vB Dummy ACP

This addon will allow you to create as many dummy acps as you like. The dummy acp acts exactly like your true admincp, but it will not allow anyone to login through it, even if the username and password provided are correct.


Features

Acts just like real admincp login
Can automatically defend against detection (explained below)
Won't even allow real admin logins
Easily create as many dummy acps as you like
Will work without plugins enabled (partially)



Defense Against Detection

In order for the dummy acp to be of any use, I've made it impossible to detect being a "dummy". This is done through the following methods:

1. File Check
The dummy acp checks the file being requested to see if it exists in the true admincp directory, so if a user requested dummyacp/plugin.php, they would see a login despite there being no plugin.php in the dummyacp folder. If they request a file that is not in the true admincp directory, a 404 error is shown.

2. Login Validation
You may know, that normal forum members who try to login to the acp will see the successfully logged in page, but then redirect back to the login page. The dummy acp keeps this functionality instead of completely blocking all logins. It will only show the login error page under two circumstances:

1. The login provided is actually wrong
2. The login provided is real, but an administration login


Note
While this will work without plugins enabled, if plugins are not enabled then the dummy acp will show users who login successfully with an admin login a successful login page, but -still- redirect them to the login page. So while they may not actually gain access to your admincp, someone trying to get into your forum would know your login works.

Reserved :)

thanks you becoming one of my favorite coder.
gone try it with 3.7.4 and report later

all that secure a website is love by me.

what a brilliant idea, thanks

so far seen to work with 3.7.4 thanks

Glad to hear it dtv100, I'll probably release it in the 3.7 section too then :)

Deceptor, what's the purpose of this hack?

I am confused.

In short, a trick, for security :)

One of the things you can do to secure your vBulletin install is change the admincp/ directory to something else, so no one knows where your admincp URL is. With this, you can put up a dummy acp in its place, making people believe this dummy is the real one, and no matter what, not be able to log in :)

Very nice Deceptor, I was getting ready to do this:

https://vborg.vbsupport.ru/showthread.php?t=197510

And this will help! took some of the work out of it and I like how you mentioned it's pretty much untraceable as a fake... Nice!

Thanks for all the recent mods and look for an install shortly :D

Plus... loved to see the names Deceptor and Megatron back to back... ohh the memories of autobots and deceptacons lol! WHAT?!?!? lol

In short, a trick, for security :)

One of the things you can do to secure your vBulletin install is change the admincp/ directory to something else, so no one knows where your admincp URL is. With this, you can put up a dummy acp in its place, making people believe this dummy is the real one, and no matter what, not be able to log in :)

Awesome!!

Installed, 3.6.8 & Thanks ;)

Very nice Deceptor, I was getting ready to do this:

https://vborg.vbsupport.ru/showthread.php?t=197510

And this will help! took some of the work out of it and I like how you mentioned it's pretty much untraceable as a fake... Nice!

Thanks for all the recent mods and look for an install shortly :D

Plus... loved to see the names Deceptor and Megatron back to back... ohh the memories of autobots and deceptacons lol! WHAT?!?!? lol
Haha, man, I loved Transformers as a kid. Still kinda do now.... XD

Fantastic mate. Next version should log ALL attempts with IP/email logging and forum user cross-referencing (if possible) :)


Also, I can confirm it works FINE on 3.7.x



Ta

Haha great mod man.
Glad you got there in front of me too.
I was 95% complete with my version lol.

Haha, man, I loved Transformers as a kid. Still kinda do now.... XD

Same here, although that has something to do with Megan Fox as well ;)
Thanks for the mod; looks interesting :)

Great addon i have just installed this Deceptor

How can i view a log of all the attempted attacks?

How can i view a log of all the attempted attacks?

Don't think it can as yet...

https://vborg.vbsupport.ru/showpost.php?p=1693367&postcount=13

Great addon i have just installed this Deceptor

How can i view a log of all the attempted attacks?

Deceptor... if you can add this I will become a Deceptacon lol ;)

Let us know if you have time & THANKS!

S-MAN

Can you do it with the modcp??

ModCP and logs coming in next version :)

Oh, thanks.

thanks you becoming one of my favorite coder.
gone try it with 3.7.4 and report later

all that secure a website is love by me.

Agreed. Man, Deceptor you are banging them out and have done some fresh new ideas. Kudos bro.

Cool idea..installed. Thanks!

Great mod .... :up:


I sent you a PM about a little security 'concern' (I don't wanna make it public for now) ...... Look into it and let me know via PM.

I'll edit the post once verified.

Sorry, but how is the system detecting that you are allowed to log in to the acp, because yo write even admin with right username and pw can't log in?

You're meant to rename the real admin directory, and upload this "admincp" folder to your website, so people can't tell it's a fake one.

Thanks

ModCP and logs coming in next version :)

hi dear... would like to bump this :)

This is a great system. I tried setting up something like this but failed.

It would be great if it could log IP's that try logging in and then add those IP's to the forum's ban list.

Really neat trick shot deceptor! I like it!

Installed and can't wait for the IP tracer ;)