5.61

 

00:38 Guest

Viewing 'No Permission' Message /forum/member.php?u=644 Viewing User Profile

Paul C

 

180.76.5.157

 

00:35 Guest

Viewing 'No Permission' Message /forum/member.php?u=119 Viewing User Profile

Smithy

 

180.76.5.51

 

00:16 Guest

Viewing 'No Permission' Message /forum/member.php?u=12794 Viewing User Profile

Remus

 

180.76.5.144

 

00:14 Guest

Viewing 'No Permission' Message /forum/member.php?u=3384 Viewing User Profile

hellraiser

 

180.76.5.96

 

00:27 Guest

Viewing 'No Permission' Message /forum/member.php?u=555 Viewing User Profile

Markyb300

 

180.76.5.20

 

00:28 Guest

Viewing 'No Permission' Message /forum/member.php?u=4458 Viewing User Profile

PhilP

 

180.76.5.88

 

00:36 Guest

/forum/faq.php? Viewing FAQ

 

180.76.5.14

 

00:17 Guest

/forum/index.php? Viewing Index

300zx.co.uk Club Bulletin Board

 

180.76.5.62

 

00:29 Yahoo! Slurp Spider

Viewing 'No Permission' Message /forum/member.php?u=18393 Viewing User Profile

yimyim999

 

67.195.111.234

 

00:34 Guest

/forum/faq.php? Viewing FAQ

 

180.76.5.164

 

00:39 Guest

/forum/faq.php?faq=vb3_board_faq Viewing FAQ

 

180.76.5.93

 

00:24 Guest

/forum/faq.php? Viewing FAQ

 

180.76.5.147

 

00:33 Guest

Viewing 'No Permission' Message /forum/member.php?u=17183 Viewing User Profile

azeem1234

 

180.76.5.101

 

00:27 Guest

/forum/faq.php? Viewing FAQ

 

180.76.5.94

 

 

Display: User Agent: Per Page:

Page 2 of 5

 

+ User is on your contact list

* User is invisible to others

Viewing 'Forum Closed' Message Viewing 'Forum Closed' Message

Viewing 'No Permission' Message Viewing 'No Permission' Message

Viewing Error Message Viewing Error Message

Edited September 28, 201114 yr by groover

They all seem to be based out of China

Number of guests starting to rise again from 86 to 93

They all seem to be based out of China

 

An attack by the red army I wonder if any other sites are being hit:gunsmilie:

Zclub has 1 member on and 150 guests:scared:

im coughing and sneezing down the mouse to send them a virus!!!:biggrin:

 

dan.:cool3:

not being very computer literate myself , why would they want to hack our site . what are the dangers etc and what could they gain

Most are spam bots that just gather information, a new guest would not be able to enter a subbed area or unlikely to access any passwords of members, but looking at activity across a few vbulletin sites, we are just being cautious.

The main security risks of a hacked account are likely anything that you use the same email address or password for on other places.

 

I know many of us likely use passwords on multple sites as its easier.

it all goes over my head all this internet security stuff . good to know there are guys on here that understand it and can take the necessary steps to stop it . you would think they would spend their time hacking into a site for cockle picking hot spots

Its very strange even the Australian300zx club has 40 members and 168 guests and zclub 0 members on and 160 guests trying to get into chatbox!

The main security risks of a hacked account are likely anything that you use the same email address or password for on other places.

 

I know many of us likely use passwords on multple sites as its easier.

 

yes im with you now . i can see the risks . paypal and stuff like that . slimy gits

Ideally we should be running vbulletin v4. The problem with forum software is it has exploits, the older the forum software running the forum, the more hackers know about the exploits, etc. By the look of the guests and the IPs, it's a bot net in China trying it's luck, those IPs could easily be spooked however (i.e. not really the IP the attack is coming from).

I doubt it's a botnet, unless proxied in some weird way then all the addresses would be from different subnet, more likely some sort of search engine indexing/spider. Anyway, for the moment I've blocked the 180.75.5.0 subnet, so we should see the numbers drop off ...

And while we're talking password security, and we should be, then I'll share my best advice :-

 

Nice cartoon, passphrases rock, I have several I use regularly. As for the botnet, I didn't mean bot net in the sense of peoples computers, they wouldn't be restricted to China, let alone in the same subnet, however, a bunch of compromised servers in the same datacenter, which were setup deliberately or compromised by an insider, not something that's never happened before.

Nice cartoon, passphrases rock, I have several I use regularly. As for the botnet, I didn't mean bot net in the sense of peoples computers, they wouldn't be restricted to China, let alone in the same subnet, however, a bunch of compromised servers in the same datacenter, which were setup deliberately or compromised by an insider, not something that's never happened before.

 

 

OK, see what you mean. Agreed. Unlikely such expensive resources would be target an uninteresting place such as a small car forum though, they tend to go and beat on places with higher concentrations on interesting people/stuff.

 

Anyway, research indicates it's Baidu, the China search engine.

You'd be surprised. I'll preface this by saying "I used to do data forensics for a living" so that it's understood where I'm coming from :D

 

Hacking a forum like this with several thousand registered users gives lots of usernames and password combinations. These all get added to some password dictionaries and some username/email/password pair lists, ready to use on hacking other sites of more importance.

 

Most people who use forums will have an ebay and/or paypal account for example, if the users email address on here is the same as on paypal, and the password happens to be the same, they only need that combination to attempt on paypal and they are in to an account. Happens a lot. Unfortunately forums and blogs are big targets for even big hackers, just because of the wealth in username/email/password combinations.

Yep, totally agree. Most of the stuff I see is more industrial espionage, this does fill the gaps in the background though.