vb.org Archive
Page 11 of 26 « First 910 11 121321 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 2.x Full Releases (https://vborg.vbsupport.ru/forumdisplay.php?f=4)
-   -   Get an e-mail if someone is trying to access your Admin CP (With IP address) (https://vborg.vbsupport.ru/showthread.php?t=32707)

trainer 03-21-2002 08:13 PM
i can get it to work but can't get the usernames from the cookie file to appear. that would be a really sweet feature so it would be easy to identify exactly who it is

pdaGuy 03-22-2002 12:47 AM
Hmm.. this is totally strange. How come it works for me ? :paranoid:
This is the email that I get if someone tries to login on the admin panel with a wrong password.

[QUOTE]Someone is trying to login using your admin account!
The Script was :

Username they tried to use: test
Password they tried to use: test (098f6bcd4621d373cade4e832627b4f6 in encryption)

The IP address is: XXX.X.XX.XX
The host is: XXX.XXXXX.com

Search for members using this ip .php?action=doips&s=&ipaddress=XXX.XXXXX.com

Sessions identifys them as Thier cookie identifys them as Array

Liz 03-22-2002 03:51 AM
I just have a quick question. Seeing how I don't have a "webmaster@yadda-yadda.com" email, can I put a different email in instead of the webmaster one?

<$webmasteremail>");

like...could I put:
<$myemailaddress>");

would that work? Or is it some special coding? Thanks!

JJR512 03-22-2002 03:55 AM
$webmasteremail represents whatever you put in your board's Admin CP on the vBulletin Options page in the Contact Details section on the line for Webmaster's email. Whatever you have there is where an email to $webmasteremail will go.

Liz 03-22-2002 04:24 AM
Thanks for your fast reply.
I put the hack in, and then took it out.
Now when I go to log into the CP it says

Warning: Cannot add header information - headers already sent by (output started at /home/xxxbo/public_html/admin/sessions.php:399) in /home/xxx-bo/public_html/admin/global.php on line 136

Warning: Cannot add header information - headers already sent by (output started at /home/xxx-bo/public_html/admin/sessions.php:399) in /home/xxx-bo/public_html/admin/global.php on line 162

Hang on a sec

and then it brings me back to the login page...
HELP!!

JJR512 03-22-2002 04:41 AM
The problem is with your sessions.php file. The error message says that, plus that's the only file edited by this hack. If you put this hack in, then took it out, and didn't do ANYthing else at all, then most likely you didn't take out the hack code properly. I don't know what else could be. Do you have a backup copy of sessions.php to try?

Mutt 03-23-2002 01:53 PM
use this one

PHP Code:
            // email alert
            $ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
            $iphostname = @gethostbyaddr($ipaddress);
            if ($HTTP_COOKIE_VARS['bbuserid']) {
                $realuserid $HTTP_COOKIE_VARS['bbuserid'];
                $realusername=$DB_site->query_first("SELECT username FROM user WHERE userid='$realuserid'");
                $MessageAddon .= "\nThier cookie identifys them as ".addslashes($realusername[username]."\n");
            }
            if ($sessionids=$DB_site->query("SELECT userid FROM session WHERE host='$ipaddress' AND userid>0 GROUP BY userid")) {
                while ($sessionid $DB_site->fetch_array($sessionids)) {
                    $realusername=$DB_site->query_first("SELECT username FROM user WHERE userid='$sessionid[userid]'");
                    $MessageAddon .= "\nSessions identifys them as ".addslashes($realusername[username]);
                }
            }
            $message="Someone is trying to login using your admin account!\nThe Script was : $PHP_SELF\n\nUsername they tried to use: $loginusername\nPassword they tried to use: $loginpassword (".md5($loginpassword)." in encryption)\n\nThe IP address is: $ipaddress\nThe host is: $iphostname\n\nSearch for members using this ip\n $bburl/admin/user.php?action=doips&s=&ipaddress=$ipaddress\n$MessageAddon";
            mail($webmasteremail,"Warning: vBulletin Admin Login Attempted",$message,"From: \"$bbtitle Admin CP\" <$webmasteremail>");
            // email alert 

Updates

correctly idenifies user via sessions and cookie
it also idetifies which script they were trying to access.

this currently only produces an email when an admin username is used with the incorrect password. I'm going to dig a little and try and get it to work for all incorrect admin logins

Mutt 03-23-2002 02:53 PM
firefly, I've added alittle to your hack

Here's the chunk of code that needs to be added to 2 files

PHP Code:
            // email alert
            $ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
            $iphostname = @gethostbyaddr($ipaddress);
            if ($HTTP_COOKIE_VARS['bbuserid']) {
                $realuserid $HTTP_COOKIE_VARS['bbuserid'];
                $realusername=$DB_site->query_first("SELECT username FROM user WHERE userid='$realuserid'");
                $MessageAddon .= "\nThier cookie identifys them as ".addslashes($realusername[username]."\n");
            }
            if ($sessionids=$DB_site->query("SELECT userid FROM session WHERE host='$ipaddress' AND userid>0 GROUP BY userid")) {
                while ($sessionid $DB_site->fetch_array($sessionids)) {
                    $realusername=$DB_site->query_first("SELECT username FROM user WHERE userid='$sessionid[userid]'");
                    $MessageAddon .= "\nSessions identifys them as ".addslashes($realusername[username]);
                }
            }
            $message="Someone is trying to login to the $bbtitle control panel!\nThe Script was : $PHP_SELF\n\nUsername they tried to use: $loginusername\nPassword they tried to use: $loginpassword (".md5($loginpassword)." in encryption)\n\nThe IP address is: $ipaddress\nThe host is: $iphostname\n\nSearch for members using this ip\n $bburl/admin/user.php?action=doips&s=&ipaddress=$ipaddress\n$MessageAddon";
            mail($webmasteremail,"Warning: vBulletin Admin Login Attempted",$message,"From: \"$bbtitle Admin CP\" <$webmasteremail>");
            // email alert 

the first addition is in sessions.php as instructed by firefly

it goes right after

PHP Code:
 if (md5($loginpassword)!=$bbuserinfo[password]) { 


then second additon is in adim/global.php

and it goes right after

PHP Code:
$getperms=$DB_site->query_first("SELECT cancontrolpanel FROM user,usergroup WHERE user.usergroupid=usergroup.usergroupid AND user.userid='$bbuserinfo[userid]'");
if ($getperms[cancontrolpanel]!=1) { 
now you'll get an email like this

[QUOTE]Someone is trying to login to your control panel!
The Script was : /forum/admin/index.php

Username they tried to use: xxxxxxxx
Password they tried to use: xxxxxx (d344c7e7f54ac73cf730fd91faf6391b in encryption)

The IP address is: xx.xx.xx.xx
The host is: xxxxxxxxxxxxxxx

Search for members using this ip
http://yoursite.com/forum/admin/user...ss=xx.xx.xx.xx

Thier cookie identifys them as xxxxxxx

Sessions identifys them as xxxxxxxxxx

Liz 03-23-2002 03:38 PM
[QUOTE]Originally posted by JJR512
The problem is with your sessions.php file. The error message says that, plus that's the only file edited by this hack. If you put this hack in, then took it out, and didn't do ANYthing else at all, then most likely you didn't take out the hack code properly. I don't know what else could be. Do you have a backup copy of sessions.php to try?

BlueWolf 03-23-2002 05:22 PM
Can you make this with your vbhack installer?

makes life easier!


All times are GMT. The time now is 02:22 AM.
Page 11 of 26 « First 910 11 121321 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01368 seconds
  • Memory Usage 1,780KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (4)bbcode_php_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)pagenav_pagelinkrel
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete