vb.org Archive
Page 2 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.8 Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=235)
-   -   Administrative and Maintenance Tools - [DBTech] vBSecurity v2 (vB3) (https://vborg.vbsupport.ru/showthread.php?t=276229)

DragonByte Tech 07-04-2015 07:50 PM
vBSecurity v1.1.7 Patch Level 1

Bug Fixes:
  • Turning off the modification via the vBulletin Options will now work as intended


Fillip

SpadMan 07-06-2015 02:25 PM
Several good improvements this year. Unfortunately vBSecurity hasn't reduced the number of mass logons hammering my site. And banning the spoofed IP addresses just causes problems for legitimate users.

DragonByte Tech 07-06-2015 02:32 PM
Unfortunately, in order to reduce those, you would need alternative solutions. This isn't designed to be a preventative measure, but rather a reactive measure. In other words, "oh hey I see X is going on, I should verify and react to it" rather than something akin to what a firewall would be (e.g. blocking malicious traffic without user interaction).

Fillip

DragonByte Tech 08-09-2015 11:40 PM
vBSecurity v1.1.8

New Features:

Login Strikes Viewer
  • Login Strikes log entries can now be pruned
  • Requires the "Can Prune Log Entries" config.php permission


Fillip

DragonByte Tech 08-17-2015 09:38 PM
vBSecurity v1.1.8 Patch Level 2

Bug Fixes:
  • Turning the modification off via the "Enable Modification" vBOption meant you could no longer access the majority of vBSecurity admin controls
  • Fixed an issue with the "login strikes" page that could produce a fatal error in certain scenarios


Fillip

DragonByte Tech 11-09-2015 07:57 PM
vBSecurity v1.2.1

New Features:

IP Verification: Front-End
  • Users can control whether to require email confirmation of new IP addresses for front-end pages
  • Toggleable via the UserCP
  • Works in a similar fashion to the AdminCP and ModCP versions

IP Access Log
  • Tracks all IP addresses used to access a user account
  • Overrides the "Search IP Addresses" functionality in vBulletin to provide advanced functionality
  • Works with all existing links to the "Search IP Addresses" functionality

IP Access Log: Search New IPs
  • Searches for any new IP addresses being used to access accounts
  • Displays a familiar looking list of IP addresses
  • Selectable "start date" to check for new IPs

IP Access Log: Multiple Account Access IPs
  • Searches for any IP addresses being used to access multiple accounts
  • Displays a familiar looking list of IP addresses

Changes To Existing Features:
  • Altered vBulletin & vBSecurity tables to be IPv6 compatible


Fillip

DragonByte Tech 11-16-2015 03:37 PM
vBSecurity v2.0.0

New Features:

(Pro) New Security Watcher: "Failed Logins: Non-Existent Usernames"
  • Checks for logins against a single username that doesn't exist
  • Lets you take separate action towards bots trying to login with stolen user credentials that don't exist on your site
  • Integrates into the existing "Logins" watcher group

(Pro) New Security Watcher: "Failed Mass Logins: Non-Existent Usernames"
  • Checks for logins against multiple usernames that don't exist
  • Lets you take separate action towards bots trying to login with stolen user credentials that don't exist on your site
  • Integrates into the existing "Logins" watcher group

(Pro) Compromised Accounts Detection
  • Alerts the webmaster if someone has failed multiple logins and then successfully logs in to an account
  • Lets you search the logs for the IP address in question to determine whether this is legitimate

(Pro) IP Ban Log Viewer
  • Browsable and searchable log of all banned IP addresses (from the point of installing v2)
  • Lets you ensure no legitimate members are banned

Multiple Watcher Actions
  • Define more than 2 actions per watcher
  • Prioritised in the order they are defined
  • Gives you even more fine-tuned control over the actions taken against potential intruders

Log Pruning
  • Old entries from the adminstrikes, loginstrikes and ipverify tables can be automatically pruned
  • Settable in the vBulletin Options
  • Defaults to pruning data older than 30 days


Changes To Existing Features:

Security Watcher Log
  • Rewritten to improve performance
  • Uses a dedicated log table instead of using the datastore


Fillip

DragonByte Tech 12-07-2015 05:57 PM
vBSecurity v2.1.0

New Features:

IP Verification
  • IP addresses that have been verified by users or administrators will no longer be subject to IP bans
  • Helps prevent false positives

Admin IP Verification: Re-Send Emails
  • Administrators can request to re-send the email to verify their IP address
  • Useful if the email takes a long time to arrive for whatever reason

User IP Verification: Re-Send Emails
  • Users can request to re-send the email to verify their IP address
  • Useful if the email takes a long time to arrive for whatever reason

Security Watcher Display
  • The time period for the Security Watcher display can be configured
  • Default: 7 days
  • Controlled via vBulletin Options

(Pro) User IP Verification: Admin Control
  • Super Administrators can disable a member?s IP verification setting via the AdminCP user management screen
  • Accessed via the User Manager

(Pro) IP Address Search: Country Display
  • The IP Address Search screen includes the IP address' country, if your system supports this
  • Requires GeoIP2 downloaded database on your server
  • Controlled via vBulletin Options

(Pro) IP Host Lookup: Country Display
  • The IP Host Lookup screen includes the IP address' country, if your system supports this
  • Requires GeoIP2 downloaded database on your server
  • Controlled via vBulletin Options

(Pro) IP Address Search: IP Usage
  • The IP Address Search displays the first and last logged date for a particular IP in the "Logged IP Addresses" list
  • Only displays IP addresses since v2.0.0 was installed.

(Pro) Compromised Accounts Log
  • Displays a list of accounts flagged as potentially compromised
  • Quick links to users' logged IP addresses as well as displaying current IP address
  • Fully searchable
  • Can only be viewed by administrators with the "Can View Admin Logs" config.php permission
  • Can be pruned by administrators with the "Can Prune Admin Logs" config.php permission

(Pro) Watcher log
  • Displays the complete list of all Watcher log entries
  • Can be filtered by individual watchers
  • Fully searchable
  • Can only be viewed by administrators with the "Can View Admin Logs" config.php permission
  • Can be pruned by administrators with the "Can Prune Admin Logs" config.php permission

(Pro) User IP Verification log
  • Displays the complete list of all user IP Verification entries
  • Displays whether the IP has been verified or not
  • Fully searchable
  • Can only be viewed by administrators with the "Can View Admin Logs" config.php permission
  • Can be pruned by administrators with the "Can Prune Admin Logs" config.php permission

(Pro) Admin IP Verification log
  • Displays the complete list of all admin IP Verification entries
  • Displays whether the IP has been verified or not
  • Fully searchable
  • Can only be viewed by administrators with the "Can View Admin Logs" config.php permission
  • Can be pruned by administrators with the "Can Prune Admin Logs" config.php permission


Changes To Existing Features:
  • Consolidated the code that applies watcher actions to enable easy extension in the future
  • Config Tampering alerts can now be reset
  • Reworded one of the new Log Prune options to clarify what exactly it?s pruning
  • All log pages now require the config.php "Can View Admin Logs" setting for additional security
  • "AdminCP Logins Viewer" now uses username search instead of a drop-down for improved performance
  • "Admin Strikes Viewer" should now perform better as a result of removal of an unreliable feature
  • "Login Strikes Viewer" now uses username search instead of a drop-down for improved performance
  • "IP Ban Log Viewer" now allows you to filter by action when pruning the log


Bug Fixes:
  • An issue where limiting the IP Ban Log by action would not work as intended has been corrected
  • "Failed Admin Logins" have been moved to the "Logins" watcher group, as was intended
  • Fixed an issue where the Config Tamper watcher log could not be reset


Fillip

DragonByte Tech 01-01-2016 12:11 AM
vBSecurity v2.1.0 Patch Level 3

Bug Fixes:
  • Fixed an issue where administrators without "Can Administer vBSecurity" could no longer search for IP Addresses (regression)
  • Fixed an issue with the Search IP Addresses page on vB3


Fillip

DragonByte Tech 01-18-2016 06:56 PM
vBSecurity v2.1.0 Patch Level 4

Bug Fixes:
  • IP Verification should no longer run if the current page is the [DBTech] Two-Factor Authentication page


Fillip

DragonByte Tech 02-28-2016 04:45 PM
vBSecurity v2.2.0

New Features:

Global IP Address Whitelist
  • IPs can be protected from triggering any actions (such as forum closure or bans)
  • Powerful wildcard options similar to vBulletin's IP banning
  • Controlled via vBulletin Options


Fillip

DragonByte Tech 04-25-2016 08:52 PM
Changed Features:
  • A fresh copy of the jQuery library is now only downloaded if one has not been downloaded previously. Requires updating of all other affected DBTech mods to take full effect.


Fillip

DragonByte Tech 05-30-2016 08:44 PM
vBSecurity v2.2.2

New Features:

"Failed Logons" Watcher
  • Option to send an alert to the user whose account has been triggered

Changed Features:
  • "Failed Mass Logons" now only triggers if the user tries unique usernames

Bug Fixes:
  • The "Failed Mass Non-Existent Logons" rule sets would not trigger correctly, instead the "Failed Mass Logons" ruleset was used


Fillip

DragonByte Tech 07-11-2016 02:44 PM
vBSecurity v2.2.3

New Features:

CLI Maintenance Script
  • Ability to execute either of the two maintenance actions via the command line

Search IP Addresses: Find Potential Intruder IP Addresses
  • Displays a list of IP addresses who have failed to login to valid member accounts more than once
  • Also displays any successful logins from these IP addresses

Bug Fixes:
  • A few phrases were accidentally created with the wrong phrase key, leading to blank emails being sent in some scenarios
  • The "Password Rules" checkboxes would not update if the user pasted their password via the right click menu


vBSecurity v2.2.4

Changed Features:

Password Reset
  • The created password is now based on the user?s password rule requirements
  • The Mass Password Reset action now creates a random password based on the user?s password rule requirements



Fillip

c0der 08-05-2016 03:56 PM
nice work

at dimofinf script have warring in admincp to folder not have firewall

add it its good
and else firewall to include and modcp

its good idea for you to add it in product ;)

DragonByte Tech 08-07-2016 01:14 PM
Quote:
Originally Posted by c0der (Post 2574401)
nice work

at dimofinf script have warring in admincp to folder not have firewall

add it its good
and else firewall to include and modcp

its good idea for you to add it in product ;)
Sorry, I'm not sure what you're suggesting, could you clarify please?


Fillip

keharris53 08-10-2016 06:20 PM
Hi. Installed and am getting the following error when I try to access options in the left menu:
Parse error: syntax error, unexpected '[' in /usr/local/apache2/htdocs/bulletinboard/dbtech/vbsecurity/includes/adminfunctions.php on line 121

DragonByte Tech 08-10-2016 06:22 PM
Quote:
Originally Posted by keharris53 (Post 2574584)
Hi. Installed and am getting the following error when I try to access options in the left menu:
Parse error: syntax error, unexpected '[' in /usr/local/apache2/htdocs/bulletinboard/dbtech/vbsecurity/includes/adminfunctions.php on line 121
It sounds like you are running a very old version of PHP. Could you please make sure you are running the latest version of vB3, and that you are running PHP 5.6?


Fillip

keharris53 08-10-2016 06:47 PM
Thanks. That's it, I'm running 5.1...

DragonByte Tech 08-10-2016 06:49 PM
Quote:
Originally Posted by keharris53 (Post 2574587)
Thanks. That's it, I'm running 5.1...
PHP 5.1 has not received security updates for quite literally 10 years. Your server is at severe risk just now.


Fillip

keharris53 08-10-2016 07:07 PM
I'm already working on the update, thanks. I can handle that myself but if I have to also update MySql in the process that will be server side and there will be fees involved. Thanks!

DragonByte Tech 02-16-2017 09:02 AM
vBSecurity v3.3.0:
Feature: New option: Enable Account Breach Check
Feature: New option: Account Breach Check: Check Username

This mod has been updated to be brought in line with the XenForo version.

Fillip

cheech47 08-20-2017 05:44 AM
Hi,
Tried to install, had previous version before but had removed.
On Import received an error regarding global_complete.php
Need to edit path for config.php as i had changed this.
In AdminCP any options for this mod shows this sql error:
Code:
Invalid SQL:

                SELECT  administrator.*,
                        userfield.*, usertextfield.*, user.*, UNIX_TIMESTAMP(passworddate) AS passworddate, user.languageid AS saved_languageid,
                        IF(user.displaygroupid=0, user.usergroupid, user.displaygroupid) AS displaygroupid,
                        language.phrasegroup_global AS phrasegroup_global,
                        language.phrasegroup_dbtech_vbsecurity AS phrasegroup_dbtech_vbsecurity,
                        language.phrasegroup_cphome AS phrasegroup_cphome,
                        language.phrasegroup_logging AS phrasegroup_logging,
                        language.phrasegroup_threadmanage AS phrasegroup_threadmanage,
                        language.phrasegroup_maintenance AS phrasegroup_maintenance,
                        language.phrasegroup_banning AS phrasegroup_banning,
                        language.phrasegroup_cpuser AS phrasegroup_cpuser,
                        language.phrasegroup_cpoption AS phrasegroup_cpoption,
                        language.phrasegroup_cppermission AS phrasegroup_cppermission,
                        language.phrasegroup_diagnostic AS phrasegroup_diagnostic,
                        language.phrasegroup_cpglobal AS phrasegroup_cpglobal,
                        language.options AS lang_options,
                        language.languagecode AS lang_code,
                        language.charset AS lang_charset,
                        language.locale AS lang_locale,
                        language.imagesoverride AS lang_imagesoverride,
                        language.dateoverride AS lang_dateoverride,
                        language.timeoverride AS lang_timeoverride,
                        language.registereddateoverride AS lang_registereddateoverride,
                        language.calformat1override AS lang_calformat1override,
                        language.calformat2override AS lang_calformat2override,
                        language.logdateoverride AS lang_logdateoverride,
                        language.decimalsep AS lang_decimalsep,
                        language.thousandsep AS lang_thousandsep
                       
                FROM user AS user
                LEFT JOIN userfield AS userfield ON (user.userid = userfield.userid)
                LEFT JOIN usertextfield AS usertextfield ON (usertextfield.userid = user.userid) LEFT JOIN administrator AS administrator ON (administrator.userid = user.userid) LEFT JOIN language AS language ON (language.languageid = IF(user.languageid = 0, 2, user.languageid))
               
                WHERE user.userid = 1;

MySQL Error  : Unknown column 'language.phrasegroup_dbtech_vbsecurity' in 'field list'
Any help? Cheers

cataplasia 01-25-2018 05:06 PM
I am confused by the purpose of the IP Address Verifier - can someone explain it to me? I tried it out with my VPN, and the 'Stored IP Address' changes to whatever IP I am currently browsing from, so how is this supposed to work?

DragonByte Tech 06-19-2018 12:05 PM
The download package has been updated to address a minor security vulnerability that could allow an attacker to inject code for their own user only (not other users) when viewing their currently active login sessions.

This vulnerability cannot be used to exploit your forum, this is not a critical vulnerability.

Fillip


All times are GMT. The time now is 12:58 PM.
Page 2 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01435 seconds
  • Memory Usage 1,824KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code_printable
  • (3)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (25)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete