vb.org Archive
Page 13 of 15 « First 31112 13 1415
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 4.x Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=245)
-   -   Administrative and Maintenance Tools - [DBTech] vBSecurity v2 (vB4) (https://vborg.vbsupport.ru/showthread.php?t=276228)

DragonByte Tech 08-09-2015 11:40 PM
vBSecurity v1.1.8

New Features:

Login Strikes Viewer
  • Login Strikes log entries can now be pruned
  • Requires the "Can Prune Log Entries" config.php permission


Fillip

DragonByte Tech 08-17-2015 09:38 PM
vBSecurity v1.1.8 Patch Level 2

Bug Fixes:
  • Turning the modification off via the "Enable Modification" vBOption meant you could no longer access the majority of vBSecurity admin controls
  • Fixed an issue with the "login strikes" page that could produce a fatal error in certain scenarios


Fillip

Dam13n 08-25-2015 05:26 PM
For some reason, real users/visitors get IP banned when using this mod even though there were no signs of brute force login from them. I have cases when visitors got IP banned by trying to login to accounts that don't even exist in my forum database.

af1 racing 11-06-2015 08:42 PM
Quote:
Originally Posted by DragonByte Tech (Post 2550514)
That was added as a feature, they'll receive an email to confirm their IP addresses :)
Fillip
What if they don't receive the email?

I have just upgraded to 1.2.1 and several users are reporting that they get locked out when updating their profile to "Enable IP Verification". As an Admin I also did not receive the verification email when accessing the adminCP for the first time after installation, but I was able to gain access with a quick query.

Is there a way to resend or view the email queue? Or authorize their IP through the adminCP?

DragonByte Tech 11-09-2015 07:56 PM
vBSecurity v1.2.1

New Features:

IP Verification: Front-End
  • Users can control whether to require email confirmation of new IP addresses for front-end pages
  • Toggleable via the UserCP
  • Works in a similar fashion to the AdminCP and ModCP versions

IP Access Log
  • Tracks all IP addresses used to access a user account
  • Overrides the "Search IP Addresses" functionality in vBulletin to provide advanced functionality
  • Works with all existing links to the "Search IP Addresses" functionality

IP Access Log: Search New IPs
  • Searches for any new IP addresses being used to access accounts
  • Displays a familiar looking list of IP addresses
  • Selectable "start date" to check for new IPs

IP Access Log: Multiple Account Access IPs
  • Searches for any IP addresses being used to access multiple accounts
  • Displays a familiar looking list of IP addresses

Changes To Existing Features:
  • Altered vBulletin & vBSecurity tables to be IPv6 compatible


Fillip

DragonByte Tech 11-16-2015 03:37 PM
vBSecurity v2.0.0

New Features:

(Pro) New Security Watcher: "Failed Logins: Non-Existent Usernames"
  • Checks for logins against a single username that doesn't exist
  • Lets you take separate action towards bots trying to login with stolen user credentials that don't exist on your site
  • Integrates into the existing "Logins" watcher group

(Pro) New Security Watcher: "Failed Mass Logins: Non-Existent Usernames"
  • Checks for logins against multiple usernames that don't exist
  • Lets you take separate action towards bots trying to login with stolen user credentials that don't exist on your site
  • Integrates into the existing "Logins" watcher group

(Pro) Compromised Accounts Detection
  • Alerts the webmaster if someone has failed multiple logins and then successfully logs in to an account
  • Lets you search the logs for the IP address in question to determine whether this is legitimate

(Pro) IP Ban Log Viewer
  • Browsable and searchable log of all banned IP addresses (from the point of installing v2)
  • Lets you ensure no legitimate members are banned

Multiple Watcher Actions
  • Define more than 2 actions per watcher
  • Prioritised in the order they are defined
  • Gives you even more fine-tuned control over the actions taken against potential intruders

Log Pruning
  • Old entries from the adminstrikes, loginstrikes and ipverify tables can be automatically pruned
  • Settable in the vBulletin Options
  • Defaults to pruning data older than 30 days


Changes To Existing Features:

Security Watcher Log
  • Rewritten to improve performance
  • Uses a dedicated log table instead of using the datastore


Fillip

akz645 11-16-2015 06:26 PM
Quote:
Originally Posted by DragonByte Tech (Post 2558497)
Changes To Existing Features:
  • Altered vBulletin & vBSecurity tables to be IPv6 compatible
https://theadminzone.com/threads/vbu...counts.136907/
1) So will this mod prevent prevent that?

----

2) Can this Mod notify mods/admins by posting in a specific forum section (via designated userID selected by the admin), when multiple accounts are being logged into by the same IP address?
3) Can this Mod notify mods/admins by posting in a specific forum section (via designated userID selected by the admin), when one account is being logged into by the multiple IP address?

4) Can this Mod notify mods/admins by posting in a specific forum section (via designated userID selected by the admin), when multiple accounts are being logged into on the same computer (cookies/cache detection)?
5) Can this Mod notify mods/admins by posting in a specific forum section (via designated userID selected by the admin), when one account is being logged into by the multiple computers (cookies/cache detection)?

DragonByte Tech 11-16-2015 06:32 PM
Quote:
Originally Posted by akz645 (Post 2558855)
1) So will this mod prevent prevent that?
Yes it does :)

Quote:
Originally Posted by akz645 (Post 2558855)
2) Can this Mod notify mods/admins via a specific forum section, when multiple accounts are being logged into by the same IP address?
3) Can this Mod notify mods/admins via a specific forum section, when one account is being logged into by the multiple IP address?

4) Can this Mod notify mods/admins via a specific forum section, when multiple accounts are being logged into on the same computer (cookies/cache detection)?
5) Can this Mod notify mods/admins via a specific forum section, when one account is being logged into by the multiple computers (cookies/cache detection)?
None of these things are possible at this time, this is not a "multiple account detection" mod. This mod focuses on addressing behavioural patterns that are potentially harmful to the security of your forum, whereas multiple accounts is more related to circumventing bans.

All alerts go to the Webmaster Email account as well :)


Fillip

DragonByte Tech 12-07-2015 05:56 PM
vBSecurity v2.1.0

New Features:

IP Verification
  • IP addresses that have been verified by users or administrators will no longer be subject to IP bans
  • Helps prevent false positives

Admin IP Verification: Re-Send Emails
  • Administrators can request to re-send the email to verify their IP address
  • Useful if the email takes a long time to arrive for whatever reason

User IP Verification: Re-Send Emails
  • Users can request to re-send the email to verify their IP address
  • Useful if the email takes a long time to arrive for whatever reason

Security Watcher Display
  • The time period for the Security Watcher display can be configured
  • Default: 7 days
  • Controlled via vBulletin Options

(Pro) User IP Verification: Admin Control
  • Super Administrators can disable a member?s IP verification setting via the AdminCP user management screen
  • Accessed via the User Manager

(Pro) IP Address Search: Country Display
  • The IP Address Search screen includes the IP address' country, if your system supports this
  • Requires GeoIP2 downloaded database on your server
  • Controlled via vBulletin Options

(Pro) IP Host Lookup: Country Display
  • The IP Host Lookup screen includes the IP address' country, if your system supports this
  • Requires GeoIP2 downloaded database on your server
  • Controlled via vBulletin Options

(Pro) IP Address Search: IP Usage
  • The IP Address Search displays the first and last logged date for a particular IP in the "Logged IP Addresses" list
  • Only displays IP addresses since v2.0.0 was installed.

(Pro) Compromised Accounts Log
  • Displays a list of accounts flagged as potentially compromised
  • Quick links to users' logged IP addresses as well as displaying current IP address
  • Fully searchable
  • Can only be viewed by administrators with the "Can View Admin Logs" config.php permission
  • Can be pruned by administrators with the "Can Prune Admin Logs" config.php permission

(Pro) Watcher log
  • Displays the complete list of all Watcher log entries
  • Can be filtered by individual watchers
  • Fully searchable
  • Can only be viewed by administrators with the "Can View Admin Logs" config.php permission
  • Can be pruned by administrators with the "Can Prune Admin Logs" config.php permission

(Pro) User IP Verification log
  • Displays the complete list of all user IP Verification entries
  • Displays whether the IP has been verified or not
  • Fully searchable
  • Can only be viewed by administrators with the "Can View Admin Logs" config.php permission
  • Can be pruned by administrators with the "Can Prune Admin Logs" config.php permission

(Pro) Admin IP Verification log
  • Displays the complete list of all admin IP Verification entries
  • Displays whether the IP has been verified or not
  • Fully searchable
  • Can only be viewed by administrators with the "Can View Admin Logs" config.php permission
  • Can be pruned by administrators with the "Can Prune Admin Logs" config.php permission


Changes To Existing Features:
  • Consolidated the code that applies watcher actions to enable easy extension in the future
  • Config Tampering alerts can now be reset
  • Reworded one of the new Log Prune options to clarify what exactly it?s pruning
  • All log pages now require the config.php "Can View Admin Logs" setting for additional security
  • "AdminCP Logins Viewer" now uses username search instead of a drop-down for improved performance
  • "Admin Strikes Viewer" should now perform better as a result of removal of an unreliable feature
  • "Login Strikes Viewer" now uses username search instead of a drop-down for improved performance
  • "IP Ban Log Viewer" now allows you to filter by action when pruning the log


Bug Fixes:
  • An issue where limiting the IP Ban Log by action would not work as intended has been corrected
  • "Failed Admin Logins" have been moved to the "Logins" watcher group, as was intended
  • Fixed an issue where the Config Tamper watcher log could not be reset


Fillip

af1 racing 12-07-2015 06:28 PM
Excellent! Thanks for the quick development.


All times are GMT. The time now is 05:53 PM.
Page 13 of 15 « First 31112 13 1415
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01273 seconds
  • Memory Usage 1,784KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (4)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)pagenav_pagelinkrel
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete