vb.org Archive
Page 3 of 3 12 3
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 4.x Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=245)
-   -   Administrative and Maintenance Tools - Mail Admin When fail to login to admincp V2 (https://vborg.vbsupport.ru/showthread.php?t=229231)

Domenico 05-02-2011 06:57 PM
Quote:
Originally Posted by Delphiprogrammi (Post 2163932)
hi,

I just noticed the plugin author is using values directly from $_POST[] superglobal array.This is a bad programming attitude certainly without any form of sanitization this could lead to XSS security holes he should use

PHP Code:
$vbulletin->GPC['variablename'
at least this way you're sure the values being submitted are clean
Has this been fixed?

lapiervb 07-20-2011 03:21 PM
Can you add your mods names to the "Administrator usernames" and have it send you an email if somebody tries to login to their account as well?

Christian_ 08-14-2011 07:32 AM
Thank you very much for the plugin, however I do have a question. Is it only my impression or does this plugin bypass the 5 strikes protection feature? If I try to login with wrong admin credentials at the top bar of the forum, I was able to enter passwords more than 5 times. I was always shown the predefined website that says my IP address was logged and sent to the admins, which is perfectly OK. I also received a mail every time the login attempt failed. But I'm not sure whether the 5 strikes protection mechanism is still in effect, since I wasn't shown this page.

Marios858 08-23-2011 10:16 AM
Excellent Modification , thanks , works fine on 4.1.5pli

garethsp 08-25-2011 07:38 AM
I like this mod worked well on latest version Thank you

lapiervb 03-28-2012 03:29 PM
Plugin doesnt seem to work with vb 4.1.10

mgurain 05-23-2012 10:35 PM
It's working on 4.2, but shouldn't this be upgraded ?

Regards,,

Orfalopi 07-13-2012 01:53 PM
Hi,

Nope, doesn't work,
I tried every suggestion as
Code:
http://www.FORUM.com/admincp/index.php
but it doesn't work !
Regrettable, because of security this could be a useful plugin.

Orfalopi

AliMadkour 07-24-2012 11:25 PM
sorry for my bad follow,
soon in days Version 2.5 with lot of customization

Orfalopi 07-25-2012 01:32 PM
Hi Ali

No problem and thanks for the response.
Meanwhile, I've managed to install the plugin.
(Just a small oversight on my part, which made that it didn't worked at first.)
Now it works perfectly on 4.1.12

Quote:
Originally Posted by Christian_ (Post 2233304)
Thank you very much for the plugin, however I do have a question. Is it only my impression or does this plugin bypass the 5 strikes protection feature? If I try to login with wrong admin credentials at the top bar of the forum, I was able to enter passwords more than 5 times. I was always shown the predefined website that says my IP address was logged and sent to the admins, which is perfectly OK. I also received a mail every time the login attempt failed. But I'm not sure whether the 5 strikes protection mechanism is still in effect, since I wasn't shown this page.
I've noticed this too.
If I, lets say, enter 7 times in succession a wrong password for the Admin,
then I receive 7 messages in my mailbox.
So far so good.
But, when I look at the _strikes table in my database, I see no record of this event,
which means that the waiting time of 15 minutes after 5 incorrect login attempts is circumvented.
When a cracker tries to break in with password-cracking software,
the mailbox will be flooded with messages.
Because there is no restriction on the number of login attempts, the cracker can continue to enter passwords without delay.
Maybe you can implement something, with which the 5 times (failed) login limit is preserved.

Otherwise, a great plugin :)
Good work :up:

Orfalopi

AliMadkour 07-27-2012 10:47 PM
Quote:
Originally Posted by Orfalopi (Post 2351316)
Hi Ali

No problem and thanks for the response.
Meanwhile, I've managed to install the plugin.
(Just a small oversight on my part, which made that it didn't worked at first.)
Now it works perfectly on 4.1.12



I've noticed this too.
If I, lets say, enter 7 times in succession a wrong password for the Admin,
then I receive 7 messages in my mailbox.
So far so good.
But, when I look at the _strikes table in my database, I see no record of this event,
which means that the waiting time of 15 minutes after 5 incorrect login attempts is circumvented.
When a cracker tries to break in with password-cracking software,
the mailbox will be flooded with messages.
Because there is no restriction on the number of login attempts, the cracker can continue to enter passwords without delay.
Maybe you can implement something, with which the 5 times (failed) login limit is preserved.

Otherwise, a great plugin :)
Good work :up:

Orfalopi
I am work in it now, :)

shershen08 11-02-2012 05:23 PM
doesn't work for me either
vb 4.1.12
https://vborg.vbsupport.ru/external/2012/11/34.png


All times are GMT. The time now is 09:36 PM.
Page 3 of 3 12 3
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.02212 seconds
  • Memory Usage 1,742KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code_printable
  • (1)bbcode_php_printable
  • (3)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (12)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete