|
Un-installed, way too many problems with this when enabled, as per the same as Old SchoolDSL
|
Am I to assume you are also refusing to provide constructive feedback in the same way the user you refer to refused?
Fillip |
vBSecurity v1.0.3:
Feature: Failed AdminCP Logins will now display the username the person tried and failed to login with Fillip |
question
i used this mod https://vborg.vbsupport.ru/showthrea...viewing+thread to replace superadmin ip is this going to affect anything in the mod? |
I don't know, I don't think so but I have never used that mod so I couldn't tell you :(
Fillip |
vBSecurity v1.0.4:
Feature: Added a block of text to Security Recommendations that discusses server security for WHM-based servers Fillip |
Installed Pro Version ! I think now save my site from hacking ?
|
this is a support thread for vbsecurity not the other fine mods that db has ..i say we get back on topic ....btw is a fine addon and works very well with latest version of vb no issues to speak of
|
Quote:
Fillip |
@DBT:
I changed the memcached settings in config file. At first , I received the security notification. Thats fine. But again every 2 or 3 days, I get the same notification (thrice at the same time) Code:
vBSecurity has detected a security alert regarding config.php Variable Tampering: |
Are you sure you have no modifications installed that could be causing this?
I'd suggest looking through every plugin from every mod and ensure none of them tamper with that variable, because I've dug through the vB4 code and they do not unset() or set to NULL that variable. On DBTech we are also using vBSecurity as well as the datastore prefix, and we have no such issues :) Fillip |
Vbseo might cause this? Because it also has a cache setting feature and i choosed Memcached in thtat .
|
That is entirely possible, could you try turning off memcached in vBSEO and see if that resolves the issue?
Fillip |
I can't find the settings for dual-authentication in the mod that is shown here:
https://vborg.vbsupport.ru/attachmen...1&d=1325289905 Where is it? |
As per the OP, that is a Pro-only feature :)
Fillip |
Quote:
I still get the config tampering notification. "$vbulletin->config['Datastore']['prefix'] is new: NULL" |
In that case I suggest going through all your installed mods and see if any of them make any such modifications to the $vbulletin->config array :)
Fillip |
Quote:
how to check each and individual plugin ??? |
It's what has to be done, unfortunately.
The error is not with vBSecurity, it's working as intended :) You can turn off the notification for config.php variable tampering of course, but that would reduce the security of your forum, especially considering you already have one security breach going on (the tampering you keep getting notifs for). Fillip |
Quote:
Haven't got this issue until I started using Memcached and changed the datastore settings in config.php May be, vbSecurity stored old config content , checks new config content and raises the notification. |
vBSecurity compares the values in the actual config.php file vs what $vbulletin->config holds every time a page loads, so that's not the case.
Fillip |
how can i install "pro"?
|
You'll need to purchase it from www.dragonbyte-tech.com and then perform the same steps you performed when installing Lite :)
Fillip |
vBSecurity v1.0.5:
Feature: The Affiliate ID setting now properly integrates with the link-back Feature: Added Login Strikes Viewer that lets admins browse all failed logins Fix: Bugs with the Admin Strikes Viewer that prevented natural browsing from working properly in some scenarios Fillip |
Affiliate ID link hotfix
Fillip |
So... I disabled the superadmin whitelist thingy and have subsequently banned mysef.
Any ideas on how to rectify? EDIT *: Resolved. I logged in via a different IP and removed the super admin setting. |
Can you please be more specific? What "whitelist thingy", and what is the message you're receiving?
Fillip |
vBSecurity v1.0.6
Feature: Improved logging details for Control Panel actions Change: Changed the Branding display method to inject itself into the copyright footer (underneath vBulletin copyright) instead of the page footer. Change: Changed the Branding Free Key to a more secure key. Fillip |
Could you make it possible to position Data[IPADDRESS] at a random place within the phrase ("dbtech_vbmail_security_alert_body"&"dbtech_vbsec urity_access_new_ip_message")?. Like: $IPADDRESS ?
I want to restyle the email text completely with a new location of the IP address. sry for my horrible English :o |
1 Attachment(s)
Dear DragonByte Tech,
I have an Idea which perhaps could be easily integrated within vBulletin. I’ very interested in what you think about it. My idea is about DDoS protection for vBulletin by Cloudflare. Cloudflare is focussed on DDoS protection and offers great free services for the public. Since Cloudflare provides a webservice API via an API Key, the DDoS protection of Cloudflare can be utilized by just invoking URIs by vBulletin to block attackers right in the Cloud so they even can reach the target system. The technical approach is done by invoking URIs for blocking and unblocking IP addresses. A block could be triggered by any relevant alert to be defined by the vBulletin operators to fit their needs. In vbulletin it could look like this ... Admin Panel Menu (example): Attachment 144558 Action (example): Attachment 144560 Options (for example): Attachment 144559 All you need is a free account with Cloudflare, the generated security tokens and of course your addon. :) Example Block: HTML Code:
https://www.cloudflare.com/api.html?a=ban&key <IPADRESS> = & u = EMAILUSER@EMAIL.com & tkn = TOKENHTML Code:
https://www.cloudflare.com/api.html?a=nul&key <IPADRESS> = & u = EMAILUSER@EMAIL.com & tkn =TOKENNote: Since Cloudflare is acting as a reverse proxy operators should install mod_cloudflare for apache to see real origin IP addresses instead of Cloudflare proxy IP addresses....see here. regards Soidberg |
Quote:
Quote:
Fillip |
i do wonder ... would be possible to add usergroup watcher / protector into this plugin ?
so nobody can mess with such groups (adding users) ? |
There already is a watcher - it's a Pro-only feature.
Protectors are covered by your AdminCP permissions, which is a default vBulletin feature. Fillip |
Update
Hotfix: PHP 5.4 Compatibility fixes This does not guarantee the mod is error free on PHP 5.4, but it will take care of the reported errors. Thank you all for your reports :) Fillip |
Quote:
|
I upgraded to 1.1.1 today and now see this on the top left, every time I sign into ADMIN CP:
Quote:
I'm not sure how to fix this, to make the notice go away. When I disable this mod temporarily, it goes away. My user id IS set up as a super administrator in config.php and I have even whitelisted the ip in the settings for this add-on. Any suggestions appreciated Rhody |
Ah disregard. The next day it had my real ip in both sections. I guess the first time it hasnt saved/logged your IP yet. (resulting in the mismatch error)
|
Hi, This Works for vB 5.0.5? :confused:
|
<a href="https://vborg.vbsupport.ru/attachment.php?attachmentid=135371&d=1325289905" target="_blank">Is this option only in the pro</a>
|
I think I found a bug in version 1.1.1
On my 4.2.1 patched system, this has happened twice in the past month. I have multiple admins and if an admin enters the wrong password just ONCE, it treats it like 25+ brute force attempts. It takes action with one attempt, ignoring the settings for # of attempts. Under SECURITY WATCHERS: GENERAL - I have: Quote:
I have temporarily taken away its ability to close the forum, because I was out yesterday and it shut down the forum for almost 5 hours. If I can help in any way to help duplicate/identify this behavior - don't hesitate to email me. Thanks Rhody |
| All times are GMT. The time now is 05:53 PM. |
Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
| X vBulletin 3.8.12 by vBS Debug Information | |
|---|---|
|
|
 More Information |
|
|
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|