Just a warning. I received a notification from this forum. Apparently someone was trying to login to my forum account from a chinese ip address.

Make sure you have a good secure password and don't have any personal information in your profile.

Cheers Ric.

Hi Ric,

Do you have that IP address that you could post here so we can look into blocking it?

Cheers

Toddie

Notice how it only started after a certain person "visited" China

What am I missing? Can't the hacker just sign up to the forum and look at your profile?
What can he do if he logs in as you?

What am I missing? Can't the hacker just sign up to the forum and look at your profile?
What can he do if he logs in as you?

It seems like they are the ones that are sending out bulk spam PMs... I don't know why they don't just create an account?

I wouldn't worry. Hackers got into growlers, TDs and clunks profile a long time ago! Surely they couldn't post so much crap on their own!!! .....on the move

In all probability the "Hackers" are "Bots" not humans... but, yeah, worth banning if time and effort allows (as per AB's recent discussion about blocking by country code)

A human won't get involved unless the Bot cracks your account then they may have a look around for anything that interests them and if they can see bank stuff or whatever will have a crack using same/similar passwords

Some feedback from other members it is happening on a lot of other forums too.

Cheers mate we are well aware of it.

G'day Toddie

Here is the email I received. Not sure if it auto generated by the forum or sent by admin,

Dear Ric,
Someone has tried to log into your account on NissanPatrol.com.au Forum
with an incorrect password at least 5 times. This person has been
prevented from attempting to login to your account for the next 15
minutes.
The person trying to log into your account had the following IP address:
183.61.14.74

All the best,
NissanPatrol.com.au Forum

I run a few forums so am used to checking suspect ip adresses. See report below from website "Stop Forum Spam"

Date IP Address Username Email Location Evidence
30-Mar-15 23:02 183.61.14.74 KaylaRex4 bonitadove2865@trash-mail.com China
30-Mar-15 22:14 183.61.14.74 AliGutierr lillianainsworth1908@trash-mail.com China

And report from "What is my Ip Address"

General IP Information
IP: 183.61.14.74
Decimal: 3074231882
Hostname: 183.61.14.74
ISP: China Telecom Guangdong
Organization: Hengyang
Services: Recently reported forum spam source. (2)
Type: Broadband
Assignment: Static IP
Blacklist:
Geolocation Information
Country: China cn flag
State/Region: Fujian
City: Fuzhou
Latitude: 26.0614 (26° 3′ 41.04″ N)
Longitude: 119.3061 (119° 18′ 21.96″ E)

G'day Toddie

Here is the email I received. Not sure if it auto generated by the forum or sent by admin

Thanks Ric,

It's forum (Vbulletin) automatically generated when there has been more than 5 failed login attempts on 1 individual account.

I will speak to Admin about blocking this IP addy

Cheers

Toddie

Just bite the bullet and block China like you suggested, AB.

Just bite the bullet and block China like you suggested, AB.

Here here!!!

Start a poll ;)

What's the ip of china ;)


I'm over it, have spent too many hours!!!!

What's the ip of china ;)


I'm over it, have spent too many hours!!!!

Dunno, but I know someone who went there recently..................................Just b4 all this chinese shenanigans started

Dunno, but I know someone who went there recently..................................Just b4 all this chinese shenanigans started

I knew I should've left those business cards at home ;)

What's the ip of china ;)


I'm over it, have spent too many hours!!!!

Well you need to appoint growlers super mod powers so he can help you out.

And China's IP addy is 120.146.218.24.......something..............quick growlers block it now!!!!!!

Well you need to appoint growlers super mod powers so he can help you out.

And China's IP addy is 120.146.218.24.......something..............quick growlers block it now!!!!!!

Done!!!!!!!!!!!

This is a lot more difficult then we think.

It will most likely slow the forum down doing this for genuine users.

This is a lot more difficult then we think.

It will most likely slow the forum down doing this for genuine users.

How many Patrols are there in China?

How many Patrols are there in China?

Not them....us

Not them....us

Why will blocking an IP range slow us down?

It is quite easy to block a complete ip range. I have done it many times.

Normally you would add an ip address to the banned or blocked list by entering the full ip address eg: 183.61.14.74

To block a complete range from, for example an particular isp in china you enter the ip address in your blocked list as follows 183.61.* or 183.61.*.*

This will block all ip addresses starting with 183.61.

While your at it, it might pay to block this range as well, 14.17.*.*

Cheers Ric

Why will blocking an IP range slow us down?

Blocking an ip range should not slow your forum.

Why will blocking an IP range slow us down?

Its not just a simple IP range consisting of a few numbers to block, it is made up of a shipload of different ranges which will need to go through htaccess and will check every time you use the forum. I'll try and find a reliable range and test anyway.

It is quite easy to block a complete ip range. I have done it many times.

Normally you would add an ip address to the banned or blocked list by entering the full ip address eg: 183.61.14.74

To block a complete range from, for example an particular isp in china you enter the ip address in your blocked list as follows 183.61.* or 183.61.*.*

This will block all ip addresses starting with 183.61.

While your at it, it might pay to block this range as well, 14.17.*.*

Cheers Ric

Thanks mate but yeah the range I have seen over the last few months consists of a lot of prefixes and seeing the list from other sites has hundreds of lines.

The more rules in there the slower it will be.

