PDA

View Full Version : Administrative and Maintenance Tools - Email notification if someone attempts to access your Admin or Mod CP


Boofo
01-31-2008, 10:00 PM
Email notification if someone attempts to access your Admin or Mod CP for vBulletin vB3.7.0 beta 4
Version 1.0.2
(By Boofo)

What does this modification do?
When someone tries to login to your Admin CP or Mod CP, you will get an email that contains the username they tried, their IP address, hostname, number of strikes, referrer, script, and the date & time of the attempt. It also will now distinguish itself in the message subject between a failed Admin CP attempt and a failed Mode CP attempt, so you will know right off which CP they tried to login to.

NOTE: Those who respectfully donate will be have access to the password version of this hack by sending me a PM after donation.

Credits:
Thanks to EvilLS1 for making the vB 3.0 version of this modification on which this update is based and released with permission.

Version Information:
Version 1.0.1 --Initial release
Version 1.0.2 --Removed password code for security reasons.

Installation overview:
--------------------------------------
Files to edit: (1)
--login.php


What it looks like in the Mod CP when an anonymous user tries to login:

-----------------------------------------------------
Someone is trying to login to your Your Forums Mod CP!
-----------------------------------------------------
Username tried: Ned
IP Address: 1.123.23.4
Host: 1-123-23-4.some.name.com
Strikes: 4 out of 5
Referer: http://www.yoursite.com/forums/modcp/
Script: http://www.yoursite.com/forums/login.php
Date & Time: Thursday, January 31st, 2008 at 8:22:29 am
-----------------------------------------------------

What it looks like in the Mod CP when a user from your site tries to login:

-----------------------------------------------------
Someone is trying to login to your Your Forums Mod CP!
-----------------------------------------------------
Username tried: Boofo
IP Address: 1.123.23.4
Host: 1-123-23-4.some.name.com
Strikes: 4 out of 5
Referer: http://www.yoursite.com/forums/modcp/
Script: http://www.yoursite.com/forums/login.php
Date & Time: Thursday, January 31st, 2008 at 8:22:29 am

USER ATTEMPT: Your Forums has identified this registered user as: Boofo

NOTE: If you do not click install, you do not need support.

SwollenCranium
02-01-2008, 08:16 PM
Does this use the "contact us" email address by default ?

** EDIT**

Nevermid ... read the code, I see where it goes.

Boofo
02-01-2008, 08:21 PM
It uses your webmaster email setting in the Admin CP.

Magnumutz
02-01-2008, 09:13 PM
Dude... this is AWESOME !!

Nominated fo' MOTM.

Later Edit: Oh man... too bad it needs file edits. Is there any way you could turn this into a product?

Boofo
02-01-2008, 09:28 PM
Sorry, there aren't any hooks in those files to be able to do it that way.

Magnumutz
02-01-2008, 09:36 PM
I see... i'm securing my AdminCP with .htpasswd now, it'll be a bit safer.

Boofo
02-01-2008, 09:58 PM
That just lets you know what password they try in case it is close to yours or what method they are trying to use to get in. I wouldn't run my site without this.

Don't forget the install buttion. ;)

Freesteyelz
02-01-2008, 10:13 PM
I tagged this mod. :)

BOOFO is back everyone! :up:

Boofo
02-01-2008, 10:17 PM
This will work from 3.6 on up.

And I don't recall seeing you visitng at all, or did I miss that? ;)

Freesteyelz
02-01-2008, 10:45 PM
You missed it. :)

iogames
02-01-2008, 11:30 PM
This must be standard! we all know that we work hard for our communities!

1. What happen to the right password? or everything the Administrator login?
2. What if they know ur password and want to change it?

cajunboy2208
02-02-2008, 09:11 AM
This must be standard! we all know that we work hard for our communities!

1. What happen to the right password? or everything the Administrator login?
2. What if they know ur password and want to change it?

Well, if they get that... then that is why you do daily backups.
Just log onto your server, get the backup, reup it, and change your pw.

Alfa1
02-02-2008, 09:50 AM
Please make a product out of this. As this is a template edit, it is currently in the wrong section.

Marco van Herwaarden
02-02-2008, 09:57 AM
Please make a product out of this. As this is a template edit, it is currently in the wrong section.
Installation overview:
--------------------------------------
Files to edit: (2)
--incudes/adminfunctions.php
--login.php
How is this a template edit if PHP files are edited?

KURTZ
02-02-2008, 10:00 AM
interesting hack boofo ... :)

Alfa1
02-02-2008, 11:37 AM
How is this a template edit if PHP files are edited?
erm. I'll go and buy glasses.

Boofo
02-02-2008, 10:17 PM
The password code in this hack has been removed due to security concerns by the staff of vbulletin.org.

Hornstar
02-04-2008, 08:30 AM
I used to like the one that showed the attempted passwords lol

Marco van Herwaarden
02-04-2008, 08:38 AM
The password code in this hack has been removed due to security concerns by the staff of vbulletin.org.
The concerns we had was more about the wording of your original thread, stating that no plaintext password would be sent from the server. Although this was technically correct, it did sent the plaintext passwords (over the internet) to the server upon any CP-login. As sending plaintext passwords over the internet is considered reducing the standard security, we requested that text to be changed to reflect the fact that the modification did sent plaintext passwords.

Instead the author choose to remove the password from the modification, thus circumventing any possible security degradation.

vietdjclub
02-04-2008, 08:41 AM
to sercurity your admin login just rename admincp to other folder name
ex:

admincp --> xxx2x
modcp-->zzz2x

dont forget edit on config file

Marco van Herwaarden
02-04-2008, 08:44 AM
I used to like the one that showed the attempted passwords lol
On a personal note: This was something i never liked about this modification. If you are an admin on many forums, you might by mistake try the password for board A to login to board B. If they password used is sent to the admin of Board A, then he might be able to "guess" your admin login for Forum B. I always refused to be an admin on a board that had this modification installed.

PS Boofo know my opinion on this, we already discussed that many years ago.

princeedward
02-04-2008, 11:10 AM
gonna try this...hope its good and bring no problem...thanks for this bro... ;)

Boofo
02-04-2008, 12:10 PM
This hack has never brought anyone any problems. That is not what it is for. ;)

iogames
02-04-2008, 08:30 PM
On a personal note: This was something i never liked about this modification. If you are an admin on many forums, you might by mistake try the password for board A to login to board B. If they password used is sent to the admin of Board A, then he might be able to "guess" your admin login for Forum B. I always refused to be an admin on a board that had this modification installed.

PS Boofo know my opinion on this, we already discussed that many years ago.

Ok so the password 'attempted' is sent to who???

Conner85
02-05-2008, 06:12 PM
So... do I edit ALL login.php files? I just edited the yoursite.com/login.php. Am I supposed to edit /modcp/login.php and /admincp/login.php?

Boofo
02-05-2008, 06:23 PM
Only edit the one file in your forums directory. The hack states only 1 file edit plus most hacks usually have the full path to any files needing editing.

iogames
02-07-2008, 11:23 PM
Then... who receives the notification? :(

dwh
03-11-2008, 07:43 AM
Interesting hack. If you use .htaccess to block AdminCP, does this do anything extra since the login.php is inside the forums directory?

Too bad that the plugin system requires vB to manage all these hooks.

Since vb is developed using svn and each line of code is probably logged somewhere, it would be so cool if they could come up with a way to dynamically create your own hooks with just vb file version and line number...I know, sounds really complicated but so is the hooks system ;)

Boofo
03-11-2008, 10:34 AM
Then... who receives the notification? :(

The Admin receives the notification, but the password feature has been removed in this version as it wasn't worth the headache of listening to a few people complain about the so-called security issues.

Alfa1
03-11-2008, 04:24 PM
Is it a good idea to just upload the new login.php here, so that others do not have to do the bit of editing the file?

Boofo
03-11-2008, 06:42 PM
Sorry, not allowed to upload vb files here. Besides, the edits aren't that bad. ;)

Alfa1
03-13-2008, 07:46 AM
No, it's very easy to do.

Bounce
03-20-2008, 09:13 PM
*Installed*;)

FRANKTHETANK 2
03-23-2008, 01:52 AM
i have this thing going off like crazy after i installed it and it wont give me an ip address any suggestions on what to do?

Boofo
03-23-2008, 02:02 AM
The IP address should show up fine if you did all the edits correctly. I would say make sure the edits are done correctly first.

FRANKTHETANK 2
03-23-2008, 02:10 AM
i have and i know what I'm doing. Lets say the person isn't registered to the site and they try to log in will it still show the ip. The site is new and i have an enemy at a site called darksidehackers.com and i can't get him off my back.

Boofo
03-23-2008, 02:14 AM
Yes, it picks up the IP from whoever it is.

FRANKTHETANK 2
03-24-2008, 04:57 AM
This is all i get in the email

Someone is trying to login to your Nextgen Squad Mod CP!

Strikes: 0 out of 5

or

Someone is trying to login to your Nextgen Squad Admin CP!

Strikes: 0 out of 5

Boofo
03-24-2008, 06:58 AM
Then you haven't done all the file edits properly.

FRANKTHETANK 2
03-24-2008, 07:53 PM
hm
i redid them like 10 times and i get the same thing

Boofo
03-24-2008, 09:20 PM
You had to miss something. This has never failed anyone that I know of in all the versions I have done. Is there a way I can check the files to make sure the edits are right? Do NOT upload them here, though.

superthang
03-27-2008, 12:58 PM
I have added, but I get a white page after login with real username or fake username
seem to not working.

Bexter
03-27-2008, 01:21 PM
Just clicked new posts and this popped up. Will be installing this on my forums later as Im very security concious.

Boofo
03-27-2008, 01:58 PM
I have added, but I get a white page after login with real username or fake username
seem to not working.

Re-edit the file. You missed some code somewhere.

Chachacha
03-27-2008, 08:49 PM
*Installed*. Excellent mod!

Ksb2050
03-27-2008, 10:52 PM
Will this still work if you changed the directories of your ACP and MODCP to something else than the standard "admincp"/"modcp"?

Boofo
03-27-2008, 11:16 PM
Yes.

tmiland
03-29-2008, 01:22 PM
Damn nice! :D Ty!

FRANKTHETANK 2
04-04-2008, 07:25 PM
You had to miss something. This has never failed anyone that I know of in all the versions I have done. Is there a way I can check the files to make sure the edits are right? Do NOT upload them here, though.

sure i will put them in a rar file and send link. another problem i'm getting is it emails me almost 50 times a day saying someone is doing failed login attempts. This even happened when i put a password on my forum folder to fix a major error one of the admins did.


I redid what you said and it still does the same thing. I have done everything i know of and i can't get it to work.

Black Tiger
05-12-2008, 12:10 AM
I've uninstalled the 3.5 version because I had the 3.7 version installed already.:)
Little question, if I want the password option back in again, can I safely use the incudes/adminfunctions.php change from the 3.5 version, or is the code in 3.7 changed in such way I can't use that anymore?
If that's the case, is it possible to supply the correct code to put it in myself?

Boofo
05-12-2008, 12:29 AM
And you didn't click install?

No, the code has changed for that part of it.

Black Tiger
05-12-2008, 12:38 AM
Oh that's odd, I think I doubleclicked or something and the "mark installed" was gone again I see now.
Clicked marked as installed again now, sorry.:)

Is it possible to receive the code for the password part?

Boofo
05-12-2008, 12:47 AM
PM me an email address and I will send it to you.

ctrl-alt-del
05-16-2008, 01:25 PM
Works nicely. Thanks! However, I prefer not editing files. Is this mod not possible using the plugin system?

Boofo
05-16-2008, 01:37 PM
Nope, or I would have done it that way a long time ago.

newtsys
05-17-2008, 01:48 AM
Boofo many thanks for the assistance. =)

Black Tiger
05-18-2008, 12:49 AM
Yep, he's great! Thanks Boofo.:)

Boofo
05-18-2008, 06:57 AM
You guys are very welcome. ;)

mgurain
05-21-2008, 03:51 AM
Works nicely. Thanks! However, I prefer not editing files. Is this mod not possible using the plugin system?
same,

thanks

ctrl-alt-del
05-21-2008, 11:21 AM
Question already answered. It's not possible or it already would have been done.

Boofo
05-21-2008, 11:30 AM
Finally! Someone reads the thread. ;)

Thank you. ;)

smooth-c
05-21-2008, 11:50 AM
Should this work with 3.7 Gold? I've done the template edit correctly and replaced the original login.php yet this doesn't work - i've received no email at all :(

Any help Boofo?

Boofo
05-21-2008, 11:51 AM
Then you missed something as this works fine on 3.7 Gold.

sys4096
05-23-2008, 11:17 AM
Great mod, thanks.

Green Cat
05-23-2008, 01:56 PM
<font color="Red">*installed*</font>
Thank you for this fabulous hack !
Can you please send me the password code by PM please ?

pierians
05-29-2008, 05:00 PM
Thank you!!!
It works perfectly!

357Magnum
06-09-2008, 05:45 AM
i followed the instruction exactly and got an error trying to log in afterwards. removed code and everything back to normal. any ideas?

dodge-downunder
06-09-2008, 10:31 AM
awesome, tested it and works a treat! thanks!

BigDog56
06-09-2008, 09:01 PM
Thank you, just tested, works like a charm! I love this, you can ban the ip if it keeps trying and you don't recognize the ip.

steve1966
06-12-2008, 12:03 PM
No email for me neither will it cause problems if i have renamed my acp and mcp?

Boofo
06-12-2008, 12:23 PM
No, that will not affect it. Make sure your webmaster email is set correctly in the vb settings. If you still don't get an email, then you edited the files wrongly somehow.

steve1966
06-12-2008, 12:29 PM
Hi thanks for your reply i also use this htpasswd will this cause a problem ?

one other question should i get an eamil when another admin on my forum logs in?

i have done the edits in the code i have not miissed a thing all i had to do was to add the 2 codes to the php file but it still dont work here are the edits

$username = $vbulletin->GPC['vb_login_username'];
$fdate = date('l, F jS, Y');
$ftime = date('g:i:s a');
$fdatetime = "Date/Time: $fdate at $ftime \r\n";
$fscriptpath = "Script: http://$_SERVER[HTTP_HOST]" . SCRIPTPATH . "\r\n";
$freferer = 'Referrer: ' . REFERRER . "\r\n";
$fusername = "Username tried: $username \r\n";
$fipaddress = 'IP Address: ' . IPADDRESS . "\r\n";
$iphostname = "Host: " . @gethostbyaddr(IPADDRESS) . "\r\n";
if ($vbulletin->userinfo['userid'] > 0)
{
$realname = "\nUSER ATTEMPT: " . $vbulletin->options['bbtitle'] . " has identified this registered user as: " . $vbulletin->userinfo['username'] . "\r\n";
}



// log this error if attempting to access the control panel
require_once(DIR . '/includes/functions_log_error.php');
$fstrk = "Strikes: $GLOBALS[strikes] out of 5 \r\n";
if ($vbulletin->GPC['logintype'] === 'cplogin')
{
$subject= 'WARNING: Failed Admin CP logon in ' . $vbulletin->db->appname . ' ' . $vbulletin->options['templateversion'] . "\r\n\r\n";
$message="Someone is trying to login to your " . $vbulletin->options['bbtitle'] . " Admin CP!\n\n$fusername$fipaddress$iphostname$fstrk$fref erer$fscriptpath$fdatetime$realname";
}
else
{
$subject= 'WARNING: Failed Mod CP logon in ' . $vbulletin->db->appname . ' ' . $vbulletin->options['templateversion'] . "\r\n\r\n";
$message="Someone is trying to login to your " . $vbulletin->options['bbtitle'] . " Mod CP!\n\n$fusername$fipaddress$iphostname$fstrk$fref erer$fscriptpath$fdatetime$realname";
}
vbmail($vbulletin->options['webmasteremail'], $subject, $message, true);

Boofo
06-12-2008, 01:19 PM
Showing me the code doesn't show where it was added. I don't use htpasswd so I have no idea if that will affect this. It shouldn't as you still have to log into the admin cp via vb. If it is not working for you it has to be either a bad file edit or maybe the server is slow on sending out the emails. It works, trust me.

steve1966
06-12-2008, 01:30 PM
Hi Boofo

thanks againg for replying its ok its working fine i thought it sent a mail when another admin looged into the acp i just l tried to log in using a bad pass and it sent me a mail

thanks for a good mod

Boofo
06-12-2008, 01:34 PM
No problem. It only sends an email on a failed login. ;)

Megatr0n
06-12-2008, 03:51 PM
Boofo, you get my PM?

Boofo
06-12-2008, 11:04 PM
You get mine?

Boofo
06-15-2008, 03:21 AM
I have been getting quite a few requests via PM for the password version of this hack. It is now available to anyone who respectfully donates. Please read the first post for details.

pierians
06-15-2008, 05:05 AM
Version 1.0.2 --Removed password code for security reasons.

I'm sorry but i don't understand what it does...
Could you explain this to me?

Boofo
06-15-2008, 05:50 AM
It adds the password they tried to enter.

Bluetiereign
06-15-2008, 11:17 AM
Excellent ! Thanks. *Installed*