PDA

View Full Version : Administrative and Maintenance Tools - [DBTech] vBSecurity v2 (vB4)


DragonByte Tech
12-30-2011, 11:00 PM
vBSecurity: What is it?
vBSecurity keeps a watchful eye over your forum even when you are not there, and has the capability to alert you of any suspicious activity.

Uses

vBSecurity is the ideal product for forums that are concerned about security, or wish to be alerted when something suspicious happens.
It keeps a watchful eye on your configuration file, ensuring that it does not get modified by mods or plugins.
Another important feature is the ability to add a secondary login, unique to each administrator, that is required before accessing the AdminCP. Ideal for forums where multiple administrators may share login information, or where administrators may log in from public computers.
Add in quick settings for the most vital vBulletin Options and Usergroup password settings, vBSecurity can easily be called one of the most comprehensive security suites for your vBulletin forum.

-------------------------------------------------------------------------------------------

If you like this mod please hit the https://vborg.vbsupport.ru/external/2015/08/1.png button to the right ---->

Please remember to click the, https://vborg.vbsupport.ru/external/2015/08/2.png button to the right if you installed the mod ---->

What does 'Marking As Installed' do ?

* It helps you to stay on top of updates - members who have installed modifications will be notified by us whenever new updates are available.

* For security issues - vbulletin.org will contact all members who have installed a modification whenever a security issue is brought to their attention.

* Marking a modification as installed also helps us know how many people are using our work, giving us extra incentive to provide more features and new modifications.

We appreciate the support!
-------------------------------------------------------------------------------------------

Priority support & Product Demos available at: http://www.dragonbyte-tech.com

-------------------------------------------------------------------------------------------

Translations available @ our forum (http://%22http://www.dragonbyte-tech.com/forums/91-Translations)
Support for translations handled by the translator in its respective threads only.

-------------------------------------------------------------------------------------------

Major Features
Administrator Security: .htaccess-like logins for your administrators means that even if they use the same password on multiple sites, malicious users still need a fresh, unique password to log in.

Security Watchers: Keep an eye on the most important aspects of vBulletin: config.php tampering, AdminCP / User Account access attempts, vBulletin Options, User Data, Usergroup Settings and Usergroup Permissions.
Detailed changelogs available for each watcher dealing with changes.
IP Ban, User Ban, Email alerts and temporary forum closure options available for each watcher individually.

Lite
* Searchable list of all AdminCP access attempts
* Searchable list of all failed login attempts
* Searchable list of administrator changes for areas governed by the Security Watchers
* vBOption: IP Address whitelist for AdminCP access
* vBOption: Separate "Closed Reason" for closures that happened due to potential security breaches
* Quick setting page for the most important vBulletin Options security settings
* Quick setting page for the most important Usergroup security settings
* Security Watchers: General - config.php Variable Tampering, AdminCP Access Attempts
* Security Watchers: Logins - Failed Logons, Failed Mass Logons
* Security Watchers: vBOptions - vBulletin Active, Reason For Turning vBulletin Off, Banned Email Addresses, Banned IP Addresses, Use Login "Strikes" System, Whitelisted IP Addresses, Whitelisted IP Addresses - Exclude Super Administrators
* Security Watchers: User Data - User Name, Password, Email, Primary Usergroup, Additional Usergroups, Reputation Level, Warnings, Infractions, Infraction Points, Receive Admin Emails
* Security Watcher Actions: 2 thresholds with individual configuration options, IP Ban / User Ban / Email Webmaster / Close Forum options available for each Watcher option listed above. Some watcher options may not have all actions.

Pro
* Optional .htaccess-like login on a per-administrator basis
* Settings Snapshots - take a "snapshot" of how the vBulletin Options look at the time, instant restore by clicking Load on a previous snapshot
* Security Watchers: Usergroup - Password Expiry, Password History, every usergroup permission group, every "value" permission
* IP Guard: Administrator IP Address authorisation scheme (similar to Steam Guard) - Require email verification for new IP addresses to access the AdminCP, per-administrator disable

-------------------------------------------------------------------------------------------
This mod displays a copyright notification in the footer of all pages which includes:
1 Link to DragonByte Technologies homepage
1 Link to Product Description page of this modification

idesignicreate
12-30-2011, 11:16 PM
for some reason I cant get one of your mods to work... keep saying i'm missing a .php file from every one :(

idesignicreate
12-30-2011, 11:17 PM
vBshop VBArcade or VBnavTabs Im using VB 4.1.9

idesignicreate
12-30-2011, 11:39 PM
error msg for VBshop public_html/dbtech/vbshop/includes/class_install.php appears to be missing!

ozzy47
12-30-2011, 11:40 PM
Which mod don't work? Or is it all of them?

And errors would help as well. They should be posted in their respective threads.

idesignicreate
12-30-2011, 11:47 PM
error msg for VBshop public_html/dbtech/vbshop/includes/class_install.php appears to be missing! for VBshop and I'm sorry i'm just learning how to post in here.

DragonByte Tech
12-30-2011, 11:47 PM
error msg for VBshop public_html/dbtech/vbshop/includes/class_install.php appears to be missing!This is not the support thread for vBShop.


Fillip

RSNF
12-31-2011, 03:09 AM
This is not the support thread for vBShop.


Fillip


Really.....how about directing him or assisting him with some help considering what he is requesting is still something you released...... Being an..ss is not the way to go in my opinion.....Not installed and rated horrible congrats.....

DragonByte Tech
12-31-2011, 03:37 AM
Really.....how about directing him or assisting him with some help considering what he is requesting is still something you released...... Being an..ss is not the way to go in my opinion.....Not installed and rated horrible congrats.....

He has downloaded the mod already, so he knows where the thread is. Fillip was letting him know this is not the place to post about vBShop since the user indicated he wasn't sure about where to post things.

Thanks for your rating of the mod - hopefully next time you'll actually try it first though ;)

Iain

socialteenz
12-31-2011, 08:50 AM
Really.....how about directing him or assisting him with some help considering what he is requesting is still something you released...... Being an..ss is not the way to go in my opinion.....Not installed and rated horrible congrats.....

You won't get a chicken at an ice cream parlor :D Who gives a F*** if you rate this mod as horrible. The mod will speak for it...

How about you pointing him to the right direction instead of posting this stupid comment.

Just my 0.1 cent :p

Sforums
01-01-2012, 06:20 AM
Installed on 4.1.0 pl2.
There is no new tab on navbar, nothing in quick links or community menus.

The screenshots you posted, I have nothing like that at my site....
The only thing I see is in options "DragonByte Tech: vBSecurity - General Settings" and that is it.

sadiq6210
01-01-2012, 06:25 AM
Installed on 4.1.0 pl2.
There is no new tab on navbar, nothing in quick links or community menus.

The screenshots you posted, I have nothing like that at my site....
The only thing I see is in options "DragonByte Tech: vBSecurity - General Settings" and that is it.

This is security mod, why you need a new tab or new page?!

Sforums
01-01-2012, 06:35 AM
This is security mod, why you need a new tab or new page?!

What kind of dumb question is that? Because author offers that option and it is visible to Super Admin only. Install first and then ask qustions instead of raking up post +++++ points.

HMBeaty
01-01-2012, 06:58 AM
What kind of dumb question is that? Because author offers that option and it is visible to Super Admin only. Install first and then ask qustions instead of raking up post +++++ points.
Whoa! Calm down! If you take a look at the screenshots, there aren't supposed to be any new tabs in the navbar or new pages on the forum. All functions should be available via your AdminCP somewhere. If you're not seeing all the options that should be available, just post any errors you may be having or explain what you see and/or don't see

sadiq6210
01-01-2012, 12:41 PM
What kind of dumb question is that? Because author offers that option and it is visible to Super Admin only. Install first and then ask qustions instead of raking up post +++++ points.

Did you read the thread?! Did you see the screenshots?

Again, I will ask you same question
This is security mod, why you need a new tab or new page?!

+

You need to learn how to respect the people and to be coooool :)

DragonByte Tech
01-01-2012, 01:12 PM
Installed on 4.1.0 pl2.
There is no new tab on navbar, nothing in quick links or community menus.

The screenshots you posted, I have nothing like that at my site....
The only thing I see is in options "DragonByte Tech: vBSecurity - General Settings" and that is it.Please add yourself to the Super Administrators variable in config.php :)

In fact, this is required to use the mod and should be a part of the readme.txt file.


Fillip

TheSupportForum
01-01-2012, 02:40 PM
its noted that today their is an update however the same download is available
version 1.0.2

DragonByte Tech
01-01-2012, 02:41 PM
That is correct.

Fillip

Iguana Goddess
01-01-2012, 10:26 PM
I only have one issue that I have noticed so far, when I enable the config.php Variable Tampering forum shut down, it shuts the forum down and emails me even though no one is altering anything. Nothing happens when I just have the email option enabled. I had previously renamed the admin path before installing this hack, but the messages states that this is what is causing the breach.

EDIT: Ok so it's still sending me emails, but seems like it only does it when I go into the admincp.

DragonByte Tech
01-02-2012, 01:07 AM
If you renamed the admin path via the actual config.php file, as opposed to a plugin that does it, then that wouldn't occur. Are you absolutely sure you didn't use a plugin to do the rename?

Fillip

Iguana Goddess
01-02-2012, 09:20 AM
If you renamed the admin path via the actual config.php file, as opposed to a plugin that does it, then that wouldn't occur. Are you absolutely sure you didn't use a plugin to do the rename?


Fillip

Yes I'm sure I renamed the path on the config.php I have it installed on vB 4.1.9. Maybe another addon I have installed is interfering.

DragonByte Tech
01-02-2012, 10:36 AM
I wish it was possible to accurately notify you why it's triggering when it does, but sadly it is not :(


Fillip

Iguana Goddess
01-02-2012, 10:59 AM
I wish it was possible to accurately notify you why it's triggering when it does, but sadly it is not :(


Fillip

No doubt it's a great mod and will be a huge help to the site as we have been having issues with accounts being jacked do to a recent hacking. So for this to be the only issue I have with it, it will work well enough for me with that option disabled till I have time to look into my other addons to see if there is a conflict. I have one suggestion, is there a way you can add an option to where the notifications can be posted in a forum instead like vB has for reported posts?

DragonByte Tech
01-02-2012, 11:34 AM
If you post feature requests over at our forum they won't be lost to the mists of time when we plan out new updates :)

We have a custom built system that tracks feature requests that aren't implemented yet even past the natural lifespan of threads :)


Fillip

Iguana Goddess
01-02-2012, 02:21 PM
If you post feature requests over at our forum they won't be lost to the mists of time when we plan out new updates :)

We have a custom built system that tracks feature requests that aren't implemented yet even past the natural lifespan of threads :)


Fillip

I will do that then. I built a semi clone board and installed vBsecurity it's definitely a addon conflict because I have no issues at all will false alarms now that I have just about every plugin disabled. Once I pin point the problem, I'll post it up for everyone else.

OldSchoolDSL
01-14-2012, 10:31 PM
Uninstalled

Used a lot of resources
false positives
conflicting with other software

DragonByte Tech
01-15-2012, 05:40 PM
Uninstalled

Used a lot of resources
false positives
conflicting with other softwareUnfortunately this is not a helpful post, if you wish to provide constructive critisism then please do so, otherwise I see no point to posting :)


Fillip

Mukashi
01-18-2012, 03:19 PM
Hmmm.

Not seeing the NavBar tab, or the links in the quick links and community menus. I am a Super Administrator.

DragonByte Tech
01-18-2012, 03:21 PM
None exists for this mod :)


Fillip

Mukashi
01-18-2012, 04:58 PM
None exists? What are these options for it on the "DragonByte Tech: vBSecurity - General Settings" page then?

DragonByte Tech
01-18-2012, 05:01 PM
That was an oversight, I use a standard "template" for all my mods when I begin a new project and those options are a part of said template :)


Fillip

OldSchoolDSL
01-18-2012, 05:05 PM
Unfortunately this is not a helpful post, if you wish to provide constructive critisism then please do so, otherwise I see no point to posting :)


Fillip

It was constructive criticism as I reported my findings for others to watch out for (user review based upon user experience)

I found that this modification caused the pages to load slower (even on a fresh & clean test install) and also added to memory & query (in my opinion).

I found this could provide false positives in the way it detects things, regardless of how you configure the settings.

And I found it has the habit to conflict with a wide range of other modifications and products. Not just limited to 1 or 2 rogue modifications, but rather believing this in its self to be the rogue modifications, compared to how many other products could not play well with this 1.

Just because you dislike my constructive criticism and review, doesn't make it not true or invalid.
I stand by my original post


Used a lot of resources
false positives
conflicting with other software

DragonByte Tech
01-18-2012, 05:39 PM
So you are saying that if I went to your site and said "this site sucks." that would be constructive criticism?

That is essentially the same as you are doing in this thread and in every other DBTech mod thread you have posted in.
You offer zero information regarding the nature of the false positives
You offer zero information regarding the nature of the conflictsThe same can be said for all your other posts.

I mean no offence, but your posts do come off as if you are simply trying to discredit us for no good reason.

Would you have liked it if people put your site in a negative light but refused to give you any information that you could use to improve your site?

How do you expect us to improve this mod if all you say is "it doesn't work right"?


PS: This mod uses virtually no resources as it does not execute anything (except for standard cache fetching and object initialisation) unless one of its watchers are triggered.

Would you care to provide comparison data regarding resource usage and page generation time that backs up your claim?


Fillip

OldSchoolDSL
01-18-2012, 06:29 PM
I stand by my review.

But do believe I have mistakenly overlooked leaving a positive review for the modifications which you have released, that have not caused any issues and do in fact work well.

https://vborg.vbsupport.ru/showthread.php?t=236980
https://vborg.vbsupport.ru/showthread.php?t=242733
https://vborg.vbsupport.ru/showthread.php?t=243754
https://vborg.vbsupport.ru/showthread.php?t=258738
https://vborg.vbsupport.ru/showthread.php?t=243510

I have since then corrected my oversight :)

DragonByte Tech
01-18-2012, 06:37 PM
Do you refuse to help us improve this modification by providing the information I requested in my previous post?

And do you also refuse to back up your claims of slowdown / large memory usage increase with evidence so that we can look into it?

If you choose to refuse these requests for more information then that's perfectly fine, but just know that it may discredit your review in the eyes of people who read the thread :)


Fillip

OldSchoolDSL
01-18-2012, 08:11 PM
Do you refuse to help us improve this modification by providing the information I requested in my previous post?

And do you also refuse to back up your claims of slowdown / large memory usage increase with evidence so that we can look into it?

If you choose to refuse these requests for more information then that's perfectly fine, but just know that it may discredit your review in the eyes of people who read the thread :)

Fillip

It is not my role or the role of anyone else who use your modifications to help debug, decode, edit, improve, or otherwise help you produce your own modifications. Just so you know, continuing belittle people who you may disagree with, discredits yours.

As I have told you, I un-installed this. I can only comment on my own personal experience...

But will add that when testing your modification and wrongfully entering the password to my own account (for testing reasons)....

I received the e-mail stating that I tried to log-in not only into my account, but several other accounts I did not try to log into... I would label this as a false positive, as the system would record me trying to log into many other accounts.

As this continue to remain installed, I noticed a few other members (beside myself) also had the same report.

I do not have the memory readings or page speed reading on hand, as I again point out, I un-installed this and it is not my role or the role of anyone else to help you resolve your modification.

DragonByte Tech
01-18-2012, 08:26 PM
The "Mass Login" watcher would indeed list plenty of other accounts as it takes a list of all failed logins across all accounts. You can limit the amount of what you call "false positives" by making it so that it only triggers on the same IP Address, as opposed to Any IP Address :)

I'll leave it up to my business partner Iain to explain why we rely on constructive criticism from our users in order to improve our mods, as I'm clearly doing an inadequate job of it :(


Fillip

DragonByte Tech
01-18-2012, 08:38 PM
Just popping in to say that it's obviously not possible for us to fix isolated issues if the person claiming to have them isn't willing to let us try to Debug them.

Obviously claiming (to use one example from your posts) it is incompatible with lots of other software, then declining to name those other pieces of software, makes it impossible for us to attempt to debug that - unless you feel it is reasonable for us to install every single vBulletin modification in every single possible combination to try to find your particular issue (an issue which you of course didn't specify and as such we would be unable to notice).

I think it's pretty obvious to everyone reading that your "reviews" are due to a different matter - for the record the reason is one we're aware of, but won't go into in order to abide by the general rules and social norms here on vBulletin.org. The bare minimum I will say is that it was related to pirated versions of DBTech pro mods.

We are, as always, extremely glad to any users who take the time to give us feedback on our modifications and give us the information we need to improve them or help to debug the reason a specific user is encountering a specific problem - and that's the vast majority of you.

Again, thanks to everyone who takes the time to do that.

Iain

Mr_Running
01-18-2012, 09:39 PM
Thank you DragonByte Tech for another great mod. :)

Mukashi
01-19-2012, 01:15 AM
That was an oversight, I use a standard "template" for all my mods when I begin a new project and those options are a part of said template :)


Fillip

Ahh, I see. So I assume that's something that'll be cleared up in the next version then?

Also, had a more general question for you guys at DB Tech if it's alright (and seeing as you request for people to not send PM's). I've now got 7 DB Tech addons on my forums (though only 6 are currently enabled), and so I'll end up with multiple copyright notifications at the bottom of the forums. For instance, here's what shows on our forum home right now.

vBulletin Security by vBSecurity (Lite) - vBulletin Mods & Addons Copyright ? 2012 DragonByte Technologies Ltd.
Live threads provided by AJAX Threads (Lite) - vBulletin Mods & Addons Copyright ? 2012 DragonByte Technologies Ltd.
NavTabs provided by vBNavTabs (Lite) - vBulletin Mods & Addons. Copyright ? 2012 DragonByte Technologies Ltd.

Just wondering if there might be something you guys can do at your end to reduce the redundancy a little bit for those of us who've got multiple addons installed, or if you might allow us those of us in this situation to do a bit of editing to compress those down to one line.

New Joe
02-02-2012, 09:28 AM
Un-installed, way too many problems with this when enabled, as per the same as Old SchoolDSL

DragonByte Tech
02-02-2012, 03:05 PM
Am I to assume you are also refusing to provide constructive feedback in the same way the user you refer to refused?

Fillip

DragonByte Tech
03-03-2012, 11:56 AM
vBSecurity v1.0.3:
Feature: Failed AdminCP Logins will now display the username the person tried and failed to login with

Fillip

w8baby
03-05-2012, 09:21 AM
question

i used this mod
https://vborg.vbsupport.ru/showthread.php?t=236785&highlight=viewing+thread
to replace superadmin ip

is this going to affect anything in the mod?

DragonByte Tech
03-05-2012, 09:31 AM
I don't know, I don't think so but I have never used that mod so I couldn't tell you :(


Fillip

DragonByte Tech
03-10-2012, 12:40 AM
vBSecurity v1.0.4:
Feature: Added a block of text to Security Recommendations that discusses server security for WHM-based servers

Fillip

Nirjonadda
05-07-2012, 04:11 PM
Installed Pro Version ! I think now save my site from hacking ?

LLent
05-07-2012, 05:56 PM
this is a support thread for vbsecurity not the other fine mods that db has ..i say we get back on topic ....btw is a fine addon and works very well with latest version of vb no issues to speak of

DragonByte Tech
05-07-2012, 07:24 PM
Installed Pro Version ! I think now save my site from hacking ?No site is ever safe, but vBSecurity will help alert you if something suspicious starts going on :)


Fillip

sivaganeshk
05-20-2012, 06:21 AM
@DBT:
I changed the memcached settings in config file. At first , I received the security notification.
Thats fine.

But again every 2 or 3 days, I get the same notification (thrice at the same time)

vBSecurity has detected a security alert regarding config.php Variable Tampering:
$vbulletin->config['Datastore']['prefix'] is new: NULL

The actions you have configured in the Security Center have been taken.

Got the same message thrice yesterday. While I changed the memcached setting a week ago.

DragonByte Tech
05-20-2012, 12:14 PM
Are you sure you have no modifications installed that could be causing this?

I'd suggest looking through every plugin from every mod and ensure none of them tamper with that variable, because I've dug through the vB4 code and they do not unset() or set to NULL that variable.

On DBTech we are also using vBSecurity as well as the datastore prefix, and we have no such issues :)


Fillip

sivaganeshk
05-20-2012, 01:46 PM
Vbseo might cause this? Because it also has a cache setting feature and i choosed Memcached in thtat .

DragonByte Tech
05-20-2012, 04:28 PM
That is entirely possible, could you try turning off memcached in vBSEO and see if that resolves the issue?

Fillip

MagicPID
05-21-2012, 03:02 AM
I can't find the settings for dual-authentication in the mod that is shown here:

https://vborg.vbsupport.ru/attachment.php?attachmentid=135371&d=1325289905

Where is it?

DragonByte Tech
05-21-2012, 11:52 AM
As per the OP, that is a Pro-only feature :)


Fillip

sivaganeshk
05-27-2012, 04:27 AM
That is entirely possible, could you try turning off memcached in vBSEO and see if that resolves the issue?


Fillip

I tried and disabled Memc'd in vbSEO . but no use.

I still get the config tampering notification.

"$vbulletin->config['Datastore']['prefix'] is new: NULL"

DragonByte Tech
05-27-2012, 02:26 PM
In that case I suggest going through all your installed mods and see if any of them make any such modifications to the $vbulletin->config array :)


Fillip

sivaganeshk
05-27-2012, 02:33 PM
In that case I suggest going through all your installed mods and see if any of them make any such modifications to the $vbulletin->config array :)


Fillip

That's difficult buddy :(
how to check each and individual plugin ???

DragonByte Tech
05-27-2012, 02:41 PM
It's what has to be done, unfortunately.

The error is not with vBSecurity, it's working as intended :)

You can turn off the notification for config.php variable tampering of course, but that would reduce the security of your forum, especially considering you already have one security breach going on (the tampering you keep getting notifs for).


Fillip

sivaganeshk
05-27-2012, 03:05 PM
It's what has to be done, unfortunately.

The error is not with vBSecurity, it's working as intended :)

You can turn off the notification for config.php variable tampering of course, but that would reduce the security of your forum, especially considering you already have one security breach going on (the tampering you keep getting notifs for).


Fillip

Hmm.. I understand. I had been using vbSecurity for 4 months.
Haven't got this issue until I started using Memcached and changed the datastore settings in config.php

May be, vbSecurity stored old config content , checks new config content and raises the notification.

DragonByte Tech
05-27-2012, 03:18 PM
vBSecurity compares the values in the actual config.php file vs what $vbulletin->config holds every time a page loads, so that's not the case.

Fillip

DenisM
07-21-2012, 09:41 PM
how can i install "pro"?

DragonByte Tech
07-22-2012, 12:37 PM
You'll need to purchase it from www.dragonbyte-tech.com and then perform the same steps you performed when installing Lite :)


Fillip

DragonByte Tech
08-17-2012, 10:47 PM
vBSecurity v1.0.5:
Feature: The Affiliate ID setting now properly integrates with the link-back
Feature: Added Login Strikes Viewer that lets admins browse all failed logins
Fix: Bugs with the Admin Strikes Viewer that prevented natural browsing from working properly in some scenarios

Fillip

DragonByte Tech
08-25-2012, 05:57 PM
Affiliate ID link hotfix

Fillip

itzkr0me
11-24-2012, 08:27 PM
So... I disabled the superadmin whitelist thingy and have subsequently banned mysef.

Any ideas on how to rectify?

EDIT *: Resolved. I logged in via a different IP and removed the super admin setting.

DragonByte Tech
11-24-2012, 08:37 PM
Can you please be more specific? What "whitelist thingy", and what is the message you're receiving?

Fillip

DragonByte Tech
04-05-2013, 02:34 PM
vBSecurity v1.0.6
Feature: Improved logging details for Control Panel actions
Change: Changed the Branding display method to inject itself into the copyright footer (underneath vBulletin copyright) instead of the page footer.
Change: Changed the Branding Free Key to a more secure key.

Fillip

Soidberg
04-15-2013, 06:59 AM
Could you make it possible to position Data[IPADDRESS] at a random place within the phrase ("dbtech_vbmail_security_alert_body"&"dbtech_vbsecurity_access_new_ip_message")?. Like: $IPADDRESS ?

I want to restyle the email text completely with a new location of the IP address.

sry for my horrible English :o

Soidberg
04-15-2013, 09:07 PM
Dear DragonByte Tech,

I have an Idea which perhaps could be easily integrated within vBulletin. I’ very interested in what you think about it.

My idea is about DDoS protection for vBulletin by Cloudflare. Cloudflare is focussed on DDoS protection and offers great free services for the public. Since Cloudflare provides a webservice API via an API Key, the DDoS protection of Cloudflare can be utilized by just invoking URIs by vBulletin to block attackers right in the Cloud so they even can reach the target system.

The technical approach is done by invoking URIs for blocking and unblocking IP addresses. A block could be triggered by any relevant alert to be defined by the vBulletin operators to fit their needs.

In vbulletin it could look like this ...

Admin Panel Menu (example):
144558

Action (example):
144560

Options (for example):
144559


All you need is a free account with Cloudflare, the generated security tokens and of course your addon. :)

Example Block:
https://www.cloudflare.com/api.html?a=ban&key <IPADRESS> = & u = EMAILUSER@EMAIL.com & tkn = TOKEN

Example unblock:
https://www.cloudflare.com/api.html?a=nul&key <IPADRESS> = & u = EMAILUSER@EMAIL.com & tkn =TOKEN


Note: Since Cloudflare is acting as a reverse proxy operators should install mod_cloudflare for apache to see real origin IP addresses instead of Cloudflare proxy IP addresses....see here (http://blog.cloudflare.com/cloudflare-tips-using-cloudflare-for-your-for).

regards
Soidberg

DragonByte Tech
04-22-2013, 06:15 PM
Could you make it possible to position Data[IPADDRESS] at a random place within the phrase ("dbtech_vbmail_security_alert_body"&"dbtech_vbsecurity_access_new_ip_message")?. Like: $IPADDRESS ?

I want to restyle the email text completely with a new location of the IP address.

sry for my horrible English :oYou can translate the phrases via the Phrase Manager. Why would you want to randomise the location?

Dear DragonByte Tech,

I have an Idea which perhaps could be easily integrated within vBulletin. I? very interested in what you think about it.

My idea is about DDoS protection for vBulletin by Cloudflare. Cloudflare is focussed on DDoS protection and offers great free services for the public. Since Cloudflare provides a webservice API via an API Key, the DDoS protection of Cloudflare can be utilized by just invoking URIs by vBulletin to block attackers right in the Cloud so they even can reach the target system.

The technical approach is done by invoking URIs for blocking and unblocking IP addresses. A block could be triggered by any relevant alert to be defined by the vBulletin operators to fit their needs.

In vbulletin it could look like this ...

Admin Panel Menu (example):
144558

Action (example):
144560

Options (for example):
144559


All you need is a free account with Cloudflare, the generated security tokens and of course your addon. :)

Example Block:
https://www.cloudflare.com/api.html?a=ban&key <IPADRESS> = & u = EMAILUSER@EMAIL.com & tkn = TOKEN

Example unblock:
https://www.cloudflare.com/api.html?a=nul&key <IPADRESS> = & u = EMAILUSER@EMAIL.com & tkn =TOKEN


Note: Since Cloudflare is acting as a reverse proxy operators should install mod_cloudflare for apache to see real origin IP addresses instead of Cloudflare proxy IP addresses....see here (http://blog.cloudflare.com/cloudflare-tips-using-cloudflare-for-your-for).

regards
SoidbergDefinitely an interesting idea, if you re-post it over at our forums we'll be sure to take it into consideration for future versions :)


Fillip

Dwarden
07-15-2013, 04:13 PM
i do wonder ... would be possible to add usergroup watcher / protector into this plugin ?

so nobody can mess with such groups (adding users) ?

DragonByte Tech
07-17-2013, 01:32 PM
There already is a watcher - it's a Pro-only feature.

Protectors are covered by your AdminCP permissions, which is a default vBulletin feature.

Fillip

DragonByte Tech
10-11-2013, 09:57 PM
Update

Hotfix: PHP 5.4 Compatibility fixes


This does not guarantee the mod is error free on PHP 5.4, but it will take care of the reported errors. Thank you all for your reports :)



Fillip

madness85
11-17-2013, 03:41 PM
Update

Hotfix: PHP 5.4 Compatibility fixes


This does not guarantee the mod is error free on PHP 5.4, but it will take care of the reported errors. Thank you all for your reports :)



Fillip

Hi I see it logs all user login attempts but I see no option to prune the log is it possible?

rhody401
11-18-2013, 03:54 PM
I upgraded to 1.1.1 today and now see this on the top left, every time I sign into ADMIN CP:


IP Address Verifier
Current IP Address
1.2.3.4
Stored IP Address
N/A
Mismatch
[Admin Access Log]

(my real ip is the current, not 1.2.3.4 - changed for security reasons)

I'm not sure how to fix this, to make the notice go away. When I disable this mod temporarily, it goes away. My user id IS set up as a super administrator in config.php and I have even whitelisted the ip in the settings for this add-on.

Any suggestions appreciated

Rhody

rhody401
11-20-2013, 11:34 AM
Ah disregard. The next day it had my real ip in both sections. I guess the first time it hasnt saved/logged your IP yet. (resulting in the mismatch error)

sharcker
11-25-2013, 10:05 PM
Hi, This Works for vB 5.0.5? :confused:

ForceHSS
11-26-2013, 11:04 PM
<a href="https://vborg.vbsupport.ru/attachment.php?attachmentid=135371&d=1325289905" target="_blank">Is this option only in the pro</a>

rhody401
12-09-2013, 06:43 PM
I think I found a bug in version 1.1.1

On my 4.2.1 patched system, this has happened twice in the past month.

I have multiple admins and if an admin enters the wrong password just ONCE, it treats it like 25+ brute force attempts. It takes action with one attempt, ignoring the settings for # of attempts.

Under SECURITY WATCHERS: GENERAL - I have:

12 AdminCP access attempts from SAME IP ADDRESS attempts in 1 hour: Email Webmaster

25 AdminCP access attempts from ANY IP ADDRESS attempts in 1 hour: Email Webmaster, Close Forum, Ban IP

Twice it has set off both of the above (two emails, closed forum, etc) for a single wrong password attempt.

I have temporarily taken away its ability to close the forum, because I was out yesterday and it shut down the forum for almost 5 hours.

If I can help in any way to help duplicate/identify this behavior - don't hesitate to email me.

Thanks
Rhody

madness85
12-10-2013, 11:40 AM
I think I found a bug in version 1.1.1

On my 4.2.1 patched system, this has happened twice in the past month.

I have multiple admins and if an admin enters the wrong password just ONCE, it treats it like 25+ brute force attempts. It takes action with one attempt, ignoring the settings for # of attempts.

Under SECURITY WATCHERS: GENERAL - I have:



Twice it has set off both of the above (two emails, closed forum, etc) for a single wrong password attempt.

I have temporarily taken away its ability to close the forum, because I was out yesterday and it shut down the forum for almost 5 hours.

If I can help in any way to help duplicate/identify this behavior - don't hesitate to email me.

Thanks
Rhody

Same here buddy 1 failed login ip banned mostly from my mobile :(

rhody401
12-10-2013, 07:24 PM
Ya i was able to duplicate it again last night, with a single wrong password attempt. For now, I disabled all but EMAIL ADMINISTRATOR - so it wont shut down the forum again.

Thanks for the reply to let me know I'm not imagining things :)

Rhody

DragonByte Tech
12-15-2013, 02:07 AM
I'll attempt to replicate this myself as soon as I have time, if I can't I'll reach out to one of you for FTP/AdminCP information.

Fillip

final kaoss
12-15-2013, 06:39 PM
There is a bit of a change I would make to this mod. Add an option to add IP to a blacklist (for 30 days or increments in months) for failed logins within x amount of time would be great.

https://vborg.vbsupport.ru/attachment.php?attachmentid=135374&d=1325289905

Mukashi
02-23-2014, 01:50 AM
Finally got around to upgrading to 1.1.1 today on vB4.2.1, and I'm having a very strange error. My users and staff (including moderators but not including admins) cannot access their notifications or profile pages. I had updated several other addons in the same session (all DB Tech addons: Advanced User Tagging, vB Arcade, Username Change and AJAX Threads), but we've confirmed the error did not crop up until after this addon was installed.
The error only happened after this addon was updated, but did not seem to vanish when the addon was disabled/uninstalled.

EDIT: Hmmmm. Looks like it may be an addon conflict with Tournaments, Ladders & Leagues Manager v4.x (https://vborg.vbsupport.ru/showthread.php?t=238945). Disabled that addon, and now it's working again. Don't know how the heck that error could stay there even when I'd disabled/uninstalled vBSecurity, but since it only cropped up after updating this...*shrugs*

ZUCCO
02-23-2014, 05:27 AM
Thank you ! I will try it :D

DragonByte Tech
06-29-2014, 03:34 PM
vBSecurity v1.1.2

ACP Access Log / Verifier

Triggers an email alert if the IP addresses no longer match
Sends email to the Webmaster Email listed in the vBulletin Options



Fillip

woodmj
02-23-2015, 08:44 AM
Please could I check something with this mod?

There's 2 kinds of rules you can set up for failed login attempts. 1 is for any IP address in eg. 5 mins and the other is for 1 IP address in eg. 5 mins. I think I understand the alerts produced for 1 IP address in eg. 5 mins in that 1 IP address has made multiple attempts to access accounts and has failed? but was does the alert for any IP address in eg. 5 mins mean? It will mention a handful of usernames but only one IP so I'm not sure what the IP relates to in that situation?

neptunesys
02-24-2015, 02:11 PM
So far, this has been a great mod to have. I wish I'd installed in sooner :)

I would like to see two improvements in the Login Strikes Viewer to make this even more useful.

1. Differentiate between bogus (non-existent) usernames and existing usernames
2. Indicate if the displayed IP address has been banned

409industries
03-24-2015, 04:43 PM
Awesome mod. Purchased the pro version.

Wish i had found this a long time ago to enforce password complexity requirements during registration / password changes.

Support is awesome too, they listened to some of my suggestions regarding the mass password reset feature and got the changes implemented very quickly. :-)

ForceHSS
03-24-2015, 06:34 PM
Awesome mod. Purchased the pro version.

Wish i had found this a long time ago to enforce password complexity requirements during registration / password changes.

Support is awesome too, they listened to some of my suggestions regarding the mass password reset feature and got the changes implemented very quickly. :-)

Yes it is a very good mod I use many of their pro versions myself

DragonByte Tech
03-30-2015, 05:51 PM
vBSecurity v1.1.3

Changes to Existing Features:

Mass Password Reset

Now uses a more secure method of generating temporary passwords
Enables greater security for users, avoiding brute force attacks on their passwords before the passwords can be changed



Fillip

GreyGhost
04-16-2015, 03:07 AM
EDIT: Answered on DBTech forums. ANSWERED HERE (http://www.dragonbyte-tech.com/f120/forbidden-message-when-saving-settings-18092/#post92466)

I'm getting the following message when I try to change any vBSecurity settings in ACP.
----------
"Forbidden

You don't have permission to access /admincp/vbsecurity.php on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request."
----------

vB 4.2.2 - vBSecurity v1.1.3

Fresh vB install with a hand full of members and forums/post imported from phpbb3

Only other mod installed is DBTech Copyright Management v2.1.1
Have now disabled both in Manage Products but am still unable to change any settings.

8-)

UPDATE: Just installed vBShout and I'm getting the same Forbidden message when I try to change the settings.
"Forbidden

You don't have permission to access /admincp/vbshout.php on this server."

So I uninstalled vBSecurity and deleted all the files but this hasn't fixed it.

All other vB settings changes work fine, it's only DBTech mods that produce the error.

I've looked for any .htaccess and there's none and checked file permissions which all DBTech .php files are set to 0644 where all other vB .php files on the server are 0600.

8-/

woodmj
04-20-2015, 08:13 AM
After ugrading to the latest version there seems to be a problem when a standard password change is effected. Please could you advise? The below error is displayed :

Database error in vBulletin 4.2.2:

Invalid SQL:
UPDATE user SET
salt =
passworddate =
password =
dbtech_vbsecurity_forcenewpass =
WHERE userid = ;

MySQL Error : Unknown column 'dbtech_vbsecurity_forcenewpass' in 'field list'
Error Number : 1054
Request Date : Monday, April 20th 2015 @ 10:08:45 AM
Error Date : Monday, April 20th 2015 @ 10:08:45 AM
Script : /profile.php?do=updatepassword
Referrer : /profile.php?do=editpassword
IP Address :
Username :
Classname : vB_Database_MySQLi
MySQL Version : 5.5.41-0ubuntu0.14.04.1

ForceHSS
04-20-2015, 08:32 AM
After ugrading to the latest version there seems to be a problem when a standard password change is effected. Please could you advise? The below error is displayed :

Database error in vBulletin 4.2.2:

Invalid SQL:
UPDATE user SET
salt =
passworddate =
password =
dbtech_vbsecurity_forcenewpass =
WHERE userid = ;

MySQL Error : Unknown column 'dbtech_vbsecurity_forcenewpass' in 'field list'
Error Number : 1054
Request Date : Monday, April 20th 2015 @ 10:08:45 AM
Error Date : Monday, April 20th 2015 @ 10:08:45 AM
Script : /profile.php?do=updatepassword
Referrer : /profile.php?do=editpassword
IP Address :
Username :
Classname : vB_Database_MySQLi
MySQL Version : 5.5.41-0ubuntu0.14.04.1
The error means you are missing a table but that table was and is not there and never was in this plugin so I dont see how you are getting the error unless you edited the xml

woodmj
04-20-2015, 09:13 AM
Have not edited the XML. This just came about after upgrading to the latest release from the DB site. I believe it's tied in with one of the new features in the new release.

ForceHSS
04-20-2015, 05:10 PM
This wait for the coder to reply as they will know but I cant see that table or if its part of a table name so this see what the coder has to say

DragonByte Tech
04-20-2015, 07:30 PM
vBSecurity v1.1.4

New Features:

Scheduled Password Reset

Enforces a password reset for a user upon next login, via the User Manager in the ACP
Mimicks the "Password Expiry" feature in vBulletin
Great for forcing users to provide a more secure password


(Pro) Mass Scheduled Password Reset

Enforces a password reset for every account upon next login
Mimicks the "Password Expiry" feature in vBulletin
Great for forcing users to provide a more secure password



Fillip

DragonByte Tech
04-20-2015, 07:32 PM
After ugrading to the latest version there seems to be a problem when a standard password change is effected. Please could you advise? The below error is displayed :alter table user add dbtech_vbsecurity_forcenewpass tinyint(1) unsigned not null default '0'


Fillip

ForceHSS
04-20-2015, 07:51 PM
After ugrading to the latest version there seems to be a problem when a standard password change is effected. Please could you advise? The below error is displayed :

Database error in vBulletin 4.2.2:

Invalid SQL:
UPDATE user SET
salt =
passworddate =
password =
dbtech_vbsecurity_forcenewpass =
WHERE userid = ;

MySQL Error : Unknown column 'dbtech_vbsecurity_forcenewpass' in 'field list'
Error Number : 1054
Request Date : Monday, April 20th 2015 @ 10:08:45 AM
Error Date : Monday, April 20th 2015 @ 10:08:45 AM
Script : /profile.php?do=updatepassword
Referrer : /profile.php?do=editpassword
IP Address :
Username :
Classname : vB_Database_MySQLi
MySQL Version : 5.5.41-0ubuntu0.14.04.1
Did not install the latest until now so I see the coder has put in the new table to the update

xxfullclipxx
04-20-2015, 08:47 PM
hey guys thanks for the great mods you guys do :) just a quick question say for some odd reason you white list an ip and it changes > how would you then access the acp ? since i am the only one that will access. i want to just have my ip allowed. but if my cable company for some reason switched my ip. what would i do ? would i lose all ability to get in ?

ForceHSS
04-20-2015, 10:15 PM
hey guys, thanks for the great mods you guys do :) just a quick question say for some odd reason you white list an IP and it changes > how would you then access the acp ? Since I am the only one that will access. I want to just have my IP allowed. But if my cable company for some reason switched my IP. What would I do ? Would I lose all ability to get in?
Best to make yourself a superadmin and don't whitelist your IP if you are locked out you can disable plugins via config, but if that does not work you won't get back in

xxfullclipxx
04-21-2015, 08:50 AM
what controls the ban there has to be a way to access phpmyadmin and just remove the banned ip. I was banned by strikes system :( playing with it

since its a fresh install new board its not a huge issue, But it would be nice to be able to do something if this ever happened again when the forum is live and has many users.

woodmj
04-21-2015, 09:28 AM
Try removing your IP from setting/banip via PHPMyAdmin.

xxfullclipxx
04-21-2015, 09:33 AM
yeah i tried that still same So its storing somewhere else as well

woodmj
04-21-2015, 09:53 AM
Maybe try as ForceHSS suggested above and temporarily disable all hooks/plugins to get in and resolve things.

You can do this by inserting the line
define('DISABLE_HOOKS', true);
after the line that reads
<?php
in /includes.config.php on your web server.

xxfullclipxx
04-21-2015, 11:21 AM
that didnt work either. I just installed a fresh copy of the forum since it was just in the design stage so it wasn't a big deal. But it would be nice if the the creators could answer what you can do in case this happens.

ForceHSS
04-21-2015, 05:34 PM
yeah i tried that still same So its storing somewhere else as well
If you cant access your admincp pm me your site url and admin login I will remove your ip from the list. There is a way to unban yourself but unless you know how to giving me access is faster

xxfullclipxx
04-22-2015, 09:29 AM
If you cant access your admincp pm me your site url and admin login I will remove your ip from the list. There is a way to unban yourself but unless you know how to giving me access is faster

Thanks for the offer bud :) but i just ended up deleting that forum and just reinstalling it was a brand new instance so it wasnt anything major to lose :)

DragonByte Tech
04-27-2015, 05:25 PM
vBSecurity v1.1.4 Patch Level 1

Bug Fixes:

Fixed an issue where the mod wasn't initialised in the ModCP



Fillip

DragonByte Tech
05-04-2015, 05:54 PM
vBSecurity v1.1.4 Patch Level 2

Bug Fixes:

Fixed an issue where the "IP Awaiting Authorisation" message would not display correctly in the DBSEO CP.



Fillip

DragonByte Tech
05-25-2015, 07:52 PM
vBSecurity v1.1.4 Patch Level 3

Bug Fixes:

The "Unrecognised AdminCP Login From <new IP address>" email would be sent without a subject and body



Fillip

DragonByte Tech
06-01-2015, 05:22 PM
vBSecurity v1.1.5

New Features:

AdminCP Login Viewer

Paginated list of all AdminCP logins
Filter by User Name
Filter by start/end date
Filter by IP Address
Change sort column


AdminCP Login Prune

Only accessible to users with the required config.php permission
Optional age limit



Fillip

DragonByte Tech
06-15-2015, 05:59 PM
vBSecurity v1.1.6

New Features:

Admin Strikes Viewer: Prune

Only accessible to users with the required config.php permission
Optional age limit


Changes To Existing Features:

General / Other

Streamlined the phrasing for the ACP Logins and Admin Strikes interfaces



Fillip

highlander29
06-20-2015, 03:58 PM
I just wanted to say this is a really good mod. I have known about it for the last year but had no idea all of what this did based on the description. It's crazy this hasn't won mod of the month yet. Everyone who runs a VBulletin forum should install this. It provides some nice logging that VBulletin doesn't have natively, it adds additional protections for privileged accounts and it provides some nice options for alerting of suspicious behavior. It even has a check you can run and provides suggestions on things you can do to better lock down your system.

I might have more ideas later but the one suggestion I would have for the developers is to consider bundling the strong authentication mod with this one and have some options to selectively turn that on for moderators, supermoderators and administrators - possibly as an alternative to the IP address check. I'd give the option to do both.

DragonByte Tech
06-22-2015, 07:23 PM
vBSecurity v1.1.7

New Features:

Change Log Viewer: Prune

Only accessible to users with the required config.php permission
Optional age limit



Fillip

DragonByte Tech
07-04-2015, 07:50 PM
vBSecurity v1.1.7 Patch Level 1

Bug Fixes:

Turning off the modification via the vBulletin Options will now work as intended



Fillip

MikeTrin
07-08-2015, 10:40 AM
I'm noticing super moderators getting block from the moderator control panel with the blocked message saying they are not white-listed for access to the admincp. I thought this was only for blocking access to the admincp, no one reported any problems to me before the last update to vBSecurity. Am I missing something here?

DragonByte Tech
07-17-2015, 07:11 PM
I'm noticing super moderators getting block from the moderator control panel with the blocked message saying they are not white-listed for access to the admincp. I thought this was only for blocking access to the admincp, no one reported any problems to me before the last update to vBSecurity. Am I missing something here?That was added as a feature, they'll receive an email to confirm their IP addresses :)


Fillip

MikeTrin
07-19-2015, 11:40 PM
I thought the feature was added for super administrators. The admin account flagged in the config.php.

I'm talking about super moderators and I'm not seeing any documentation mentioning super moderators.

DragonByte Tech
08-09-2015, 11:40 PM
vBSecurity v1.1.8

New Features:

Login Strikes Viewer

Login Strikes log entries can now be pruned
Requires the "Can Prune Log Entries" config.php permission



Fillip

DragonByte Tech
08-17-2015, 09:38 PM
vBSecurity v1.1.8 Patch Level 2

Bug Fixes:

Turning the modification off via the "Enable Modification" vBOption meant you could no longer access the majority of vBSecurity admin controls
Fixed an issue with the "login strikes" page that could produce a fatal error in certain scenarios



Fillip

Dam13n
08-25-2015, 05:26 PM
For some reason, real users/visitors get IP banned when using this mod even though there were no signs of brute force login from them. I have cases when visitors got IP banned by trying to login to accounts that don't even exist in my forum database.

af1 racing
11-06-2015, 08:42 PM
That was added as a feature, they'll receive an email to confirm their IP addresses :)
Fillip

What if they don't receive the email?

I have just upgraded to 1.2.1 and several users are reporting that they get locked out when updating their profile to "Enable IP Verification". As an Admin I also did not receive the verification email when accessing the adminCP for the first time after installation, but I was able to gain access with a quick query.

Is there a way to resend or view the email queue? Or authorize their IP through the adminCP?

DragonByte Tech
11-09-2015, 07:56 PM
vBSecurity v1.2.1

New Features:

IP Verification: Front-End

Users can control whether to require email confirmation of new IP addresses for front-end pages
Toggleable via the UserCP
Works in a similar fashion to the AdminCP and ModCP versions


IP Access Log

Tracks all IP addresses used to access a user account
Overrides the "Search IP Addresses" functionality in vBulletin to provide advanced functionality
Works with all existing links to the "Search IP Addresses" functionality


IP Access Log: Search New IPs

Searches for any new IP addresses being used to access accounts
Displays a familiar looking list of IP addresses
Selectable "start date" to check for new IPs


IP Access Log: Multiple Account Access IPs

Searches for any IP addresses being used to access multiple accounts
Displays a familiar looking list of IP addresses


Changes To Existing Features:

Altered vBulletin & vBSecurity tables to be IPv6 compatible



Fillip

DragonByte Tech
11-16-2015, 03:37 PM
vBSecurity v2.0.0

New Features:

(Pro) New Security Watcher: "Failed Logins: Non-Existent Usernames"

Checks for logins against a single username that doesn't exist
Lets you take separate action towards bots trying to login with stolen user credentials that don't exist on your site
Integrates into the existing "Logins" watcher group


(Pro) New Security Watcher: "Failed Mass Logins: Non-Existent Usernames"

Checks for logins against multiple usernames that don't exist
Lets you take separate action towards bots trying to login with stolen user credentials that don't exist on your site
Integrates into the existing "Logins" watcher group


(Pro) Compromised Accounts Detection

Alerts the webmaster if someone has failed multiple logins and then successfully logs in to an account
Lets you search the logs for the IP address in question to determine whether this is legitimate


(Pro) IP Ban Log Viewer

Browsable and searchable log of all banned IP addresses (from the point of installing v2)
Lets you ensure no legitimate members are banned


Multiple Watcher Actions

Define more than 2 actions per watcher
Prioritised in the order they are defined
Gives you even more fine-tuned control over the actions taken against potential intruders


Log Pruning

Old entries from the adminstrikes, loginstrikes and ipverify tables can be automatically pruned
Settable in the vBulletin Options
Defaults to pruning data older than 30 days



Changes To Existing Features:

Security Watcher Log

Rewritten to improve performance
Uses a dedicated log table instead of using the datastore



Fillip

akz645
11-16-2015, 06:26 PM
Changes To Existing Features:

Altered vBulletin & vBSecurity tables to be IPv6 compatible

https://theadminzone.com/threads/vbulletin-vulnerability-allows-hackers-to-find-and-brute-force-accounts.136907/
1) So will this mod prevent prevent that?

----

2) Can this Mod notify mods/admins by posting in a specific forum section (via designated userID selected by the admin), when multiple accounts are being logged into by the same IP address?
3) Can this Mod notify mods/admins by posting in a specific forum section (via designated userID selected by the admin), when one account is being logged into by the multiple IP address?

4) Can this Mod notify mods/admins by posting in a specific forum section (via designated userID selected by the admin), when multiple accounts are being logged into on the same computer (cookies/cache detection)?
5) Can this Mod notify mods/admins by posting in a specific forum section (via designated userID selected by the admin), when one account is being logged into by the multiple computers (cookies/cache detection)?

DragonByte Tech
11-16-2015, 06:32 PM
1) So will this mod prevent prevent that?Yes it does :)

2) Can this Mod notify mods/admins via a specific forum section, when multiple accounts are being logged into by the same IP address?
3) Can this Mod notify mods/admins via a specific forum section, when one account is being logged into by the multiple IP address?

4) Can this Mod notify mods/admins via a specific forum section, when multiple accounts are being logged into on the same computer (cookies/cache detection)?
5) Can this Mod notify mods/admins via a specific forum section, when one account is being logged into by the multiple computers (cookies/cache detection)?None of these things are possible at this time, this is not a "multiple account detection" mod. This mod focuses on addressing behavioural patterns that are potentially harmful to the security of your forum, whereas multiple accounts is more related to circumventing bans.

All alerts go to the Webmaster Email account as well :)


Fillip

DragonByte Tech
12-07-2015, 05:56 PM
vBSecurity v2.1.0

New Features:

IP Verification

IP addresses that have been verified by users or administrators will no longer be subject to IP bans
Helps prevent false positives


Admin IP Verification: Re-Send Emails

Administrators can request to re-send the email to verify their IP address
Useful if the email takes a long time to arrive for whatever reason


User IP Verification: Re-Send Emails

Users can request to re-send the email to verify their IP address
Useful if the email takes a long time to arrive for whatever reason


Security Watcher Display

The time period for the Security Watcher display can be configured
Default: 7 days
Controlled via vBulletin Options


(Pro) User IP Verification: Admin Control

Super Administrators can disable a member?s IP verification setting via the AdminCP user management screen
Accessed via the User Manager


(Pro) IP Address Search: Country Display

The IP Address Search screen includes the IP address' country, if your system supports this
Requires GeoIP2 downloaded database on your server
Controlled via vBulletin Options


(Pro) IP Host Lookup: Country Display

The IP Host Lookup screen includes the IP address' country, if your system supports this
Requires GeoIP2 downloaded database on your server
Controlled via vBulletin Options


(Pro) IP Address Search: IP Usage

The IP Address Search displays the first and last logged date for a particular IP in the "Logged IP Addresses" list
Only displays IP addresses since v2.0.0 was installed.


(Pro) Compromised Accounts Log

Displays a list of accounts flagged as potentially compromised
Quick links to users' logged IP addresses as well as displaying current IP address
Fully searchable
Can only be viewed by administrators with the "Can View Admin Logs" config.php permission
Can be pruned by administrators with the "Can Prune Admin Logs" config.php permission


(Pro) Watcher log

Displays the complete list of all Watcher log entries
Can be filtered by individual watchers
Fully searchable
Can only be viewed by administrators with the "Can View Admin Logs" config.php permission
Can be pruned by administrators with the "Can Prune Admin Logs" config.php permission


(Pro) User IP Verification log

Displays the complete list of all user IP Verification entries
Displays whether the IP has been verified or not
Fully searchable
Can only be viewed by administrators with the "Can View Admin Logs" config.php permission
Can be pruned by administrators with the "Can Prune Admin Logs" config.php permission


(Pro) Admin IP Verification log

Displays the complete list of all admin IP Verification entries
Displays whether the IP has been verified or not
Fully searchable
Can only be viewed by administrators with the "Can View Admin Logs" config.php permission
Can be pruned by administrators with the "Can Prune Admin Logs" config.php permission



Changes To Existing Features:

Consolidated the code that applies watcher actions to enable easy extension in the future
Config Tampering alerts can now be reset
Reworded one of the new Log Prune options to clarify what exactly it?s pruning
All log pages now require the config.php "Can View Admin Logs" setting for additional security
"AdminCP Logins Viewer" now uses username search instead of a drop-down for improved performance
"Admin Strikes Viewer" should now perform better as a result of removal of an unreliable feature
"Login Strikes Viewer" now uses username search instead of a drop-down for improved performance
"IP Ban Log Viewer" now allows you to filter by action when pruning the log



Bug Fixes:

An issue where limiting the IP Ban Log by action would not work as intended has been corrected
"Failed Admin Logins" have been moved to the "Logins" watcher group, as was intended
Fixed an issue where the Config Tamper watcher log could not be reset



Fillip

af1 racing
12-07-2015, 06:28 PM
Excellent! Thanks for the quick development.

akz645
12-07-2015, 09:04 PM
Brilliant update.

I might buy the PRO version in the future.

DragonByte Tech
01-01-2016, 12:10 AM
vBSecurity v2.1.0 Patch Level 3

Bug Fixes:

Fixed an issue where administrators without "Can Administer vBSecurity" could no longer search for IP Addresses (regression)
Fixed an issue with the Search IP Addresses page on vB3



Fillip

DragonByte Tech
01-18-2016, 06:54 PM
vBSecurity v2.1.0 Patch Level 4

Bug Fixes:

IP Verification should no longer run if the current page is the [DBTech] Two-Factor Authentication page



Fillip

DragonByte Tech
02-28-2016, 04:44 PM
vBSecurity v2.2.0

New Features:

Global IP Address Whitelist

IPs can be protected from triggering any actions (such as forum closure or bans)
Powerful wildcard options similar to vBulletin's IP banning
Controlled via vBulletin Options



Fillip

DragonByte Tech
04-25-2016, 08:51 PM
Changed Features:

A fresh copy of the jQuery library is now only downloaded if one has not been downloaded previously. Requires updating of all other affected DBTech mods to take full effect.



Fillip

DragonByte Tech
05-30-2016, 08:43 PM
vBSecurity v2.2.2

New Features:

"Failed Logons" Watcher

Option to send an alert to the user whose account has been triggered


Changed Features:

"Failed Mass Logons" now only triggers if the user tries unique usernames


Bug Fixes:

The "Failed Mass Non-Existent Logons" rule sets would not trigger correctly, instead the "Failed Mass Logons" ruleset was used



Fillip

DragonByte Tech
07-11-2016, 02:43 PM
vBSecurity v2.2.3

New Features:

CLI Maintenance Script

Ability to execute either of the two maintenance actions via the command line


Search IP Addresses: Find Potential Intruder IP Addresses

Displays a list of IP addresses who have failed to login to valid member accounts more than once
Also displays any successful logins from these IP addresses


Bug Fixes:

A few phrases were accidentally created with the wrong phrase key, leading to blank emails being sent in some scenarios
The "Password Rules" checkboxes would not update if the user pasted their password via the right click menu



vBSecurity v2.2.4

Changed Features:

Password Reset

The created password is now based on the user?s password rule requirements
The Mass Password Reset action now creates a random password based on the user?s password rule requirements




Fillip

Darkside2012
08-04-2016, 09:10 AM
I can´t loging with my account on dragonbyte-tech.com
My password is. expired
I recive the email : New Account Access From xxx.xxx.xxx.xxx
If you recognise this IP address and would like to add it to the whitelist, please click here
but when i click the link nothing will be happen.
It is the same ......
i can´t edit my password

DragonByte Tech
08-04-2016, 10:39 AM
I can?t loging with my account on dragonbyte-tech.comTry it now, you should be able to confirm the IP before being asked for a new password now :)


Fillip

rhody401
08-16-2016, 11:49 AM
I think I found a bug or conflict in version 2.2.4 lite

If a user tries to reset their lost password, they get the email from VB and click the link. But when clicked, it gives either a blank white page or sometimes an error 500.

If I disable this script, everything works well again. I can reproduce this reliably by enabling or disabling version 2.2.4

My info:
VB 4.2.3 pl2
Server Litespeed
PHP 5.5.38
MySQL 10.0.25-MariaDB-cll-lve

If you need anything else to help fix it, let me know.

Thanks
Mike

DragonByte Tech
08-16-2016, 11:50 AM
You will need to check your error log for the real reason behind a 500 Internal Server Error.

Fillip

civicf
09-07-2016, 01:21 PM
I have similar problem. User can't reset password. Error message was displayed after clik on reset link.


PHP Warning: require(........dbtech....vbsecurity_pro....hooks. ...reset_password.php): failed to open stream: No such file or directory in ....login.php(329) : eval()'d code on line 1

Fatal error: require(): Failed opening required '//dbtech/vbsecurity_pro/hooks/reset_password.php' (include_path='.:/usr/local/php/pear5') in /login.php(329) : eval()'d code on line 1


When I downgraded to 2.2.0 everything is ok.

rhody401
09-10-2016, 10:57 PM
I had to disable it didnt have time to debug this time, but will re install next version.

DragonByte Tech
09-12-2016, 03:18 PM
I have similar problem. User can't reset password. Error message was displayed after clik on reset link.



When I downgraded to 2.2.0 everything is ok.Sorry about that, I've updated the zip file with a fixed XML file :)


Fillip

DragonByte Tech
02-16-2017, 09:02 AM
vBSecurity v3.3.0:
Feature: New option: Enable Account Breach Check
Feature: New option: Account Breach Check: Check Username

This mod has been updated to be brought in line with the XenForo version.

Fillip

SteveG63
04-30-2017, 10:32 PM
I updated this today (overwriting the old install) without realizing that I needed PHP Ver 5.6. I have PHP 5.3.29. Can I get the latest version that works with 5.3.29 please?

Thanks.

highlander29
06-22-2017, 10:13 PM
I'm really impressed with some of the features in the new version of this modification. Thanks for all the good work.

I notice you included instructions for using bcrypt for passwords. Do those instructions re-encrypt the entire password database? This is a huge issue that I've been concerned about for some time. I also would like to ask the impact of forum upgrades - so if you deploy it in 4.2.5 and then upgrade to 4.2.6, do you need to make those changes again?

DragonByte Tech
06-27-2017, 02:21 PM
I'm really impressed with some of the features in the new version of this modification. Thanks for all the good work.

I notice you included instructions for using bcrypt for passwords. Do those instructions re-encrypt the entire password database? This is a huge issue that I've been concerned about for some time. I also would like to ask the impact of forum upgrades - so if you deploy it in 4.2.5 and then upgrade to 4.2.6, do you need to make those changes again?Any file modifications will need to be reapplied in the event of a forum upgrade. Running the BCrypt action in the AdminCP does add additional BCrypt hashing to passwords in the database, yes.


Fillip

DragonByte Tech
06-19-2018, 12:05 PM
The download package has been updated to address a minor security vulnerability that could allow an attacker to inject code for their own user only (not other users) when viewing their currently active login sessions.

This vulnerability cannot be used to exploit your forum, this is not a critical vulnerability.

Fillip

brandon515
10-25-2018, 05:02 PM
If I do a mass password reset for all of my users, will they get an email saying that their password was reset? If so, can I customize that email?

Thanks