Let me check it out more.

Yep but its still easy to block the whole range the way I mentioned and each time a new isp range is detected just add it to the blocked list.

I have successfully blocked out Chinese, Russian, Nigerian and many other troublesome ip ranges

Yep but its still easy to block the whole range the way I mentioned and each time a new isp range is detected just add it to the blocked list.

I have successfully blocked out Chinese, Russian, Nigerian and many other troublesome ip ranges

Cheers Ric, the lists I'm seeing that others are using is ridiculously long. At least a few hundred lines of ranges which will effect performance guaranteed.

I've used htaccess on a tenth of there scale and seen performance issues.

Do you still have the china range you used that we could try out?

Yep but its still easy to block the whole range the way I mentioned and each time a new isp range is detected just add it to the blocked list.

I have successfully blocked out Chinese, Russian, Nigerian and many other troublesome ip ranges

Russian and Nigerian troublesome............never....... I don't believe you :)

I'm no IT techo, just an average bloke who runs a few forums.

All we do is block the range as we receive a suspect membership application, eg 183.61.*

It won't stop them all but it will stop anyone using the ip prefix 183.61. which is a good few hundred thousand ips. I don't worry about what other people are doing or any lists. I just set up specific blocks as they try to join.
I do a lot of my checking manually, ie any application I feel is a bit suss I check the ip address to see where its from. I also google suspect email addresses to see if I get any hits.

This website is good for checking ips and email addresses http://www.stopforumspam.com/search

Thanks Ric, yeah we have a good system on here and I have also been literally spending an hour or two each night blocking IP's for the last month or two which is starting to wear me down to be honest...lol

I haven't blocked smaller prefixes though, I should start to try that but the first few prefixes are so scattered I reckon they are using proxy. We did this a while back and I blocked entire ranges which resulted in a lot of genuine countries, including some Aussie members not being able to access the forum.

I'll try out a much larger range and see how we go.

Thanks Ric, yeah we have a good system on here and I have also been literally spending an hour or two each night blocking IP's for the last month or two which is starting to wear me down to be honest...lol

I haven't blocked smaller prefixes though, I should start to try that but the first few prefixes are so scattered I reckon they are using proxy. We did this a while back and I blocked entire ranges which resulted in a lot of genuine countries, including some Aussie members not being able to access the forum.

I'll try out a much larger range and see how we go.

Sounds like you need more help mate

Sounds like you need more help mate yep I agree....

yep I agree....

So get those good for nothing lazy mods onto it then hahahahaha

So get those good for nothing lazy mods onto it then hahahahaha

we are not lazy, Andy won't give us the extra powers for fear we will burn the place down

we are not lazy, Andy won't give us the extra powers for fear we will burn the place down

Well you would wouldnt you ;)

Come on AB, time to start trusting others with the power, cant do any worse than what you have already. ............ on more than a few occasions from what i remember lol

Come on AB, time to start trusting others with the power, cant do any worse than what you have already. ............ on more than a few occasions from what i remember lol

Yeah not happening mate...lol

Respect to our mods here and appreciate everything they do but they cannot do any more in my section then what I am currently doing.

Just make me admin, I'll fix everything in about 2 seconds for ya bwahahahaha

Just make me admin, I'll fix everything in about 2 seconds for ya bwahahahaha kaboom!!!!!

kaboom!!!!!

Thats just Nics patrol isnt it

Yeah not happening mate...lol

Respect to our mods here and appreciate everything they do but they cannot do any more in my section then what I am currently doing.


I wouldn't trust them either mate :)

So is KimWardell a real member or what. Another one on my personel non contact list.

Check this out in the "biography" section of his member's page...


Dale Wible is what hiss spouse loves to call him but it's not
the most masucline title out there. For a whilst he's been in Mississippi and his parents
reside close by. He works as a postal services employee
and it's something he truly enjoy. Her buddiies say it's not great for her but what shhe enhjoys performihg is playing golfing
and shee iis trying to makie it a occupation. See what's new on my website rijght here: https://www.youtube.com/watch?v=1yQKNMIpN0M

Just make me admin, I'll fix everything in about 2 seconds for ya bwahahahaha


kaboom!!!!!

Works for me... Kim Jong Clunk has a certain ring to it.

Same sound you here when the pin, arming lever and then the hand grenade hits the concrete

Well touch wood, I think the majority of this has been knocked on the head now!!!!

Bloody finally!!!!

... the lull before the storm methinks

Can we still make Clunk Admin for a day?

... the lull before the storm methinks

Can we still make Clunk Admin for a day?

more sh!t would happen in one day with him been admin for a day than what the Chinese hackers could cause in a lifetime!

more sh!t would happen in one day with him been admin for a day than what the Chinese hackers could cause in a lifetime!

Yep, totally agree.

Would put everything back in perspective eh...

... the lull before the storm methinks

Can we still make Clunk Admin for a day?

Hell yeah, Clunk for president

more sh!t would happen in one day with him been admin for a day than what the Chinese hackers could cause in a lifetime!

Oh ye of little faith

Ye of what we know of you mate....

more sh!t would happen in one day with him been admin for a day than what the Chinese hackers could cause in a lifetime!

Might even be able to knock out some redback rooftop bags

I've got faith in you Clunk, but I've got more faith in AB never allowing it to happen.