This is my version of the hack that Firefly released for VB2.

VB3's standard log of failed admincp login attempts is a nice feature.. but since you get no instant notification, by the time you check the log it could be too late. Also, the log doesn't show which passwords the potential intruder is trying... If someone is close to guessing my password I wanna know about it!

What does it do? With this hack, when someone tries to login to your admincp or modcp you'll get an email that contains the username they tried, the password they tried, their ip address, hostname, # of strikes, referer, script, and the date & time of the attempt.

It will look something like this:


--------------------------------------------------
WARNING: Failed admin logon in vBulletin 3.0.1
--------------------------------------------------
Someone is trying to login to your Admin CP!

Username tried: JimbobJoe
Password tried: aCcEsS
IP Address: 67.13.27.156
Host: asd691917124.whatever.com
Strikes: 1/5
Referer: http://www.yoursite.com/forums/admincp/
Script: http://www.yoursite.com/forums/login.php
Date: Wednesday 28th of April 2004 07:50:02 AM
--------------------------------------------------


If the person who is attempting to access your CP happens to be registered & logged in, this line will also be included in the email:

vBulletin has identified this user as: (intruder's real username here)

(Thanks to AlexanderT for the idea for this addon.)


Update (1-4-05): A couple of users have expressed concern about this mod sending a plaintext password over http for all logins. This update (v1.1) addresses that concern by only sending the password for cplogins. To update just re-do the first step in the instructions for your vbulletin version (the first edit to adminfunctions.php). Or if you'd prefer that the attempted password not be sent at all simply skip the edits to adminfunctions.php.

If you don't recieve an email when testing, make sure you have the webmaster email set in the admincp (vBulletin Options + Site Name / URL / Contact Details). Also, sometimes it takes a while for the email to arrive. So give it plenty of time before screaming "it doesn't work".. ;)

Still not working? Read this! (https://vborg.vbsupport.ru/showpost.php?p=509451&postcount=38)

Credits: Thanks to the original creator of this hack (Chen) for the idea, and thanks to Boofo for helping me test it. :)

Installed and working like a champ! Good one, buddy! ;)

*Clicked Install*

I will have to use this one , /me kicks install

Nice hack. It could be extended by adding the username of the user (in case he was already logged in to the forum before) who tries to login.

**Clicks Install**

Excellent hack, EvilLS1

Kevin

Nice hack. It could be extended by adding the username of the user (in case he was already logged in to the forum before) who tries to login.
yes thats a great idea :) i will be installing this :)

great idea, i'll use this (clicks install)

cool hack will be installing this one :)

* Beermonster clicks install

Working fine on 3.0.1. Thanks!

Nice job. *clicks Install*

Nice hack cheers :)

Nice! Thanks, will be installing this one shortly!

ok.. of course i have to be the idiot that can't get this to work :ermm:

I made the changes exactly as said in the text file. I then attempted to login 2 times with wrong password..

I have waited 10- 15 minutes for the e-mail to showup.. Is this long enough.. or should i wait longer?

With the changes in place.. I am not getting any error messages or anything..

Thanks
Dave

Nice hack. It could be extended by adding the username of the user (in case he was already logged in to the forum before) who tries to login.

Thats a great idea!

For those who have already installed and want to add this feature..

In login.php find:

$iphostname = @gethostbyaddr(IPADDRESS);


Below it add:

if ($bbuserinfo[userid]>0)
{
$realname = "vBulletin has identified this user as: $bbuserinfo[username] \r\n";
}


Then find this code (2 places):

$message="Someone is trying to login to your admincp!\n\n $fusername $fpassword $fipaddress Host: $iphostname\r\n $fstrk $freferer $fscriptpath $fdate";


Replace both instances of the code above with this:

$message="Someone is trying to login to your admincp!\n\n $fusername $fpassword $fipaddress Host: $iphostname\r\n $fstrk $freferer $fscriptpath $fdate $realname";


I updated the instructions to include this. Thanks to AlexanderT for the idea. :)

Thank you... works like a charm :)

ok.. of course i have to be the idiot that can't get this to work :ermm:

I made the changes exactly as said in the text file. I then attempted to login 2 times with wrong password..

I have waited 10- 15 minutes for the e-mail to showup.. Is this long enough.. or should i wait longer?

With the changes in place.. I am not getting any error messages or anything..

Thanks
Dave

Hmm.. What version of vb are you using? Heres a few things to try:

Make sure you have the webmasters email set in your admincp (under options).

Make sure you added the last bit of code in the instructions under both places.

Try re-applying all of the code changes in login.php.

Make sure your vbulletin mail system is working (run the test in the admin cp).

Keep in mind, you only get an email when someone tries to login to your admincp or modcp... This has no effect on any of the regular login forms.

How do you install hacks?

Fantastic idea!! thx

[quoye]Hmm.. What version of vb are you using? Heres a few things to try:

Make sure you have the webmasters email set in your admincp (under options).

Make sure you added the last bit of code in the instructions under both places.

Try re-applying all of the code changes in login.php.

Make sure your vbulletin mail system is working (run the test in the admin cp).

Keep in mind, you only get an email when someone tries to login to your admincp or modcp... This has no effect on any of the regular login forms.[/quote]

see i told you i was an idiot.. i never set the webmasters e-mail address in the control panel. I thought it was referring to the config.php one..

AWESOME!! Love .. thanks!

Dave

How do you install hacks?

How to Install vBulletin Hacks - Guide for Newbies (https://vborg.vbsupport.ru/showthread.php?t=39142) ;)

I'm glad the username thing has been added. It was on the vB2 version.

Great, now it shows the registered & logged in part it realy makes it complete :)

Fantastic hack and one that should be a standard vb feature, it adds abit of security to things :) Always a good idea though is to keep changing your password.

* SnowBot clicks install. I love the way its done, so easy also.



Someone is trying to login to your admincp!



Username tried: biggerboo

Password tried: testing123

IP Address: *.*.*.36

Host: ***-*****.*****.***.net

Strikes: 1/5

Referer: http://www.synergyforums.com/forum/admincp/index.php?

Script: http://www.synergyforums.com/forum/login.php

Date: Friday 30th of April 2004 12:33:11 AM



IP + Host removed.

I'm having a curious problem trying to get this to work in vB 3.01.


I first tried this on my Test Board - and everything worked fine. I tweaked the email message for spacing - but ultimately, it worked as I wanted it to.

Then I applied the hack to my primary vB site. Everything should be exactly the same. However, I'm having two oddities:


1. The Attempted Password is not shown. The field name shows - but no password is listed.

2. It's not Identifying vB Users at all. This field just doesn't even show up - exactly as if it couldn't tell that anyone was logged in. And yes, I made sure that I was logged in at the time - so it should have listed me.


Any ideas?

Update - after completely shutting down my browser and going back in - everything works now.

Strange, yes? Perhaps it had something to do with the cookies from the two vB boards (although they did have different prefixes).


As a seperate question, though - since this hack does something extra with the entered password before submitting it through the MD5 Hash - is there any additional security risk? Do normal or AdminCP logins end up with a cleartext copy of the password floating around anywhere?

*install* ;)

Update - after completely shutting down my browser and going back in - everything works now.

Strange, yes? Perhaps it had something to do with the cookies from the two vB boards (although they did have different prefixes).


As a seperate question, though - since this hack does something extra with the entered password before submitting it through the MD5 Hash - is there any additional security risk? Do normal or AdminCP logins end up with a cleartext copy of the password floating around anywhere?

Glad you got it working. To answer your question: No, the only place the attempted password gets passed to is the webmaster's email, and even then only if its incorrect. This has no effect on regular logins. :)

great hack. *click Install*

My board is 3.0.1 but not working....Everything is OK,webmaster mail is OK but not working...

Anybody send me 2 modified files ?

Thanks

My board is 3.0.1 but not working....Everything is OK,webmaster mail is OK but not working...

Anybody send me 2 modified files ?

Thanks

In your admin cp under Import & Maintenance click "Diagnostics". Do the email test to verify that your vbmail() function is working. Test it with your webmaster email address.

If it works, make sure you added the last bit of code in the instructions in two places.

If you still don't recieve the failed login email try re-applying all changes to login.php.

Hmm.. What version of vb are you using? Heres a few things to try:

Make sure you have the webmasters email set in your admincp (under options).

Make sure you added the last bit of code in the instructions under both places.

Try re-applying all of the code changes in login.php.

Make sure your vbulletin mail system is working (run the test in the admin cp).

Keep in mind, you only get an email when someone tries to login to your admincp or modcp... This has no effect on any of the regular login forms.

I've tried this and I don't get any mail either.
Could this be conflicting with another hack or something?

I've tried this and I don't get any mail either.
Could this be conflicting with another hack or something?
Did you recieve an email when you ran the email test under diagnostics? If so, and you added the code in both places in login.php I can't think of any reason why it wouldn't work for you.

Did you recieve an email when you ran the email test under diagnostics? If so, and you added the code in both places in login.php I can't think of any reason why it wouldn't work for you.
I got an email when I ran the email test under diagnostics and I've checked the login.php and found the code added properly.

I got an email when I ran the email test under diagnostics and I've checked the login.php and found the code added properly.
I'm stumped then. This hack uses the same vbmail() function used in all the other features, so it should work. I know this is a long shot, but try closing and re-opening your browser, then go back to your admincp login page and hit your refresh button.. Then try logging in again with an incorrect username or password. If it still doesn't work then I have no idea.

I don't get any email either. EvilLS, are you 100% positive that you are using the proper parameters for vbmail()?

I don't get any email either. EvilLS, are you 100% positive that you are using the proper parameters for vbmail()?
Yep, because its working fine for me and about 40 other people who have already installed it. I just re-applied the hack again to a fresh login.php from vbulletin 3.0.1 and it worked perfectly. Very strange that its not working for only a few people. Has to be either a vb setting or something blocking it in the email software itself.

Are you by chance using any kind of spam guard for your emails? If so, maybe a combination of words in the warning email is triggering it? Thats all I can think of.

The official "Its not working" check-list.;)

If for some reason you don't get a warning email when testing this hack please carefully read through the checklist below..

1) Log into your Admin CP and click "vbulletin options". From the list click on "Site Name / URL / Contact Details".
Scroll down to where it says "Webmaster's Email" (not Contact Us Link). Make sure that you have entered a valid email address there.

2) In your Admin CP under "Import & Maintenance" click Diagnostics.
In the email testing area enter the same email address that you have as your webmaster's email. Run the email test to verify that your vbulletin email is working properly. If it is, you should recieve an email after running the test.

3) If you're using vB 3.0.1 or earlier make sure that you added the last bit of code from the instructions in two seperate places. Open your edited login.php file and search for this:

vbmail($vboptions['webmasteremail'], $subject, $message);

Once you've found the first instance of that code, search for the same code again. You should find it twice.

4) This hack has been tested on vBulletin 3.0.1 - 3.0.5. If you're using a different version, open your register.php file and search for "vbmail" (without the quotes).. This is to make sure that the vbmail() function has the same name in your version.

5) Re-apply the file edits to login.php making sure that you follow the instructions carefully.

6) If you're using any kind of spam guard for your emails that blocks junk mail, turn it off (temporarily).

7) Now lets test it again. Close your browser and re-open it again. Go to your forum and click "logout". While still logged out go to yoursite.com/forums/admincp/ and then hit the "refresh" button on your browser. Type in an incorrect password and hit submit.
Now lets test it again while you are logged into the forum but not the admincp. Close your browser & reopen it again. Go to your forums and login with the correct info. Then go back to /forums/admincp/ and your username should already be listed. Type in an incorrect password and hit submit.

Wait 15-25 minutes before checking your email this time (sometimes it takes a while for the mail to be delivered).

Keep in mind, you only get an email when someone tries to login to your admincp or modcp... This has no effect on any of the regular login forms.

If you've carefully checked everything in the list above and it still doesn't work for you then it could be conflicting with another hack that you've installed. Other than that, I have no idea.

Wait 15-25 minutes before checking your email this time (sometimes it takes a while for the mail to be delivered).



Actually, what causes it to not be delivered immediately is that when the vbmail function is called - it adds the email to the Queue, rather than sending it out immediately. The queue is triggered by activity on the board (clicking links/buttons/etc...).

So, if you do the test-incorrect-login, and then immediately stop and wait - if there's no one on your board, you're not going to get any email until someone does something on your board. All you have to do is just click on something - anything - and the queue will be processed.


Of course, this assumes that the rest of the checklist items are set correctly - but I thought I might shed some insight as to why it sometimes seems to take forever for someone to get the email. :)

Actually, what causes it to not be delivered immediately is that when the vbmail function is called - it adds the email to the Queue, rather than sending it out immediately. The queue is triggered by activity on the board (clicking links/buttons/etc...).

So, if you do the test-incorrect-login, and then immediately stop and wait - if there's no one on your board, you're not going to get any email until someone does something on your board. All you have to do is just click on something - anything - and the queue will be processed.


Of course, this assumes that the rest of the checklist items are set correctly - but I thought I might shed some insight as to why it sometimes seems to take forever for someone to get the email. :)
Hmm.. I wasn't sure if the mail queue effected emails to the webmaster (doesn't seem to on my board). Maybe I should add that one to the checklist. :)

works perfect, thanks!

Ok stupid me. I had the administrator email set to a wrong email that I don't check regularly. That is why I didn't get any notification from this hack (beside not getting like 200 other emails from people who tried to contact me :nervous: )

Greets

Ok stupid me. I had the administrator email set to a wrong email that I don't check regularly. That is why I didn't get any notification from this hack (beside not getting like 200 other emails from people who tried to contact me :nervous: )

Greets
I had the same thing happen when I was helping him test it. That's why the note about checking that in his instructions. LOL

Ok stupid me. I had the administrator email set to a wrong email that I don't check regularly. That is why I didn't get any notification from this hack (beside not getting like 200 other emails from people who tried to contact me :nervous: )

Greets
Heh.. Same thing happened to me when I was making the hack. I couldn't figure out why I wasn't getting an email so I changed the code about 5 times before noticing that I didn't have the webmaster's email set in the CP. Doh! Anyway, glad its workin' for ya. :)

can this hack be modded to get an email if someone tries to log in with an incorrect username or password to the normal board not admin

can this hack be modded to get an email if someone tries to log in with an incorrect username or password to the normal board not admin
Yeah it could, but I'd rather not release a hack like that b/c it could easily be changed to send the user's correct password. Alot of people use the same password on several different sites so its not a good idea IMO. Not saying that you would use it for that, but theres some people out there who would abuse it.

Yeah it could, but I'd rather not release a hack like that b/c it could easily be changed to send the user's correct password. Alot of people use the same password on several different sites so its not a good idea IMO. Not saying that you would use it for that, but theres some people out there who would abuse it.
Agreed, i don't have any rights knowing there passwords, just like they don't have any rights if i was a member of there site.

Could you possibly do one without the password part but just the username, just so i know if anyone is trying to get into our site without permission.

Regards
Rob

Rob,
For regular logins it would probably be better to store failed attempts in the db and make a log rather than email them b/c if you have alot of members your inbox would be full due to users making typos when logging in. I might look into making a hack for that a little later when I get some free time.

Installed - thanks.

Nice hack EviLS1 - /me clicks install.

Installed 10 minutes ago and appears to be working as advertised. Thanks.

Great hack. Thank you! :)

Installed, tested and working perfectly.

[clicks install]

Why I receive every attack 4 mails ?

Why I receive every attack 4 mails ?
You should recieve only one warning email every time someone tries to login with an incorrect password or username. If you received 4 emails it means someone made 4 seperate attempts to access your CP. If you have the strike system enabled you will receive a maximum of 5 emails if they try to do it over and over again.

good one I like it

Thanks a lot
for this hak

zahco

Installed. Especially after I found scripts in my /forums directory that shouldn't have been there and then users complained of their posts disappearing.

Thanks.

*clicked install* Great job!

Works for me on version 3.0.0! Excellent stuff, thanks!

You da Man!

*clicking Install*

Thank you. Glad ya like it. :)

<a href="https://vborg.vbsupport.ru/showthread.php?s=&threadid=64322" target="_blank">https://vborg.vbsupport.ru/showt...threadid=64322</a>

will be installing this next, thanks for the killer hacks bro.

great hack, cheers for this

You may want to let people know that by installing this hack as posted, your passwords from this page will not be transmitted in clear text. But if you're okay with FTP, you're probably okay with this.

sc4r3d & Watson,
Glad you like it and you're welcome. :)

You may want to let people know that by installing this hack as posted, your passwords from this page will not be transmitted in clear text. But if you're okay with FTP, you're probably okay with this.
Passwords are encrypted in login.php. The only place the clear text gets passed is from adminfunctions.php to login.php which poses no security threat that I can think of since the md5hash() function is client side anyway.

Unfortunately this hack doesn't work with VB 3.0.2 because the login.php is different from 3.0.0/3.0.1 :ermm:

EvilLS1 are you thinking to upgrade your hack to 3.0.2? :rolleyes:

Regards

Unfortunately this hack doesn't work with VB 3.0.2 because the login.php is different from 3.0.0/3.0.1 :ermm:

EvilLS1 are you thinking to upgrade your hack to 3.0.2? :rolleyes:

Regards

For those who have upgraded to 3.0.2,

Please try these instructions and let me know if it works for you:

Yea! now it works with 3.0.2 :D

Tnx for your quick upgrade ;)

Regards

N/P. Glad it worked. :)

Great job EvilLS1 :)

* Natch installed and it works a charm!

Thanks Natch. :)

I set "Use Login "Strikes" System" to "No". So does it work?

I set "Use Login "Strikes" System" to "No". So does it work?
Yes it should work either way.

I caught someone with this hack and pm'd them and they were like im sorry and crap and they tried alot of times

Funny you should say that considering I caught YOU trying to log into my admincp the other day. Not very fun, is it?

I think it was the other way around babolo, you tried on MY site and I caught you and pmed you asking why to which you replied you thought you'd try to hack because people use stupid passwords...unless you installed this hack between yesterday and today and had someone try to log into your account "alot of times."

Or we're all living in an alternate universe. One of the three. I have the logs if anyone cares to see this hack in action.

This is cool. Doubt anyone tries to login, but it's good just in case. Had the vB2 one installed as well. Obviously this one is better, though.

I know that this may not be the best place for this. But I have and love this admincp hack.

Is there anyway I can be notified when regular accounts are tried to break into as well?

Last night, my admin area was targeted and I was notified.

