PDA

View Full Version : Security: Admin IP Address Log and Compare


Xenium
06-19-2006, 10:00 PM
This product will add a security feature into your admincp. When you log into your admin account, your IP address will be logged. On the main admincp index page your current IP address along with the previously logged IP will be shown plus a compare status. This will allow you to check if anyone else has been logging into your account without you knowing, and therefore take the necessary precautions to avoid it happening again.

There is purposly no pruning feature inbuilt, to avoid the possiblity of an unauthorised user taking advantage of it. Of course if your config settings allow you to execute DB queries within your admincp, then unauthorised users could modify the logged ips. I suggest you turn it off by editing includes/config.php and making sure the setting below has no userid's
$config['SpecialUsers']['canrunqueries'] = '';

You can install a seperate script to run queries eg "phpmyadmin"

Stats

Installation Time: 1 Minute
Added Queries: 1 on specified admin login, 1 on admincp homepage
One Off Queries: 1 on installation, 1 on uninstallation
Added DB Tables: 1
Added Phrases: 5
Added Settings: 1

Installation Instructions


Simply upload the product
Modify "Admin IP Address Checker Box" Setting in vBulletin Options
Click Install (https://vborg.vbsupport.ru/vborg_miscactions.php?do=installhack&threadid=119100)


To-Do List

Add Multiple admin support
Add dynamic IP support
Add IP Exceptions list


Screenshots are below

projectego
06-20-2006, 03:11 AM
Nice idea. :)

Rickie3
06-20-2006, 06:15 AM
great idea cheers *installed*

hotwheels
06-20-2006, 12:29 PM
schweet........

hotwheels
06-20-2006, 02:04 PM
It locked me out of my site......Can you please post or pm me the mysql database code? I tried to remove the admin_ip_checker and i can't get into my site still. Database error in vBulletin 3.5.4:

Invalid SQL:

INSERT INTO vb3admin_ip_checker
(id, ipaddress)
VALUES ('', '69.146.155.79');;

MySQL Error : Table 'hotwheel_forums.vb3admin_ip_checker' doesn't exist
Error Number : 1146
Date : Tuesday, June 20th 2006 @ 11:01:37 AM
Script : http://www.insanemustangs.com/forums/login.php
Referrer : http://www.insanemustangs.com/
IP Address : ********
Username : *******
Classname : vb_database

hotwheels
06-20-2006, 02:39 PM
I found it in the xml file............thanks

Xenium
06-20-2006, 03:48 PM
I found it in the xml file............thanks


Glad that you got it sorted out :) Odd that it didnt add the table on installation of the product though.

hotwheels
06-20-2006, 05:03 PM
when it wrote the table for my site, it wrote admin_ip_checker instead of vb3admin_ip_checker so i just took CREATE TABLE `admin_ip_checker` (
`id` INT( 15 ) NOT NULL AUTO_INCREMENT ,
`ipaddress` VARCHAR( 15 ) NOT NULL ,
INDEX ( `id` )
) TYPE = MYISAM and changed it too CREATE TABLE `vb3admin_ip_checker` (
`id` INT( 15 ) NOT NULL AUTO_INCREMENT ,
`ipaddress` VARCHAR( 15 ) NOT NULL ,
INDEX ( `id` )
) TYPE = MYISAM

Work's perfectly now..........I think it is just the way mysql is set up.......

Xenium
06-20-2006, 05:54 PM
Work's perfectly now..........I think it is just the way mysql is set up.......

Nope. It's my fault. I forgot to add table prefix to the install and uninstall code. I've updated the file now. :)

Change your uninstall code to the following.

$db->query_write("DROP TABLE " . TABLE_PREFIX . "admin_ip_checker");


That will avoid any problems when you want to uninstall the product. Or you could change the name of the table you created in phpmyadmin to admin_ip_checker, then uninstall the product and reinstall the updated file.

hotwheels
06-21-2006, 06:58 PM
Thanks, i appreciate the update.........

Xenium
06-22-2006, 12:53 AM
Thanks, i appreciate the update.........

No Problem :)

Xenium
06-22-2006, 12:54 AM
Didn't work for me.

No matter what it never showed an IP address.

Well if you installed the product, the panel should show up in the admincp home page. You will need to log in and out of the admincp, then the logged IP address will show up.

oberheimhaven
06-24-2006, 12:18 AM
BAM!! I knew it soon as I signed in it stated not same IP address thanks mate great hack Installed 3.5.4 no problem any suggestions on next step besides me changing my P word

XFSImperial
06-24-2006, 01:40 AM
If I add additional userids to the options section, can this feature be extended to my other administrators?

Xenium
06-24-2006, 02:07 AM
BAM!! I knew it soon as I signed in it stated not same IP address thanks mate great hack Installed 3.5.4 no problem any suggestions on next step besides me changing my P word

Well that's not entirely true. You need to log out then back in again once in order for it to log your ip address. At the beginning itwill always say that IP's don't match because it hasnt logged an IP fom you yet.

Xenium
06-24-2006, 02:09 AM
If I add additional userids to the options section, can this feature be extended to my other administrators?

I could extend it to work work with multiple admins. I might add this functionality at a later date.

Shazz
06-25-2006, 12:06 AM
I could extend it to work work with multiple admins. I might add this functionality at a later date.
please do! :D
________
BMW M47 history (http://www.bmw-tech.org/wiki/BMW_M47)

Xenium
07-12-2006, 12:47 PM
Hmm I have the same problem while I'm Online on my board. But I do not have the problem when I use your Hack on my TestvB 'Local'. Kinda strange, right? Well, I did it several times: Login...LogOut...Login...Logout. Then I wait some min's and I restart it. I get always the same result and message, that my IP address does not match. Do you know what's wrong? Thank you for your time ;). You did a great job with your hack. I love it really ;) -Mike


Try to log in and out a couple of times. If you still have the same problem, then look at the admin_ip_checker table in something like phpmyadmin and PM me a list of the entries.

Xenium

Luke Brown256
07-26-2006, 09:27 PM
Hi was just wondering if this could be extended for all admins, that way it provides extra security
are there any plans to do so at a later date?

Xenium
07-28-2006, 11:29 PM
Hi was just wondering if this could be extended for all admins, that way it provides extra security
are there any plans to do so at a later date?

I will work on this very soon.

Watched
07-30-2006, 03:43 AM
i have to agree, the option to add multiple admins would be GREATLY appreciated.

Watched
10-12-2006, 12:38 PM
it seems this one is getting updated anytime soon :(

wengi
10-12-2006, 01:31 PM
Very nice hack m8 ... but as already stated it would be better if set for multiple admins. Thnks again.

Regards
Wengi