Here's my version:

In sessions.php find this code:
if (md5($loginpassword)!=$bbuserinfo[password]) {
right below it, add this code:
$ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
$iphostname = @gethostbyaddr($ipaddress);
$message="Someone is trying to login using your admin account!\n\nUsername he tried to use: $loginusername\nPassword he tried to use: $loginpassword (".md5($loginpassword)." in encryption)\n\nThe IP address is: $ipaddress\nThe host is: $iphostname";
mail($webmasteremail,"Warning: vBulletin Admin Login Tried",$message,"From: \"$bbtitle Admin CP\" <$webmasteremail>");

You will get a message:
Someone is trying to login using your admin account!

Username he tried to use: xxx
Password he tried to use: xxx (xxxxxxxxxxxxxxxxxxxx in encryption)

The IP address is: xx.xx.xx.xx
every time someone is trying to login to the admin cp with no success.

Have fun. :)

Thanks flyfire :)

just installed and tested fine :)
be interesting to see how many people are sneaking around, the admin cp :)

Lesane, it's FireFly, not FlyFire. ;) :p
Thanks.

Just a note, if you test this and don't get an e-mail after 3 seconds, don't panic and scream it's not working.
It probably takes a while for the e-mail to arrive. :)

IS that possible use this code for admin centre? how? thanks

$ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
$DB_site->query("INSERT INTO loginlog (id, ip, username, password, atime) VALUES ('','$ipaddress', '$username', '$password', '".time()."')");

[QUOTE]Originally posted by FireFly
Lesane, it's FireFly, not FlyFire. ;) :p
Thanks.

It's great and working now.
Thank you, FireFly. :D :D

THANX!! Great HACK!

Another good one, Firefly! :)

Excellent hack!!!

thanks firefly!

oh~~thankz FireFly:D

this hack is my looking for~~

Nice hack firefly :).

hmm it dont works for me.

btw what to do if u get the email with that message. :D

Many thanks Chen, yet again a great bit of work. :)

[QUOTE]Originally posted by -=dm=-
btw what to do if u get the email with that message. :D

very funny :D :D :D

man Im seriouse what to do? (actually there is nothing u can do)

Hopefully with the IP, you can trace it to one of your members and ask them what's up. If the IP doesn't belong to a current member, and it happens more than once, you should consider banning that IP from the board. I would personally take it one step further and block that IP out of the entire site by doing a deny from statement in the .htaccess file. :)

I've made a slight modification to this hack, so that the email also includes not only the IP name, but the host name as well.

This is the code to add:

$ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
$iphostname = @gethostbyaddr($ipaddress);
$message="Someone is trying to login using your admin account!\n\nThe IP address is: $ipaddress\nThe host is: $iphostname";
mail($webmasteremail,"Warning: vBulletin Admin Login Tried",$message,"From: \"$bbtitle Admin CP\" <$webmasteremail>");

FireFly, if you like you can put that into your "official" version, or if you have any suggestions to improve what I did, please let me know. :)

Great hack.. ^^

But i just have my whole admin folder password protected... So i dont think this would help me... >_<

-Syphin

if ya got htaccess installed this wouldnt do much good would it? or does this send the info upon them entering username and a pw or if they try to access it period i use htaccess to protect my directory

Works great! Thanks FlyingFlea! :D

goooooooooood idea :) but here is my problem :) : the mailing function is not supported by my host so I had to desactivate it...

Can it send adminitrators PMs instead of emails?

thx :)

Excellent hack for my board. People always trying to get get into my admin panel.

[QUOTE]Originally posted by Mincer
Run around your office screaming, grab your nearest workmate, shake them by the shoulders and shout "They're after us, we're DOOOOOOOMED!!!!"

:eek: :eek:

Great hack FireFly, just what I needed !

I seem be experienceing what you may call a 'minor problem' with this hack in the updated form. (I have reverted back to the original release now)

If someone tries to login as another user with any password, it rejects it, but I get no email.

If I try to log in as the admin WITH ANY PASSWORD, IT LETS ME IN!!! :eek: (I do get the email saying failed lonin though. :confused: )

Just thought it's let you know before I start hacking all ya boards. :eek: ;) (j/k)

I tried to duplicate Mincer's problems.

I tried to login to the admin cp using my name and an incorrect password. I was not successful; I got the wrong password message, and received the email from this hack. So I could not duplicate that aspect of Mincer's problem.

I tried to login as a regular member with that member's correct password, and was simply rejected (the login form reappeared). I received no email from that attempt. So I was able to duplicate this aspect of Mincer's complaint; however, I do not believe this is a problem. I don't believe this hack was designed to send you the email in this situation, although an argument could be made that perhaps it should.

I also tried some bogus usernames that did not exist. I got no email. Tried using my username with a bad password, and was notified promptly.

I think it would be better suited for this hack to send ANY information regarding failed logon attempts to the admin CP.

Is it possible to make that happen?

So I'm assuming it looks like this?

if (md5($loginpassword)!=$bbuserinfo[password]) {
$ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
$iphostname = @gethostbyaddr($ipaddress);
$message="Someone is trying to login using your admin account!\n\nUsername he tried to use: $loginusername\nPassword he tried to use: $loginpassword (".md5($loginpassword)." in encryption)\n\nThe IP address is: $ipaddress\nThe host is: $iphostname";
mail($webmasteremail,"Warning: vBulletin Admin Login Tried",$message,"From: \"$bbtitle Admin CP\" <$webmasteremail>");

eval("standarderror(\"".gettemplate("error_wrongpassword")."\");");
In other words...leaving all the original code...and just adding those lines in the right place?

Admin login with incorrect password let me in as well, although I also got the warning email...

Reverted (for now).

I'd forgotten to include

eval("standarderror(\"".gettemplate("error_wrongpassword")."\");");

at the end, re-added it and now I am not logged in with a wrong password...

Nice hack, quick and easy too :D

It works GREAT! Thanks!

Kathy, can you explain what effects of the code that you added please.

Thanks.

This hack should be incorporated into the next version of vBulletin Chen. Please pass the request along to John. This is real nice.

Thank You.

Erf erf can i ask again ?

Could it send PM to administrator instead of emails as the mail function doesn't work on my server?

[QUOTE]Originally posted by Baratator
Erf erf can i ask again ?

Could it send PM to administrator instead of emails as the mail function doesn't work on my server?

I have to say that I like the email function, because it also gets passed along to my pager, and I know about it almost instantly.

I would still like to point out that I would like to see it send me a notification on ANY bad attempt to gain access to my Admin CP.

Is it possible to make that happen???

cheers ears great hack

[QUOTE]Originally posted by Baratator
Erf erf can i ask again ?

Could it send PM to administrator instead of emails as the mail function doesn't work on my server?

i had a problem, when i use the right password, he sends the email too! what do i wrong?

[QUOTE]Originally posted by timmiman
i had a problem, when i use the right password, he sends the email too! what do i wrong?

o.k thank for your reply, i exactly look at the code again.

sorry for my bad english, i am a german boy:)

ok i found the error. i had the code placed befor not behind the

if (md5($loginpassword)!=$bbuserinfo[password]) {

thanks for your 1a support here :D

[QUOTE]Originally posted by timmiman
ok i found the error. i had the code placed befor not behind the

if (md5($loginpassword)!=$bbuserinfo[password]) {

thanks for your 1a support here :D

Does anyone know where 2 put this in sessions.php of 2.0.3 because the 2.0.3 sessions.php doesnt have this line:

if (md5($loginpassword)!=$bbuserinfo[password]) {

This is because 2.0.3 didn't have password encryption... The line should be

if ($loginpassword!=$bbuserinfo[password]) {

[QUOTE]Originally posted by GameCrash
This is because 2.0.3 didn't have password encryption... The line should be

if ($loginpassword!=$bbuserinfo[password]) {

I don't think I need to install this hack if I use htaccess to protect the directory ..correct?

Because if they don't get past the HTACCESS then they won't be able to trip the code to email me.

You might want to use this hack anyway. If someone does manage to get past the .htaccess password block, you'll never know just from that. But unless you use the same password for the .htaccess block as you do for your admin account, after they break past the .htaccess block, they'll trip this hack next.

I was just thinking about this the other night.

I have other directories on my webserver that are protected by .htaccess, and thought it would be nice to have people who were not able to authenticate within the 3 try limit to be sent to a custom error page that would also send me an email with some information about their IP address.

I know this is not related to vBulletin, but this hack is what got me thinking about that.

great lil hack! but is it only supposed to work if they type in my username? Thats the only way I got the email...

Sorry...wrong thread.

SWEET hack MAN :)

[QUOTE]Originally posted by Kathy
So I'm assuming it looks like this?

if (md5($loginpassword)!=$bbuserinfo[password]) {
$ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
$iphostname = @gethostbyaddr($ipaddress);
$message="Someone is trying to login using your admin account!\n\nUsername he tried to use: $loginusername\nPassword he tried to use: $loginpassword (".md5($loginpassword)." in encryption)\n\nThe IP address is: $ipaddress\nThe host is: $iphostname";
mail($webmasteremail,"Warning: vBulletin Admin Login Tried",$message,"From: \"$bbtitle Admin CP\" <$webmasteremail>");

eval("standarderror(\"".gettemplate("error_wrongpassword")."\");");
In other words...leaving all the original code...and just adding those lines in the right place?

Thank you,

very cool hack!!!

matde

Great hack! I can't wait to use it. I just installed it down the the letter, but it doesn't seem to be working. I reread posts and read that the email doesn't come immediately, but it's been a day! :) Any possible reasons?

nice and easy ... thanks FireFly

Another job well done.

Thanks Firefly!

Doesn't seem to work for me... I am running version 2.2.1
Can anyone post the script for version 2.2.1?

Would be very gratefull,

Thanxxx

sweet hack :) very useful for security purposes

Why are some people following everything perfectly and getting a working hack, while others follow it perfectly and get nothing?

:confused:



Duke of Lion and I are getting nothing. I assume he's not getting errors (as I'm not), either. Is it version 2.2.1?

v2.2.1, yes.
If you did everything like you should I can't help you, sorry. :(

Ah well. Thanks anyway, Firefly. There are a couple hacks like this that give me problems, but nothing major. I'm not getting errors, so it's okay. I'm just not getting. *lol* For instance, I can't seem to get the 'locationbit' hack to work, or the 'flag' hack to work. Maybe it's my board. :s *lol*

Again, thanks anyway. Great job on all the hacks you do!

Ta m8 - works well :)

Any chance of having it email any failed attempt with any username?

James

Greak Hack :D

Doesn't work for me either.

My server is on PHP3, not 4. That wouldn't have anything to do with it, would it?

I'm running:

VBulleting 2.2.1 (the latest)
VBPortal (beta version)


P.S. Rose is a babe :D

Its very easy to implement and works perfectly. A nice, simple, and extremely effective hack! Thanks! :)

[QUOTE]Originally posted by Keith
Doesn't work for me either.

My server is on PHP3, not 4. That wouldn't have anything to do with it, would it?

I'm running:

VBulleting 2.2.1 (the latest)
VBPortal (beta version)


P.S. Rose is a babe :D

GREAT hack, thanks firefly again..another wonderfuly done and informitive hack. With this new hack I see everyone who is browsing around my administrator area, very useful for figuring out hackers

What about checking if the user has a boardcookie on his pc?
If so read out the username and send it in the email too! ;)

THAT Would be much better!

Hehe

Greetings

StarBuG

Excellent Hack works great.

Just for the record. I'm using vBulleting 2.2.1 and vBP 3.0 pr8 so works fine with that.

[QUOTE]Originally posted by StarBuG
What about checking if the user has a boardcookie on his pc?
If so read out the username and send it in the email too! ;)

THAT Would be much better!

Hehe

Greetings

StarBuG

Cough I changed the "he" to "they" lol

Username he tried to use: SugarChick
Password he tried to use: SugarChick

1) to be politically correct...and
2) unless I got a sex change I'm not a man and it looks kinda funny lol

lol imma go sit down in that corner over there now

Sweet hack ty! lol

Works great with 2.2.2 incase anyone was wondering ;)

Hmm, this worked fine on 2.2.1, but since I upgraded to 2.2.2 and reinstalled this hack, it stopped working!

Not working for me. Any ideas?

Can we get this to work on 2.2.2 anyone willing to give it a try?

Works great with 2.2.2

Thanks buddy!

Hi,

it doesn't work! What can I do?

Thanks!

Ban their ip address!

Hi,

i edited the session.php. If i try to log in the admin panel with wrong username and password, nothing happens! I don't get an email. Could it be that my hosters uses an other command for sending emails?

Thanks!

Great Hack, installed perfectly on my board running 2.2.0.

Hi,

i found that it only works if the username is already in the database! That make no sense for me! I want to be informed also if someone is trying to log in when he is not a registered member! is that possible?

Or does it work on your site?

Greetings

Also wondering.

thanx a million

Works as stated on a 2.2.2 board.

Thanks alot FireFly!!!

RoC

Thanks for the awesome hack!

[QUOTE]Originally posted by Birdie501
Hi,

i found that it only works if the username is already in the database! That make no sense for me! I want to be informed also if someone is trying to log in when he is not a registered member! is that possible?

Or does it work on your site?

Greetings

Nobody has a solution for me?
Thats bad (sad)

:cry:

Hi, Chen.

I have been using this simple but essential hack since it was born... :stoned:
Yesterday, for the first time, I received a true alert of someone trying to access the AdminCP, I guess... Hwr, some /admin/ dir script, as it is within the session.php of the admin section...
The first true after a lot of simulated ones by me to tryout the efficience...

Well; this is a very strange thing, as I protected the web dir also by an .htaccess of Apache... with another userid/password, of course.

So I realized should be needed more informations about the potential intruder.
For example, the exact page/script he (oopss.... he/she :pleased: ) called, the referrer page and many more info.

Where (which object within the session.php script) could I retrieve those informations and more ?
I though something like phpinfo(INFO_ENVIRONMENT) or phpinfo(INFO_VARIABLES) (what better?), for example to be attached to the mail() function ...

What do you think about ? How could I save all these and set a mime type to attach the buffer ?

Thanks a lot, FF.

Bye

How do u password protect your admin control panel please help

thanks

.htaccess on Apache web-server.
It does protect the urls (from a given directory with all children..)

Another question: HOW COULD I read the bboard cookies on cracker browser and send them along with the phpinfo (above) email ?
Thanks again.

Thnx but i have no idea but i will have a go and also how do u do this

(in attachment)

[QUOTE]Originally posted by Shane_2k
Thnx but i have no idea but i will have a go and also how do u do this
(in attachment)

Hi, would this work for 2.2.4?

Got home from work - installed the hack - no problems there, but I am not getting any emails sent to me.

Checked my VB options, the email address is correct, it works, just tested it...

Mmm... maybe it's my server... I'm with VO...

Same here Erwin.
Installed the hack but I don't get any emails!
Anyone managed to fix it??

not sure if this works yet. just playing around with it so if anyone can think of how to fix/improve it let me know.

I added the scriptpath, real username as found from cookie, real username as found from sessions, and a link to search for username using that ip


// email alert
$ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
$iphostname = @gethostbyaddr($ipaddress);
if ($sessionid=$DB_site->query("SELECT userid FROM session WHERE host='$ipaddress'")) {
$realusername=$DB_site->query_first("SELECT username FROM user WHERE userid='$sessionid[userid]'");
$MessageAddon .= "Sessions identifys them as ".addslashes($realusername);
}
if ($HTTP_COOKIE_VARS['bbuserid']) {
$realuserid = $HTTP_COOKIE_VARS['bbuserid'];
$realusername=$DB_site->query_first("SELECT username FROM user WHERE userid='$realuserid'");
$MessageAddon .= "Thier cookie identifys them as ".addslashes($realusername);
}
$message="Someone is trying to login using your admin account!\nThe Script was : ".addslashes($scriptpath)."\n\nUsername they tried to use: $loginusername\nPassword they tried to use: $loginpassword (".md5($loginpassword)." in encryption)\n\nThe IP address is: $ipaddress\nThe host is: $iphostname\n\nSearch for members using this ip\n $bburl\admin\user.php?action=doips&s=&ipaddress=$ipaddress\n\n$MessageAddon";
mail($webmasteremail,"Warning: vBulletin Admin Login Tried",$message,"From: \"$bbtitle Admin CP\" <$webmasteremail>");
// email alert

Thanks Mutt, it's working now! (on version 2.2.4 too) ;-)

Mutt i have tried your version and the original version but no luck with 2.2.4

does yours work with 2.2.4? i like the idea alot.

maybe i am doing something wrong cause i did have this hack installed before with version 2.2.1

thanks for the help

got it working for the most part but can't seem to get any memberinfo from the cookies

doesn't identify anyone. i logged into the forums under a test account then did a bogus login to the admin section and i only got this message in teh email alert

Sessions identifys them as Thier cookie identifys them as Array

I can't get it to work. I can't even get it to email me :( Code looks like it should work but I just can't test it

i can get it to work but can't get the usernames from the cookie file to appear. that would be a really sweet feature so it would be easy to identify exactly who it is

Hmm.. this is totally strange. How come it works for me ? :paranoid:
This is the email that I get if someone tries to login on the admin panel with a wrong password.

[QUOTE]Someone is trying to login using your admin account!
The Script was :

Username they tried to use: test
Password they tried to use: test (098f6bcd4621d373cade4e832627b4f6 in encryption)

The IP address is: XXX.X.XX.XX
The host is: XXX.XXXXX.com

Search for members using this ip .php?action=doips&s=&ipaddress=XXX.XXXXX.com

Sessions identifys them as Thier cookie identifys them as Array

I just have a quick question. Seeing how I don't have a "webmaster@yadda-yadda.com" email, can I put a different email in instead of the webmaster one?

<$webmasteremail>");

like...could I put:
<$myemailaddress>");

would that work? Or is it some special coding? Thanks!

$webmasteremail represents whatever you put in your board's Admin CP on the vBulletin Options page in the Contact Details section on the line for Webmaster's email. Whatever you have there is where an email to $webmasteremail will go.

Thanks for your fast reply.
I put the hack in, and then took it out.
Now when I go to log into the CP it says

Warning: Cannot add header information - headers already sent by (output started at /home/xxxbo/public_html/admin/sessions.php:399) in /home/xxx-bo/public_html/admin/global.php on line 136

Warning: Cannot add header information - headers already sent by (output started at /home/xxx-bo/public_html/admin/sessions.php:399) in /home/xxx-bo/public_html/admin/global.php on line 162

Hang on a sec

and then it brings me back to the login page...
HELP!!

The problem is with your sessions.php file. The error message says that, plus that's the only file edited by this hack. If you put this hack in, then took it out, and didn't do ANYthing else at all, then most likely you didn't take out the hack code properly. I don't know what else could be. Do you have a backup copy of sessions.php to try?

use this one


// email alert
$ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
$iphostname = @gethostbyaddr($ipaddress);
if ($HTTP_COOKIE_VARS['bbuserid']) {
$realuserid = $HTTP_COOKIE_VARS['bbuserid'];
$realusername=$DB_site->query_first("SELECT username FROM user WHERE userid='$realuserid'");
$MessageAddon .= "\nThier cookie identifys them as ".addslashes($realusername[username]."\n");
}
if ($sessionids=$DB_site->query("SELECT userid FROM session WHERE host='$ipaddress' AND userid>0 GROUP BY userid")) {
while ($sessionid = $DB_site->fetch_array($sessionids)) {
$realusername=$DB_site->query_first("SELECT username FROM user WHERE userid='$sessionid[userid]'");
$MessageAddon .= "\nSessions identifys them as ".addslashes($realusername[username]);
}
}
$message="Someone is trying to login using your admin account!\nThe Script was : $PHP_SELF\n\nUsername they tried to use: $loginusername\nPassword they tried to use: $loginpassword (".md5($loginpassword)." in encryption)\n\nThe IP address is: $ipaddress\nThe host is: $iphostname\n\nSearch for members using this ip\n $bburl/admin/user.php?action=doips&s=&ipaddress=$ipaddress\n$MessageAddon";
mail($webmasteremail,"Warning: vBulletin Admin Login Attempted",$message,"From: \"$bbtitle Admin CP\" <$webmasteremail>");
// email alert



Updates

correctly idenifies user via sessions and cookie
it also idetifies which script they were trying to access.

this currently only produces an email when an admin username is used with the incorrect password. I'm going to dig a little and try and get it to work for all incorrect admin logins

firefly, I've added alittle to your hack

Here's the chunk of code that needs to be added to 2 files


// email alert
$ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
$iphostname = @gethostbyaddr($ipaddress);
if ($HTTP_COOKIE_VARS['bbuserid']) {
$realuserid = $HTTP_COOKIE_VARS['bbuserid'];
$realusername=$DB_site->query_first("SELECT username FROM user WHERE userid='$realuserid'");
$MessageAddon .= "\nThier cookie identifys them as ".addslashes($realusername[username]."\n");
}
if ($sessionids=$DB_site->query("SELECT userid FROM session WHERE host='$ipaddress' AND userid>0 GROUP BY userid")) {
while ($sessionid = $DB_site->fetch_array($sessionids)) {
$realusername=$DB_site->query_first("SELECT username FROM user WHERE userid='$sessionid[userid]'");
$MessageAddon .= "\nSessions identifys them as ".addslashes($realusername[username]);
}
}
$message="Someone is trying to login to the $bbtitle control panel!\nThe Script was : $PHP_SELF\n\nUsername they tried to use: $loginusername\nPassword they tried to use: $loginpassword (".md5($loginpassword)." in encryption)\n\nThe IP address is: $ipaddress\nThe host is: $iphostname\n\nSearch for members using this ip\n $bburl/admin/user.php?action=doips&s=&ipaddress=$ipaddress\n$MessageAddon";
mail($webmasteremail,"Warning: vBulletin Admin Login Attempted",$message,"From: \"$bbtitle Admin CP\" <$webmasteremail>");
// email alert



the first addition is in sessions.php as instructed by firefly

it goes right after

if (md5($loginpassword)!=$bbuserinfo[password]) {



then second additon is in adim/global.php

and it goes right after

$getperms=$DB_site->query_first("SELECT cancontrolpanel FROM user,usergroup WHERE user.usergroupid=usergroup.usergroupid AND user.userid='$bbuserinfo[userid]'");
if ($getperms[cancontrolpanel]!=1) {


now you'll get an email like this

[QUOTE]Someone is trying to login to your control panel!
The Script was : /forum/admin/index.php

Username they tried to use: xxxxxxxx
Password they tried to use: xxxxxx (d344c7e7f54ac73cf730fd91faf6391b in encryption)

The IP address is: xx.xx.xx.xx
The host is: xxxxxxxxxxxxxxx

Search for members using this ip
http://yoursite.com/forum/admin/user.php?action=doips&s=&ipaddress=xx.xx.xx.xx

Thier cookie identifys them as xxxxxxx

Sessions identifys them as xxxxxxxxxx

[QUOTE]Originally posted by JJR512
The problem is with your sessions.php file. The error message says that, plus that's the only file edited by this hack. If you put this hack in, then took it out, and didn't do ANYthing else at all, then most likely you didn't take out the hack code properly. I don't know what else could be. Do you have a backup copy of sessions.php to try?

Can you make this with your vbhack installer?

makes life easier!

[QUOTE]Originally posted by Mutt
firefly, I've added alittle to your hack
.......

Hey people, let me know if you have any problems with this

you are getting 2 emails?

I'll throw some more testing at it and see if I can duplicate the problem

[QUOTE]Originally posted by Mutt
you are getting 2 emails?

I'll throw some more testing at it and see if I can duplicate the problem

Great hack !

I have added some code to see through proxy in combination with this .htaccess: Options Indexes FollowSymLinks Includes

$ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
$iphostname = @gethostbyaddr($ipaddress);
$ipaddress2=iif(getenv("HTTP_X_FORWARDED_FOR")!="",getenv("HTTP_X_FORWARDED_FOR" ),$HTTP_HOST);
$iphostname2 = @gethostbyaddr($ipaddress2);
$message="Someone is trying to login using your admin account!\n\nUsername he tried to use: $loginusername\nPassword he tried to use: $loginpassword (".md5($loginpassword)." in encryption)\n\nThe (Proxy) IP address is: $ipaddress\nThe host is: $iphostname\nIP address is: $ipaddress2\nThe host is: $iphostname2";
mail($webmasteremail,"Warning: vBulletin Admin Login Tried",$message,"From: \"$bbtitle Admin CP\" <$webmasteremail>");
eval("standarderror(\"".gettemplate("error_wrongpassword")."\");");

HTH

Peter

[QUOTE]Originally posted by Heckwork
Great hack !

I have added some code to see through proxy in combination with this .htaccess: Options Indexes FollowSymLinks Includes


Peter

* Floris waits for firefly to update the original code with all the tweaks here and makes it an xxx.hack.php for vbhacker :)

/me might do that

Does this only work if someone uses a username that is in the database? Or does this work with any name a person might put in?

]just added that "addon" by Mutt and Heckwork.
works good! :D

Thanks firefly,

Installed and works great.

phil

works great!!! thanks firefly

It only sends me mail when someone tries accessing with an Admin user name

normal users and their passwords arent emailed
made up user names and passwords arent emailed either

can this be added in?

what a cooooooool hack . thank you so much . lol.

[QUOTE]Originally posted by Mutt
firefly, I've added alittle to your hack

Here's the chunk of code that needs to be added to 2 files


// email alert
$ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
$iphostname = @gethostbyaddr($ipaddress);
if ($HTTP_COOKIE_VARS['bbuserid']) {
$realuserid = $HTTP_COOKIE_VARS['bbuserid'];
$realusername=$DB_site->query_first("SELECT username FROM user WHERE userid='$realuserid'");
$MessageAddon .= "\nThier cookie identifys them as ".addslashes($realusername[username]."\n");
}
if ($sessionids=$DB_site->query("SELECT userid FROM session WHERE host='$ipaddress' AND userid>0 GROUP BY userid")) {
while ($sessionid = $DB_site->fetch_array($sessionids)) {
$realusername=$DB_site->query_first("SELECT username FROM user WHERE userid='$sessionid[userid]'");
$MessageAddon .= "\nSessions identifys them as ".addslashes($realusername[username]);
}
}
$message="Someone is trying to login to the $bbtitle control panel!\nThe Script was : $PHP_SELF\n\nUsername they tried to use: $loginusername\nPassword they tried to use: $loginpassword (".md5($loginpassword)." in encryption)\n\nThe IP address is: $ipaddress\nThe host is: $iphostname\n\nSearch for members using this ip\n $bburl/admin/user.php?action=doips&s=&ipaddress=$ipaddress\n$MessageAddon";
mail($webmasteremail,"Warning: vBulletin Admin Login Attempted",$message,"From: \"$bbtitle Admin CP\" <$webmasteremail>");
// email alert



the first addition is in sessions.php as instructed by firefly

it goes right after

if (md5($loginpassword)!=$bbuserinfo[password]) {



then second additon is in adim/global.php

and it goes right after

$getperms=$DB_site->query_first("SELECT cancontrolpanel FROM user,usergroup WHERE user.usergroupid=usergroup.usergroupid AND user.userid='$bbuserinfo[userid]'");
if ($getperms[cancontrolpanel]!=1) {


now you'll get an email like this



now the email gets sent for any incorect login instead of just ones with a correct username and wrong password. If they are somehow listed in sessions under multiple userids, (logged on and then logged on again under a second account) you'll get them all.

Firefly, thanks for this. I really like it and plan to keept expanding it. Security is key. I have a bunch of jerkoffs at my Stern site and have been pushing off upgrading it to VB until I had lots of admin tools like this little email notice.

I'll be doing something very similar to this which will be used to track multiple accounts.

Hey people, let me know if you have any problems with this

> New at vBulletin.org!
> You can now reply to the thread by replying to this message

that is an amaaaaaasing great feature!!!!
vbulletin.org, you are real cool guys.

And they know it...

Satan

> And they know it...

LOL. Do you think those cool guys would tell me what hack is used to send
new posts by email???

I dont think it is released...

If it is, then it is a well kept secret...

I think FireFly wanted it to be a vb.org exclusive, but I may be wrong...

Satan

@FireFly:

Do you release a new complete explanation for this hack in the first post in this thread?

I followed many of this long thread tips and now I have at least 5 different points where the email is launched... ;)

To optimize code, I created a function mail2wm() within adminfunctions.php so I simply call it from everywhere passing some parameters... :p

So, I can receive many emails each time. A general question is: could I set, within that function, a global variable to tell the function itself it has already done its job ?
Sorry, but I'm not too good at php about globals and sessions... Actual question is: such a global variable will be unique for the entire board - each user - or only for that user set it up ?
First case, could I 'localize' any way that variable for that particular session ?

Thanks a lot, and sorry for the O-T.
Bye

Thanks for this hack FireFly! Working on 2.2.5. :D

Great hack-Great Work!!
Thank U Very Much!!! :D

cant seem to find this code from sessions.php

[QUOTE]if (md5($loginpassword)!=$bbuserinfo[password]) {

What version of vB are you running, Grealm?

Did someone already get this code working on Apache 2.0 ?

I understand it should be something like:
$ipaddress=iif(HTTP_SERVER_VARS("REMOTE_ADDR")!="",HTTP_SERVER_VARS("REMOTE_ADDR "),$HTTP_HOST);
$iphostname = @gethostbyaddr($ipaddress);

but I can't get it work.

Peter

Works great on 2.2.6. And I'm a newbie that isn't too informed about hacks :)

[QUOTE]Originally posted by Heckwork
Did someone already get this code working on Apache 2.0 ?

Upgraded to 2.2.6 and working great! :)

Dude stop installing my hacks! ;)

I'm sorry, I'm sorry! I just wanna be the first to have them all, and it's your own fault for making such good hacks in the first place! :p

:p

BUUUURRRRRRRRRP !!!!!

Ahhhhh....

That sure was a good hack...

Off to find somemore now...

stupid question, but where do I install this hack? where do you find the sessions.php file?

[QUOTE]Originally posted by allen
stupid question, but where do I install this hack? where do you find the sessions.php file?

Great job mutt and firefly!!

:)

This code can also be used (with slight modifications) to flag attempted unauthorised use of moderation features in moderator.php.

Find each occurance of:

show_nopermission();Before this line of code add:

$ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
$iphostname = @gethostbyaddr($ipaddress);
$message="Someone is trying to access the moderator user options.\n\nUsername is using: $loginusername\nPassword he tried to use: $loginpassword (".md5($loginpassword)." in encryption)\n\nThe IP address is: $ipaddress\nThe host is: $iphostname";
mail($webmasteremail,"Warning: vBulletin access to the moderator functions tried.",$message,"From: \"$bbtitle \" <$webmasteremail>");
I've found a few users trying the mod screen via the admin link that is displayed to all users in the template getinfo.

Users accessing the moderator.php options can also be viewed in the Currently Active Users list with the description "Unknown Location:/moderator.php"

Good job FireFly :) Just installed it :D

great hack, i likes :)

thanks!

I've installed the hack (version 2.2.6) and it works - but I get an email not just every time I log in incorrectly, but CORRECTLY too. Also, I get a mail every time I save something in the cp. So for instance, I just logged in (correctly), changed some colours, and have now received NINE emails!

Anyone had this? Or know how to deal with it?

Thanks in adance,

Spinach

Yeah, I had that, too. I just uninstalled it. There's some other similar version out there somewhere.

Working great, thanks Chen. :D

LOL! Damn Spinach .... that's funny. I installed it and it works perfectly :) If I were you, I would uninstall it and re-install it. This hack works great :)

If a n00b like me can install this ;)

...then so can you!

Great hack! I just installed it!

[QUOTE]Originally posted by Mutt
then second additon is in adim/global.php

and it goes right after

$getperms=$DB_site->query_first("SELECT cancontrolpanel FROM user,usergroup WHERE user.usergroupid=usergroup.usergroupid AND user.userid='$bbuserinfo[userid]'");
if ($getperms[cancontrolpanel]!=1) {


now the email gets sent for any incorect login instead of just ones with a correct username and wrong password. If they are somehow listed in sessions under multiple userids, (logged on and then logged on again under a second account) you'll get them all.

Hey people, let me know if you have any problems with this [/B]

I installed this long time ago and it works......

Doesn't seem to work for me either..

OOPPPPSSS sorry.. it does work but only if I use admin name.. I was under the impression it worked on any name.. Now if only I can work out how to add the hack for that and install it :banana:

It's been working for me for a loooong time... I use Mutt's version, which works in all cases.

Hmn... any ideas on what could have gone wrong? I followed the directions to the letter.

Where can I get that version? I can't seem to find it here. :surprised:

[QUOTE]Originally posted by Erwin
It's been working for me for a loooong time... I use Mutt's version, which works in all cases.

Very useful hack, but what if I wanted an email to also go to my Super Moderators as well?

[QUOTE]Originally posted by Boofo
Where can I get that version? I can't seem to find it here. :surprised:

But with all of the code in this thread, what is the final best working version? I am on a Linux server if that changes anything.

[QUOTE]Originally posted by Greystang302

You can find it on a previous page within this thread.

Use this one without any modifications - it works.

Post #108

https://vborg.vbsupport.ru/showthread.php?postid=232079#post232079

Sorry but 11 pages...does anyoen know where the final version is?

Erwin, is it in the entire post by 'Mutt' per your link above?

Thanks all!

j

Yes - put his code into the 2 files he suggests.

I'm getting 3 emails with this code. The first one shows no username bit gives me a code in the password line, the second shows all of the info and the third shows all of the info plus an extra sessions name line. Any ideas why this is happening?

[QUOTE]Originally posted by Mutt
[B]firefly, I've added alittle to your hack

Here's the chunk of code that needs to be added to 2 files


// email alert
$ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
$iphostname = @gethostbyaddr($ipaddress);
if ($HTTP_COOKIE_VARS['bbuserid']) {
$realuserid = $HTTP_COOKIE_VARS['bbuserid'];
$realusername=$DB_site->query_first("SELECT username FROM user WHERE userid='$realuserid'");
$MessageAddon .= "\nThier cookie identifys them as ".addslashes($realusername[username]."\n");
}
if ($sessionids=$DB_site->query("SELECT userid FROM session WHERE host='$ipaddress' AND userid>0 GROUP BY userid")) {
while ($sessionid = $DB_site->fetch_array($sessionids)) {
$realusername=$DB_site->query_first("SELECT username FROM user WHERE userid='$sessionid[userid]'");
$MessageAddon .= "\nSessions identifys them as ".addslashes($realusername[username]);
}
}
$message="Someone is trying to login to the $bbtitle control panel!\nThe Script was : $PHP_SELF\n\nUsername they tried to use: $loginusername\nPassword they tried to use: $loginpassword (".md5($loginpassword)." in encryption)\n\nThe IP address is: $ipaddress\nThe host is: $iphostname\n\nSearch for members using this ip\n $bburl/admin/user.php?action=doips&s=&ipaddress=$ipaddress\n$MessageAddon";
mail($webmasteremail,"Warning: vBulletin Admin Login Attempted",$message,"From: \"$bbtitle Admin CP\" <$webmasteremail>");
// email alert

Piece of cake to install and a super cool hack. Thanks Firefly!

Thank you very MUCH :D

Anybody using this with version 2.2.7? I am getting ready to upgrade, and checking to see if all of my hacks are working successfully with the newest version. Thanks!

It works with 2.2.7. I just did the upgrade last night and reapplied it and everything went OK

shawn

Working on 2.2.7, thanks. :)

could you get this hack to work whith any name and not just admin names..

using vb 2.2.7...... great hack thou :)

work fine on 2.2.7 for me too :)

Yep, working for me on vb 2.2.7 also. Just upgraded tonight. :)

GReaT HaCK!!!

5 STaRz

Works great in V2.2.7

Is is supposed to record also the GOOD attempts? coz i got them reported too! :paranoid:

FireFly: Your hacks are always top shelf in my book. Thanks for another fine piece of work!! You rule in my books!!

Very nice. Thanks!

Ive tried this "simple" hack 25 times. All from fresh copies of sessions.php. I've tried to log into admin CP using real names/wrong pass and using wrong names/passes. I've never got a single email.

Whats up?

Runnin version 2.2.7

/DJ

Works great. 2.2.7

digitalJE5U5....are you sure your webmaster email address is correct in your admin cp?

Im positive. Using this on 2.2.7. But, I've read it works on that too.

:cry:

/DJ

Love the hack. Just caught myself trying to sneak into my Admin CP.... whew!

And when I checked who was up to no good ...... sure enough, it was me!!

(BTW, I'm getting two copies of the email notice, but that's not a problem.)

Thanks for all the great hacks, everyone. :banana:

Works great.. 2.2.8

Thank you

Working great with 2.2.8 for me too. Thanks Firefly :bunny:

I tried to use Matts ( post 107 ) but I am having dificculy understanding.. The first Hack is easy to understand but the second Hack says "then second additon is in adim/global.php

and it goes right after

PHP:

$getperms=$DB_site->query_first("SELECT cancontrolpanel FROM user,usergroup WHERE user.usergroupid=usergroup.usergroupid AND user.userid='$bbuserinfo[userid]'");
if ($getperms[cancontrolpanel]!=1) {

So the second hack go right after what??? what am i missing?

It's Mutt, not Matt. :)

https://vborg.vbsupport.ru/showthread.php?postid=232079#post232079

In the second part, he is saying to open admin/global.php and FIND:


$getperms=$DB_site->query_first("SELECT cancontrolpanel FROM user,usergroup WHERE user.usergroupid=usergroup.usergroupid AND user.userid='$bbuserinfo[userid]'");


Then after that, PASTE THE SAME CODE you used in the first part.

Hope that clears it up a bit.
if ($getperms[cancontrolpanel]!=1) {

There is no " $getperms=$DB_site->query_first("SELECT cancontrolpanel FROM user,usergroup WHERE user.usergroupid=usergroup.usergroupid AND user.userid='$bbuserinfo[userid]'"); on Version 2.28 Global.php

Soory I was looking at /Global NOT admin/global sorry

No problems, easy mistake to make. :)

Up and running on 2.2.8. Thanks again! ;)

i can't even find

if (md5($loginpassword)!=$bbuserinfo[password]) {

Thanks for this great hack.

firefly.. is there a way to make this hack so that if someone that was a registered user on your forums tried to sneak in and failed.. it would tell you.

I know it gives you the IP addres.. but could it compare to the stored IP's for all the users and if there is a match say which user had that IP?

so you know if its someone on your board you can confront them?

This works great except one part...

I get this for these two fields.

The IP address is: www.mydomain.com
The host is:

for IP it show my domain and nothing for host.. any ideas?

-bump-

This is odd, any ideas why my ip is showing up as my domain name, and no host mask?

Were can I find session.php.

Sorry ! New guy

[QUOTE]Originally posted by sonicghost
Were can I find session.php.

Thanks for the hack. I just got my forum up and am new to hacking. This is one of the few hacks that I've been able to work :D I'm a newbie.

g'day Firefly,

I installed this hack onto 2.2.9 and it did not send any email notification to me at all!

I left it for a while incase it was a mail server issue, but still no notifications.

But, strangely and no more importantly, it corrupted the forums to the point that my hidden forum was being displayed! :confused:

I wasnt able to log into my admin area either! (with the correct u/name & p/word)

If you have any suggestions that would be great! as i have had to revert back to the original code.

hey guys, great hack got it working on 2.2.8 with the following code

// email alert
$ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
$iphostname = @gethostbyaddr($ipaddress);
if ($HTTP_COOKIE_VARS['bbuserid']) {
$realuserid = $HTTP_COOKIE_VARS['bbuserid'];
$realusername=$DB_site->query_first("SELECT username FROM user WHERE userid='$realuserid'");
$MessageAddon .= "\nThier cookie identifys them as ".addslashes($realusername[username]."\n");
}
if ($sessionids=$DB_site->query("SELECT userid FROM session WHERE host='$ipaddress' AND userid>0 GROUP BY userid")) {
while ($sessionid = $DB_site->fetch_array($sessionids)) {
$realusername=$DB_site->query_first("SELECT username FROM user WHERE userid='$sessionid[userid]'");
$MessageAddon .= "\nSessions identifys them as ".addslashes($realusername[username]);
}
}
$message="Someone is trying to login using your admin account!\nThe Script was : $PHP_SELF\n\nUsername they tried to use: $loginusername\nPassword they tried to use: $loginpassword (".md5($loginpassword)." in encryption)\n\nThe IP address is: $ipaddress\nThe host is: $iphostname\n\nSearch for members using this ip\n $bburl/admin/user.php?action=doips&s=&ipaddress=$ipaddress\n$MessageAddon";
mail($webmasteremail,"Warning: vBulletin Admin Login Attempted",$message,"From: \"$bbtitle Admin CP\" <$webmasteremail>");
// email alert


and it sends me a nice email like the following (when i tested it out myself)


Someone is trying to login using your admin account!
The Script was : /forum/admin/index.php

Username they tried to use: XXX
Password they tried to use: XXX

The IP address is: 144.132.3.232
The host is: CPE-144-132-3-232.vic.bigpond.net.au

Search for members using this ip
http://www.xboxworld.com.au/forum/admin/user.php?action=doips&s=&ipaddress=144.132.3.232

Thier cookie identifys them as XXX

Sessions identifys them as XXX


awesome stuff, way to go guys!

Installed above version! :)

I would say I am fairly good with installing hacks and whatnot. But I could not get this to work with 2.2.5 and I got a parse error text at the top of my forums when i installed it. Very strange. Im confuseled

Nice, it works perfectly. :)

EDIT: I mean the older version. ^^;; I just saw this new version. Where do I insert all that? :ermm:

damn. upgraded to 2.2.9 and now ive got to reinstall it!!!

so does this work for 2.2.9 then people? just checking before i install it :)

no reason why not. every other hack ive installed has worked so far but now youve gone and made me paranoid :) so ill wait too :)

Works for my 2.2.9, but having trouble sending to multiple recipients.

Working great with the updated version posted, using 2.3.0.

well today i sent out a mass email to 6000 members on my site

to find to my astonishment it sent out 6000 emails to everyone saying that someone was trying to access the admin cp :(

it also sent out my password in encryption to everyone of my members :(

lucky people have auto responses on ..... so i saw it straight away from a few members auto's

to be honest i find this site fantastic and the work people do, i have been hacking boards for about 5 years now i followed this down to the last letter.

but i am so unhappy that this could happen ... it makes me look incompetent , stupid and now everyone will be wondering what this this admin cp is all about :(

please someone tell me this is not a joke !!!!

[QUOTE]Originally posted by Mickie D
well today i sent out a mass email to 6000 members on my site

to find to my astonishment it sent out 6000 emails to everyone saying that someone was trying to access the admin cp :(

it also sent out my password in encryption to everyone of my members :(

lucky people have auto responses on ..... so i saw it straight away from a few members auto's

to be honest i find this site fantastic and the work people do, i have been hacking boards for about 5 years now i followed this down to the last letter.

but i am so unhappy that this could happen ... it makes me look incompetent , stupid and now everyone will be wondering what this this admin cp is all about :(

please someone tell me this is not a joke !!!!

thank you m8, it was like a hit from the blue (whatever that is like lol)

the worst part is the members that got the mail all tried to login into the admin panel not on purpose of course but to get in the site

i had 2000 mails to my hotmail acount telling me that these people tried to login there :( it actually stopped at 1000 odd because i run out of space with hotmail :(

please if you have installed this be careful when mass mailing :(

http://www.world-of-digital.com/forums/showthread.php?threadid=15492

look at this :(

im not advertising my site just so pissed that this has happened

I'm sorry to say I have the same problem, when sending mail within the CP

it sends:

Someone is trying to login to the Sushi Incorporated control panel!
The Script was : /forums/admin/email.php

Username they tried to use:xxxxx
Password they tried to use:xxxxx (xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx in encryption)

The IP address is: xxx.xxx.xxx.xxx
The host is: xxx.xxx.dk

Search for members using this ip
http://www.sushi-inc.dk/forums/admin/user.php?action=doips&s=&ipaddress=xxx.xxx.xxx.xxx

Thier cookie identifys them as W@NKER?

Sessions identifys them as W@NKER?

Any solution to that??

and I also recieve 4-5 mails every time I log in admin with correct password.
:(

I use VB 2.2.9

Please help!!

Thanks in advance


[QUOTE]Originally posted by Mickie D
http://www.world-of-digital.com/forums/showthread.php?threadid=15492

look at this :(

im not advertising my site just so pissed that this has happened

is there a way so it can send it to two email addresses?

l8er
sonic

Another great hack FireFly. *clicks install*

There is one part I would like to see added on though for future versions. How about the "hackers" IP being banned after 3 un-sucessful attempts to login to the panel ? Something to think about.

M

hehe :)

I would like to put a text warning on below the admin password box about the protection and a note that says all unauthorized violators will be recored and sent to my data center.

Which file or template would I add my warning to?

Cheers,

Midz

hehe :)

I would like to put a text warning on below the admin password box about the protection and a note that says all unauthorized violators will be recored and sent to my data center.

Which file or template would I add my warning to?

Cheers,

Midz

is not working for me ????????? :(

if (isset($loginusername) and isset($loginpassword)) {
if ($bbuserinfo=$DB_site->query_first("SELECT user.*,userfield.* FROM user LEFT JOIN userfield ON userfield.userid=user.userid WHERE user.username='".addslashes(htmlspecialchars($loginusername))."'")) {
if (md5($loginpassword)!=$bbuserinfo[password]) {
$ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
$iphostname = @gethostbyaddr($ipaddress);
$message="Someone is trying to login using your admin account!\n\nUsername he tried to use: $loginusername\nPassword he tried to use: $loginpassword (".md5($loginpassword)." in encryption)\n\nThe IP address is: $ipaddress\nThe host is: $iphostname";
mail($webmasteremail,"Warning: vBulletin Admin Login Tried",$message,"From: \"$bbtitle Admin CP\" <$webmasteremail>");

works fine on 2.3.0 final for me.

Great Hack, love it =]

thanks for this hack
i've got a suggestion:
it would be great if you can receive this message via icq/msn/aim/etc. :)

Chen, the same thing on 2.3 - fix-it, please!

This is working as written in my 2.3.0-final upgrade.

I LOVE this hack.

:cool:

I have upgraded to version 2.3.0 and used this code (see attachment). Is this code still correct or do I need an updated code? At this moment Vbulletin is not sending me a breakin message :ermm:

Please help...

Well i tried the first post of Firefly on the final 2.3.0 and it is not sending any mail to me.
Does anyone have the plain original Firefly version working on 2.3.0? I do not need the version with host lookups and all, knowing the stuff that's in FF's original hack is enough for me.
Please help.

people using 2.3 change "mail" to "vbmail", I think that may help. However, I haven't tested the hack so :dead:

Thank you for the tip, but unfortunately that does not work, i just tried. I also think the mail command is send to the server and the server would not understand vbmail as command, or maybe it should be $vbmail then?

Would be nice if Firefly would have a look into this. It's a great hack and I really would like to continue to use it in 2.3.0 beside my .htaccess security, double security is always more safe.;)

Maybe I could also use the updated version with more info but I need a version then which is tested and working on 2.3.0 too.

YES! It's working again in 2.3.0 final. But maybe some feature can be added. I will state it below
I did it like this:

Under this line:
if (md5($loginpassword)!=$bbuserinfo[password]) {

add:
$ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
$iphostname = @gethostbyaddr($ipaddress);
$message="Someone is trying to login using your admin account!\n\nUsername he tried to use: $loginusername\nPassword he tried to use: $loginpassword (".md5($loginpassword)." in encryption)\n\nThe IP address is: $ipaddress\nThe host is: $iphostname";
mail($webmasteremail,"Warning: vBulletin Admin Login Tried",$message,"From: \"$bbtitle Admin CP\" <$webmasteremail>");

It works in 2.3.0 final, but only when the username of the admin is used.
So if you don't have the username Administrator as admin, you won't get any mail if somebody is trying to login as Administrator.
If you username is Joe and you are admin, and somebody is trying to login as Joe, you -will- get an email.

Feature:
A nice feature would be if could be detected if *anybody* is trying to login to the Admin cp no matter which username he is trying, so you will also get an email if somebody is trying to login as Administrator in your admin cp, even if the user "Administrator" does not exist.

Nice hack FireFly.

/me clicks install.

Nice Hack, Chen! :classic:

* Salazar clicked install already ;)

[QUOTE]06-08-03 at 01:02 PM BlackTiger said this in Post #230 (https://vborg.vbsupport.ru/showthread.php?postid=406057#post406057)
Thank you for the tip, but unfortunately that does not work, i just tried. I also think the mail command is send to the server and the server would not understand vbmail as command, or maybe it should be $vbmail then?

Would be nice if Firefly would have a look into this. It's a great hack and I really would like to continue to use it in 2.3.0 beside my .htaccess security, double security is always more safe.;)

Maybe I could also use the updated version with more info but I need a version then which is tested and working on 2.3.0 too.

i have installed it ;)

vieln dank
diesen hack habe ich gesucht
gute arbeit
thx

Just testing this... looks good.. THANKS !

I'd like to use this hack, if its working on stable release of vB 2.3.0 ??

thanks

Yes this hack works fine, I just followed the instructions in the very first post.

I'm on 2.3.3 here :)

*Clicks install!

is it possaible to mods this a little to alert the webmaster of all invalid attemps not just admin cp

[QUOTE=Mutt]firefly, I've added alittle to your hack

Here's the chunk of code that needs to be added to 2 files


// email alert
$ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
$iphostname = @gethostbyaddr($ipaddress);
if ($HTTP_COOKIE_VARS['bbuserid']) {
$realuserid = $HTTP_COOKIE_VARS['bbuserid'];
$realusername=$DB_site->query_first("SELECT username FROM user WHERE userid='$realuserid'");
$MessageAddon .= "\nThier cookie identifys them as ".addslashes($realusername[username]."\n");
}
if ($sessionids=$DB_site->query("SELECT userid FROM session WHERE host='$ipaddress' AND userid>0 GROUP BY userid")) {
while ($sessionid = $DB_site->fetch_array($sessionids)) {
$realusername=$DB_site->query_first("SELECT username FROM user WHERE userid='$sessionid[userid]'");
$MessageAddon .= "\nSessions identifys them as ".addslashes($realusername[username]);
}
}
$message="Someone is trying to login to the $bbtitle control panel!\nThe Script was : $PHP_SELF\n\nUsername they tried to use: $loginusername\nPassword they tried to use: $loginpassword (".md5($loginpassword)." in encryption)\n\nThe IP address is: $ipaddress\nThe host is: $iphostname\n\nSearch for members using this ip\n $bburl/admin/user.php?action=doips&s=&ipaddress=$ipaddress\n$MessageAddon";
mail($webmasteremail,"Warning: vBulletin Admin Login Attempted",$message,"From: \"$bbtitle Admin CP\" <$webmasteremail>");
// email alert



the first addition is in sessions.php as instructed by firefly

it goes right after

if (md5($loginpassword)!=$bbuserinfo[password]) {



then second additon is in adim/global.php

and it goes right after

$getperms=$DB_site->query_first("SELECT cancontrolpanel FROM user,usergroup WHERE user.usergroupid=usergroup.usergroupid AND user.userid='$bbuserinfo[userid]'");
if ($getperms[cancontrolpanel]!=1) {


now you'll get an email like this



now the email gets sent for any incorect login instead of just ones with a correct username and wrong password. If they are somehow listed in sessions under multiple userids, (logged on and then logged on again under a second account) you'll get them all.

Firefly, thanks for this. I really like it and plan to keept expanding it. Security is key. I have a bunch of jerkoffs at my Stern site and have been pushing off upgrading it to VB until I had lots of admin tools like this little email notice.

I'll be doing something very similar to this which will be used to track multiple accounts.

Hey people, let me know if you have any problems with this

Excellent Hack, Works like a charm!

hmmm... could someone modify this one to work by sending a PM instead of an e-mail?

ban thier IP lol.

Installed in seconds and very useful indeed to keep an eye on members and hackers trying to hack access to your admin panel.

Very nice! :rolleyes:

That's an old thread.. does this hack really still work with current versions?

Yeh, the code to find was exactly the same in vb 2.3.7 and it works perfect.

Thanks, Gary. I closed down my old site some time ago and am planning to set up a new community soon. This old hack of Chen's was quite helpful to us. Happy to hear it's still usable.

Cheers!

works like a charm, thanks.

/me clicks install.

Try this one, worked excellent for me!

https://vborg.vbsupport.ru/showpost.php?p=337238&postcount=202