My Co-Admin was targeted but not thru the admin area. They tried accessing his account through the regular forum.

But without him telling me I'd have no idea if people were trying to break in etc and I don't need the wrong people trying to access other accounts. Especially when not everyone uses a secure password.

cool hack, *clicks install*

Is there anyway I can be notified when regular accounts are tried to break into as well?



Its possible but not practical b/c your inbox would be filled with notifications due to regular members mis-typing their password or username. To do something like that it would be a better idea to store failed logins in the database and let the admin view them in the control panel.

Yeah, that is true. Good Point.

I just was trying to think of a way so I am notified if there is someone trying to break in other accounts.

Due to the fact that my admincp account was targeted, and my co-admins regular forum account were targeted, I was trying to think of a viable way for me to know that said people are trying to break into various accounts other than the admincp.

Works for me on version 3.0.0! Excellent stuff, thanks!
installed, tested, works great, muchas gracias :)

one thing-is it possible to get this for the modcpanel too?

I installed the version of the hack for 3.0.3 and when I go to test it by logging in with a wrong password, I get a white screen with this:

Fatal error: Call to undefined function: log_vbulletin_error() in /home/hsphere/local/home/projectp/projectprotect.org/forum/login.php on line 184

Any idea's on where I wen wrong?

Thanks!

I installed the version of the hack for 3.0.3 and when I go to test it by logging in with a wrong password, I get a white screen with this:

Fatal error: Call to undefined function: log_vbulletin_error() in /home/hsphere/local/home/projectp/projectprotect.org/forum/login.php on line 184


Any idea's on where I wen wrong?

Thanks!
Oh wait - I guess that is what it is supposed to do - I just got 3 emails telling someone (me) tried to login with an invalid password!

Okay okay, I am learning...THANKS FOR THIS HACK! :)

one thing-is it possible to get this for the modcpanel too?

It already does that. :)

speedpro50,
You shouldn't be getting that error. Check to make sure that you didn't accidentally remove this line of code:

// log this error if attempting to access the control panel
require_once('./includes/functions_log_error.php');


If that line is there then try temporarily removing this hack and see if it still happens when trying an incorrect password. This hack makes no changes or calls to that function so I'm guessing that the error will still be there even with it removed.

It already does that. :)

.


lol-i checked, and so it does :) great hack :devious:

lol-i checked, and so it does :) great hack :devious:

Thank you. :)

Someone is trying to login to your Admin CP!

Username tried: Psycho
Password tried:
IP Address: ***.***.***.***
Host: ***.***.***.***
Strikes: 1/5
Referer:
Script: http://www.teenagechaos.com/login.php
Date: Sunday 08th of August 2004 03:48:04 PM
vBulletin has identified this user as: Psycho

Amazing hack man!!!!

Thank you, but credit for the concept goes to Chen. :)

thanks for bring this hack to vb3 :)
*installs

Upgrade to 3.0.3 functioning perfectly. :)

This is great, im glad i found this, i am always looking to add extra security :)

Nice, small and very userful! :banana:

Thanks!

joergh

That is a pukka Hack Top job fellas.

Installed, and feeling better for it. ;)

However, on my forum the message is not sent until the next login event. In other words, if there's an unsuccessful login to admincp the email is not sent until someone logs into the main forum or the admincp (successfully or unsuccessfully).

It's as though a subsequent login event has to happen before the email notification occurs. Reinstalled the hack several times and tested thoroughly&repeatedly and this is the only conclusion I can come up with. My forum is not that active, especially in the evening. I can wait for hours to get the message, but as as soon as the next user enters the email is instantly sent.

vB303 on Win2kServ with PHP 433 MySQL 4.0.14b Deerfield WebSitePro.

Other than that, I'm glad to have it.

/clicked Install

D.

Onkel_Tom clicks install on vB3.0.3
But a small problem with the used password, this field is empty in the email.
any idea ?

I know this problem. It means you overlooked something. Go through your file edits again.

dsmcd01,
Thats strange. On the previous pages of this thread someone mentioned that the Mailqueue system causes this. I didn't think that feature had any effect on the webmaster's email but it might be worth a try to turn it off if you have a slow board. If you want to see if it has any effect you can disable Mailqueue by going to admincp + server settings & optimization options. Other than that I can't think of anything that would be causing it.

Onkel_Tom,
Like Zelda-King said, that sounds like a missed file edit. Recheck all of your file edits, specifically those in adminfunctions.php.

dsmcd01,
Thats strange. On the previous pages of this thread someone mentioned that the Mailqueue system causes this. I didn't think that feature had any effect on the webmaster's email but it might be worth a try to turn it off if you have a slow board. If you want to see if it has any effect you can disable Mailqueue by going to admincp + server settings & optimization options. Other than that I can't think of anything that would be causing it.
That did the trick. Nice coding, and appreciate the assistance.

D.

Why didn't i see this in vb2.... would have saved alot of hacking troubles... *Storms off mad but thankful i seen it today*

Onkel_Tom,
Like Zelda-King said, that sounds like a missed file edit. Recheck all of your file edits, specifically those in adminfunctions.php.

Sorry, i checked the code more than twice and the empty password field in eMail still exists. I also compared the installation instructions for vB before 3.0.2 with the 3.0.0 an above version to see what is the difference, but both look similar exclude the "find twice" step.

I'm using vB3.0.3, perhaps this could be the problem ?

No, I'm using 3.0.3 and it's working.

thanks for the answer.

/me clicks install

INSTALLED here too thanks.

You know what could be an interesting add-on? Use it for SUCCESSFUL logons as well. Now, of course, if it's just a one-man show (like many sites) you'll know when you have logged on. If you had mods, you'll see their logon attempts and passwords, but hopefully you won't abuse your mods, now, anyway since you could easily change their password if you REALLY wanted to log in as them.

However, this could be good to identify someone who actually KNOWS your password and is logging in.

Thoughts?

You know what could be an interesting add-on? Use it for SUCCESSFUL logons as well. Now, of course, if it's just a one-man show (like many sites) you'll know when you have logged on. If you had mods, you'll see their logon attempts and passwords, but hopefully you won't abuse your mods, now, anyway since you could easily change their password if you REALLY wanted to log in as them.

However, this could be good to identify someone who actually KNOWS your password and is logging in.

Thoughts?

Check this post for my thoughts on viewing other user's passwords:
https://vborg.vbsupport.ru/showpost.php?p=512462&postcount=46

There has been a lot of discussion about something like this to see all login requests, which would be a huge amount of data on larger sites. But what about the idea of limiting the monitoring to a particular user group, like administrators or mods? That would target the important accounts. Just an idea at this point. I have to get my board up and running the way I want before I start hacking at it. :D

someone the hack dont work for me ?
i am using vb 3.0.3

when a normal user enters correct username/password and tries to access the admincp, I do not receive an email.
Even the user dont get an error-message (only if he is using the correct user/pass)

I am getting email when he enters wrong user/pass to admincp

I guess, it should also send emails, when users enters correct username/password but they dont have access to admincp ?

correct me if i am wrong.

thank you

San-Deep,
No, thats how its supposed to work. You will only get an email if someone enters an incorrect username or password. If they enter the correct username and password but do not have access it'll log them into the forum but not the admincp (just redirects them back to the cp login page).

thanks!

Well I guess I'm the only one having this problem (3.03) but when I search for

// log this error if attempting to access the control panel
require_once('./includes/functions_log_error.php');

in login.php, it says its not there. Therefor I cannot add

$fstrk = "Strikes: $GLOBALS[strikes]/5\r\n";

$subject= 'WARNING: Failed admin logon in ' . $DB_site->appname . ' ' . $vboptions['templateversion'] . "\r\n\r\n";

$message="Someone is trying to login to your Admin CP!\n\n $fusername $fpassword $fipaddress Host: $iphostname\r\n $fstrk $freferer $fscriptpath $fdate $realname";

vbmail($vboptions['webmasteremail'], $subject, $message);

I am using the instructions for vb3.02 and up. Help?

HondaATC,
In an un-modified v3.0.3 login.php the code is on lines 169 & 170.

I found it, about 6 lines above that. Weird, don't know why the find>replace command didn't get it. Thanks for the help!

Great step towards security. Thank you very much, *Installed*.

Very cool. *clicks install*.

And very useful for the security conscious admins out there.

Its possible but not practical b/c your inbox would be filled with notifications due to regular members mis-typing their password or username. To do something like that it would be a better idea to store failed logins in the database and let the admin view them in the control panel.
It is possible and I have achieved it (though I didn't want too). I have checked my install procedure a couple of times but seem to have done everything correctly.

Any thoughts as to what I did wrong? It is getting annoying receiving e-mails when users miss type their details.

It is possible and I have achieved it (though I didn't want too). I have checked my install procedure a couple of times but seem to have done everything correctly.

Any thoughts as to what I did wrong? It is getting annoying receiving e-mails when users miss type their details.

About the only thing I can think of that would cause it to report all mistyped passwords/usernames would be if you placed the last bit of code from the instructions (the last edit to login.php) in the wrong place.

Make sure this bit of code:

$fstrk = "Strikes: $GLOBALS[strikes]/5\r\n";

$subject= 'WARNING: Failed admin logon in ' . $DB_site->appname . ' ' . $vboptions['templateversion'] . "\r\n\r\n";

$message="Someone is trying to login to your Admin CP!\n\n $fusername $fpassword $fipaddress Host: $iphostname\r\n $fstrk $freferer $fscriptpath $fdate $realname";

vbmail($vboptions['webmasteremail'], $subject, $message);


..is after this bit of code:

if ($logintype === 'cplogin' OR $logintype === 'modcplogin')
{

// log this error if attempting to access the control panel
require_once('./includes/functions_log_error.php');


Other than that I can't think of anything that would cause it.

About the only thing I can think of that would cause it to report all mistyped passwords/usernames would be if you placed the last bit of code from the instructions (the last edit to login.php) in the wrong place.

Make sure this bit of code:

$fstrk = "Strikes: $GLOBALS[strikes]/5\r\n";

$subject= 'WARNING: Failed admin logon in ' . $DB_site->appname . ' ' . $vboptions['templateversion'] . "\r\n\r\n";

$message="Someone is trying to login to your Admin CP!\n\n $fusername $fpassword $fipaddress Host: $iphostname\r\n $fstrk $freferer $fscriptpath $fdate $realname";

vbmail($vboptions['webmasteremail'], $subject, $message);


..is after this bit of code:

if ($logintype === 'cplogin' OR $logintype === 'modcplogin')
{

// log this error if attempting to access the control panel
require_once('./includes/functions_log_error.php');


Other than that I can't think of anything that would cause it.
Thankyou for your speedy response. It is in the right spot. It will just have to go down as a "vB X File".

I have had one or two of these, so am not excessively surprised. Luckily my users don't get their passwords wrong too often.

Hmmm.. Weird. Are you sure these users aren't trying to login through the admin section? In the emails that you get what does it say next to referer?
If it says: http://www.yoursite.com/forums/admincp/ then they are trying to login through the admincp.

Hmmm.. Weird. Are you sure these users aren't trying to login through the admin section? In the emails that you get what does it say next to referer?
If it says: http://www.yoursite.com/forums/admincp/ then they are trying to login through the admincp.
Yep. The error is from http://www.mysite.com/forum/login.php.

As I said no worries.

I use HT Access on my ADMINCP DIR as well, but I installed this and tested it.
It works really well.

Nice, Xrayhead

Excellent - thank you, works like a real charm. Clicked install

Works well! Thanks a lot.

*Clicks Install*

Simply wonderful. I've always wondered about a hack like this. loe and behold it's here. I LOVE THIS PLACE>

Clicked Installed! Tested OK on v3.0.3. Works like a charm! Asked a couple of friends (close) to try and log in (after I tested it first), and got the emails within 5 minutes. Now if we could only have it send out a message to your cellphone or pager, locate the user attempting to get into your Admincp, drag them before the "Court of Board Administrators", pronouce sentence on them, and string them up by their thumbs. :banana:
Great little hack EvilLS1! Thanks

This is my version of the hack that Firefly released for VB2.

VB3's standard log of failed admincp login attempts is a nice feature.. but since you get no instant notification, by the time you check the log it could be too late. Also, the log doesn't show which passwords the potential intruder is trying... If someone is close to guessing my password I wanna know about it!

What does it do? With this hack, when someone tries to login to your admincp or modcp you'll get an email that contains the username they tried, the password they tried, their ip address, hostname, # of strikes, referer, script, and the date & time of the attempt.

It will look something like this:



If the person who is attempting to access your CP happens to be registered & logged in, this line will also be included in the email:

(Thanks to AlexanderT for the idea for this addon.)


Note: If you don't recieve an email when testing, make sure you have the webmaster email set in the admincp (vBulletin Options + Site Name / URL / Contact Details). Also, sometimes it takes a while for the email to arrive. So give it plenty of time before screaming "it doesn't work".. ;)

Still not working? Read this! (https://vborg.vbsupport.ru/showpost.php?p=509451&postcount=38)

Credits: Thanks to the original creator of this hack (Chen) for the idea, and thanks to Boofo for helping me test it. :)
I just came accross this at someones site i was helping at. I'd mistyped my username and well it sent them my password anyway. So i had a look at the code and I noticed it sent the password in plaintext ALL of the time.

What this really does is remove security from vBulletin, instead of just sending the md5 hash which at least hides the original password. I modified this version of the hack and removed the reference to the password used from this version I was working on and I think the hack author should consider adjusting the version posted.

Well, actually from what i read inthe description is that, it shold send the tried password:

If someone is close to guessing my password I wanna know about it!
So instead of removing the whole password sending (as this was the sense behind the hack) it should be changed, to just send the email to the username tried, but then with the password.

so if you just mistyped your username, then no mail would be sent, as this user doesn't exist or is no admin, but if someone tries to hack into a real admin account, sending the passwords to this' accounts email wouldn't hurt.

Yes, its supposed to send the password with any failed cp logins attempted. If the username is mistyped it will still send the password but again this is only for cp logins. Only staff members should be trying to login from here anyway. It doesn't send anything for regular logins. If you'd rather have it send an encrypted password instead simply skip the edits to adminfunctions.php and use the vb_login_md5password variable instead of the one added with the hack.

Well I at least think it should be mentioned in the first post and the install file. I wasn't really bothered about it emailing the admin, its the fact it went through a proxy server and travelled about on the net unencrypted.

I went out of my way for vB3 to remove all cases of plain text passwords being sent over the network and I was just a bit shocked to find this out. I automatically assumed that my password was fine since i saw it clear the input boxes onsubmit as expected.

Is there a real purpose to telling them what the password is? Someone logged in with an admin username you have their IP and everything else, why does it matter if they typed in "bob" as the password.

Well I at least think it should be mentioned in the first post and the install file. I wasn't really bothered about it emailing the admin, its the fact it went through a proxy server and travelled about on the net unencrypted.

It is mentioned in the first post. It clearly states that it will send the password.

Is there a real purpose to telling them what the password is? Someone logged in with an admin username you have their IP and everything else, why does it matter if they typed in "bob" as the password.
Yes, if someone is close to guessing your (the admins) password you will know about it.

It is mentioned in the first post. It clearly states that it will send the password.

Yes, if someone is close to guessing your (the admins) password you will know about it.
Yeah i know it says the password is sent but does the average user thats installed this know that its went from not sending the plaintext password over http when you login to sending it?

Most people seem to appreciate this hack but I doubt they know that it weakens security, if they were really that bothered they'd just rename the admin panel to something totally unguessable and put a http authentication box on top of the directory.

Alright, As you suggested I placed a note about this in the first post along with instructions on how to (optionally) make it send the encrypted password instead.

$fapassword = &$vbpassword;

..with this:

$fapassword = &$md5password;

I can't find that??

Hi works great thanks, how could you add Proxy IP too, as if someone is trying
to access your admin panel there will more than likely be using a proxy ...

I can't find that??
Its in the hack instructions. 2nd edit to login.php



Nice hack but I get from EVERYONE who has made an wrong login an error. Not only for the ACP but on the whole forum.

As you can see he's running a script/page that has nothing to do with ACP.


From the hack instructions, 3rd edit to login.php, make sure you added the code below this section of code:

if ($logintype === 'cplogin' OR $logintype === 'modcplogin')
{
// log this error if attempting to access the control panel
require_once('./includes/functions_log_error.php');


As you can see in the code above, as long as the call to the vbmail() function is placed inside the $logintype === 'cplogin' if statement it should only send the email on cp logins.

Only one other person had that problem (emailing on all logins) so if the suggestions above don't fix it my only guess is that maybe its conflicting with another hack.

Hi works great thanks, how could you add Proxy IP too, as if someone is trying
to access your admin panel there will more than likely be using a proxy ...

I'll look into it when I get some free time.

Its in the hack instructions. 2nd edit to login.php






From the hack instructions, 3rd edit to login.php, make sure you added the code below this section of code:

if ($logintype === 'cplogin' OR $logintype === 'modcplogin')
{
// log this error if attempting to access the control panel
require_once('./includes/functions_log_error.php');


As you can see in the code above, as long as the call to the vbmail() function is placed inside the $logintype === 'cplogin' if statement it should only send the email on cp logins.

Only one other person had that problem (emailing on all logins) so if the suggestions above don't fix it my only guess is that maybe its conflicting with another hack.

Ill take a look at that.

I'll look into it when I get some free time.


Thanks

Hi works great thanks, how could you add Proxy IP too, as if someone is trying
to access your admin panel there will more than likely be using a proxy ...

rh2004,
After looking at this (https://vborg.vbsupport.ru/showthread.php?t=69295&highlight=proxy) hack it appears that with it installed along with this one it would send the actual IP even if the person is using a proxy.

boss clicks install :cool:

installed and working right now i'll hit that "install" button

this mod works fine but i wonder why it takes so long to deliver the mail ? by that time the intruder is already gone .... all you could do is ban him (if it is a guest) and disable his account if he is regged

YabbaDabba clicks install (w/encrypted pwd)

/me clicks install...works very nicely

clicks install

I just upgraded my board from vB 3.0.3 to vB 3.0.4, and that seems to have affected this hack.

I still get the email - but the Attempted Password now shows up as an empty field.


Any idea what's changed and what needs to be altered for this hack in order to make this work?

Same problem overhere..

I just upgraded my board from vB 3.0.3 to vB 3.0.4, and that seems to have affected this hack.

I still get the email - but the Attempted Password now shows up as an empty field.


Any idea what's changed and what needs to be altered for this hack in order to make this work?

I have no way of testing this as I haven't upgraded yet, but these instructions should work for v3.0.4.

https://vborg.vbsupport.ru/attachment.php?attachmentid=22849

If you're using a browser other than internet exploror and it still doesn't send the attempted password try it again with internet explorer and see if it works.

Brilliant hack

I have no way of testing this as I haven't upgraded yet, but these instructions should work for v3.0.4.

https://vborg.vbsupport.ru/attachment.php?attachmentid=22718

If you're using a browser other than internet exploror and it still doesn't send the attempted password try it again with internet explorer and see if it works.



I was using IE - but I'll give your new instructions a shot and see if it works. :)

Excellent Hack!

Install Button > Click!

Worked beautifully on my vB 3.0.5. I accidentally locked myself out for 15 minutes though. Any chance of making a hack, or an addon, that makes it so user id 1 cannot be locked out? Someone could go to your forum and try to log in 6 times and then you have to wait 15 minutes.

My idea would be that the hack would stop the person trying to login from continuing to attempt to login, but to NOT lock out the admin's account. It may seem stupid, but someone with your talent should be able to work something out? :)

Worked beautifully on my vB 3.0.5. I accidentally locked myself out for 15 minutes though. Any chance of making a hack, or an addon, that makes it so user id 1 cannot be locked out? Someone could go to your forum and try to log in 6 times and then you have to wait 15 minutes.

My idea would be that the hack would stop the person trying to login from continuing to attempt to login, but to NOT lock out the admin's account. It may seem stupid, but someone with your talent should be able to work something out? :)

You could bypass it for the admins account but that would defeat the whole purpose of the strike system b/c if your not logged in it has no way of knowing if you're the admin or not.

You could do something like this, so that it doesn't give the admin strikes or lock him out when trying to login to the control panel as long as he's already logged into the board:

In includes/functions_login.php find:

function verify_strike_status($username = '')
{
global $DB_site, $vboptions;

$DB_site->query("DELETE FROM " . TABLE_PREFIX . "strikes WHERE striketime < " . (TIMENOW - 3600));

if (!$vboptions['usestrikesystem'])
{
return 0;
}


Replace it with:

function verify_strike_status($username = '')
{
global $DB_site, $vboptions, $bbuserinfo;

$DB_site->query("DELETE FROM " . TABLE_PREFIX . "strikes WHERE striketime < " . (TIMENOW - 3600));

if (!$vboptions['usestrikesystem'] OR $bbuserinfo[usergroupid]==6)
{
return 0;
}


Find:

// ###################### Start exec_strike_user #######################
function exec_strike_user($username = '', $strikes = 0)
{
global $DB_site, $strikes, $vboptions;

if (!$vboptions['usestrikesystem'])
{
return 0;
}


Replace it with:

// ###################### Start exec_strike_user #######################
function exec_strike_user($username = '', $strikes = 0)
{
global $DB_site, $strikes, $vboptions, $bbuserinfo;

if (!$vboptions['usestrikesystem'] OR $bbuserinfo[usergroupid]==6)
{
return 0;
}


With that change, if the admin is logged in to the forum but not the control panel it will not give him a strike for an incorrect cp login and shouldn't lock him out even if someone else has 5 strikes with his username. All other usergroups will still get a strike.

If you're not logged into the forum you'll still get a strike.

I didn't test it but it should work.

Thanks for verifying that this hack works with 3.0.5 btw. :)

Worked beautifully on my vB 3.0.5. I accidentally locked myself out for 15 minutes though. Any chance of making a hack, or an addon, that makes it so user id 1 cannot be locked out? Someone could go to your forum and try to log in 6 times and then you have to wait 15 minutes.

My idea would be that the hack would stop the person trying to login from continuing to attempt to login, but to NOT lock out the admin's account. It may seem stupid, but someone with your talent should be able to work something out? :)
Just set up a second admin account for yourself. I use 2 so that if one has a problem, I have a back door.

well,

this hack works fine except for one little thing


Script: http://www.yoursite.com/forums/login.php


why isn't this line hypperlinked ?? this is bugging me i know just a rediculious detail but it's bugging me

well,

this hack works fine except for one little thing


Script: http://www.yoursite.com/forums/login.php


why isn't this line hypperlinked ?? this is bugging me i know just a rediculious detail but it's bugging me
Uuhm then get it hyperlinked? <a href=...

Installed. Not working.

1. Version 3.0.3 (patched init.php - twice)
2. vBadvanced hack
3. IBProarcade hack
4. vBquiz hack

Checked and tried everything (twice) listed in the "Checklist"... still no luck?

I have a question: my administrator folder IS NOT named "admincp", could this be the cause?

Thanks.
mm :nervous:

Mechanical Mind,
I don't think the name of the folder would have any effect on it but I could be wrong.

The only other thing I can think of is maybe one of the other hacks changes something which effects this hack. Since I don't use any of those myself I can't say for sure. You could try applying this hack to fresh un-modified files and see what happens.

well,

this hack works fine except for one little thing


Script: http://www.yoursite.com/forums/login.php


why isn't this line hypperlinked ?? this is bugging me i know just a rediculious detail but it's bugging me

Its not hyperlinked for two reasons:
1) Its not meant to be clicked on. That line is only there to show you where the intruder is attempting to login from.. i.e. your site or a remote script.
2) Not all email clients support HTML.

oooh so i didn't do anything wrong i thought i did something wrong ok so i didn't anyway your hack worked fine with vb 3.0.3 & 3.04 & 3.0.5 i don't use any of those other either

Mechanical Mind,
I don't think the name of the folder would have any effect on it but I could be wrong.

The only other thing I can think of is maybe one of the other hacks changes something which effects this hack. Since I don't use any of those myself I can't say for sure. You could try applying this hack to fresh un-modified files and see what happens.

I'll make you a deal. If you would like access to my server and admin to check my modifications to the files, just pm me and let me know.

(Chances are that I have made a mistake in modifying the files. I don't think I have successfully installed a hack yet, without needing help...)

We would both benefit if you can get it working.

1. You can confirm that your hack works in a forum running the hacks that mine does.
2. And I could get it working.

Sounds like a good deal, eh? :nervous:

I'll make you a deal. If you would like access to my server and admin to check my modifications to the files, just pm me and let me know.

(Chances are that I have made a mistake in modifying the files. I don't think I have successfully installed a hack yet, without needing help...)

We would both benefit if you can get it working.

1. You can confirm that your hack works in a forum running the hacks that mine does.
2. And I could get it working.

Sounds like a good deal, eh? :nervous:

I can check your file edits if you want.

I can check your file edits if you want.

Sure. Check your mailbox. :classic:

Update.

This hack is awesome and works perfect, even with my forum which is heavily modded and has several hacks listed above.

Thanks to EviLS1 for taking the time to check my files. I made an error in uploading the modified files. Other than that, this hack works great.

Definitely an added sense of security!!!

PS - If you have renamed your admincp folder - this hack still works!!!

mm

Update.

This hack is awesome and works perfect, even with my forum which is heavily modded and has several hacks listed above.

Thanks to EviLS1 for taking the time to check my files. I made an error in uploading the modified files. Other than that, this hack works great.

Definitely an added sense of security!!!

PS - If you have renamed your admincp folder - this hack still works!!!

mmGood info! Thank you for the update.

* Gnappy installed

but i have the same problem of Mechanical Mind: im running 3.0.3(with init.php patch) with many hacks installed...

i checked my work twice and i readed and tryied the "check list"... still not works..

maybe my problem is the same of Mechanical Mind:
I made an error in uploading the modified files. Other than that, this hack works great
what kind of problem u can discover uploading 2 files?


thanks for assistance :)

* Gnappy installed

what kind of problem u can discover uploading 2 files?


thanks for assistance :)

He didn't upload the edited files. I can double check your file edits if you want but other than the things on the check list I can't think of anything that would stop it from working. The most common problem that people seem to have is not having the webmaster email set correctly in the admincp.

first of all: thx for reply :D

my webmaster mail is correctly setted up, i made all the points in your "check list" and it seems all ok...

im sure i uploaded the correct edited files(lol), if u want(thx in advance) i can send my 2 files on your email so u can check if i hacked correctly(i verified by myself twice)...

thanks a lot for your time :)

check your PMs..

Awesome hack duder.. thanks.. Worked like a charm on the very first try.

whoops..forgot to click - <install>. done..

Works :)

Very nice...when testing I got locked out of my own forum....works great

Very nice...when testing I got locked out of my own forum....works great
I've had the same error. I just did something wron when I installed it..

Was not an error, vb just locked out our IP address when we tried loging in wrong on purpose while testing it.

Ok, everything went well, but there's one problem:

The Password: field in the emails is left blank, so I can't tell what password was used. Any ideas?

Was not an error, vb just locked out our IP address when we tried loging in wrong on purpose while testing it.

always first turn of the strike system if you gonna test "passwordthings"

first of all: thx for reply :D

my webmaster mail is correctly setted up, i made all the points in your "check list" and it seems all ok...

im sure i uploaded the correct edited files(lol), if u want(thx in advance) i can send my 2 files on your email so u can check if i hacked correctly(i verified by myself twice)...

thanks a lot for your time :)


sorry man, i made a stupid mystake... bug with another hack, not the hack works nicely ;)


thx EvilLS1 :banana:

Ok, everything went well, but there's one problem:

The Password: field in the emails is left blank, so I can't tell what password was used. Any ideas?

The only thing I can suggest is re-checking the file edits to make sure nothing was missed. Sorry I can't be more helpful but I can't think of anything else that would cause it unless its conflicting with another hack.

Nope, it still doesn't give the password, and everything was installed flawlessly. The password used is the ONLY thing about this hack that doesn't work.

Super easy to install and works great. Thank you!

*clicks installed*

nice work, *click installed*

Thanks

After our former PHPbb board got hacked a few weeks ago, we decided to revert to vBulletin. And this hack is just the thing we need in case something like this happens again. :cool:

* Fusion.nl clicks install

/me clicky's install

very nice. took a bit for the first e-mails to be sent, but nice.

not simple to uninstall replaced the login.php and the adminfunctions.php but get the same check back in 15 minutes

Nice hack, going to install it shortly.

* derekivey clicks install

Nice hack, going to install it shortly.

* derekivey clicks install

Is there a V 3.5 version?

/me hits install without being caught!

Sweet hack.. Worked great

SUGGESTION:

I have largish board (approaching a million posts) with thousands of posts/visits per day. To support that, I have admins and mods, of course, as well as super user groups with increased permission levels.

It would be useful if I could know about failed log-in attempts for all super-permission groups, regardless of log-in location. That is, if someone is trying to crack my admin pwd or the pwd of a mod by logging into the public forums, I would want to know about that too!

So, if I could track all failed log-ins, regardless of log-in point, for just certain, small groups, that would help. I don't care about the attempted pwd.

SUGGESTION:

I have largish board (approaching a million posts) with thousands of posts/visits per day. To support that, I have admins and mods, of course, as well as super user groups with increased permission levels.

It would be useful if I could know about failed log-in attempts for all super-permission groups, regardless of log-in location. That is, if someone is trying to crack my admin pwd or the pwd of a mod by logging into the public forums, I would want to know about that too!

So, if I could track all failed log-ins, regardless of log-in point, for just certain, small groups, that would help. I don't care about the attempted pwd.

I have not installed this hack yet, but im about to...but this is a really good idea what you said, i would like to know if someone is trying to hack into for instance one of my members that are in the usergroup underground....so we could assign which usergroup to track.

That would be a great update if you had the time.

But very nice hack, im about to install now.

very useful! tested and works like a charm, thanks!
/me clicks install

Loving it all the way!! Installed!!

install clicked, works like charm for vb3.0.8

tested and got the email, good security warning mod

Anyone know if this works on vB 3.5?

Anyone know if this works on vB 3.5?

No, it doesn't. Check my profile for the one that does. ;)

Thanks Boofo! :)

ok I love this hack - can I use this on 3.5 or shoudl I use something else?

ok I love this hack - can I use this on 3.5 or shoudl I use something else?

https://vborg.vbsupport.ru/showpost.php?p=782969&postcount=195

https://vborg.vbsupport.ru/showpost.php?p=782969&postcount=195


https://vborg.vbsupport.ru/showpost.php?p=790289&postcount=57