Same here buddy 1 failed login ip banned mostly from my mobile :(

Ya i was able to duplicate it again last night, with a single wrong password attempt. For now, I disabled all but EMAIL ADMINISTRATOR - so it wont shut down the forum again.

Thanks for the reply to let me know I'm not imagining things :)

Rhody

I'll attempt to replicate this myself as soon as I have time, if I can't I'll reach out to one of you for FTP/AdminCP information.

Fillip

There is a bit of a change I would make to this mod. Add an option to add IP to a blacklist (for 30 days or increments in months) for failed logins within x amount of time would be great.

https://vborg.vbsupport.ru/attachmen...4&d=1325289905

Finally got around to upgrading to 1.1.1 today on vB4.2.1, and I'm having a very strange error. My users and staff (including moderators but not including admins) cannot access their notifications or profile pages. I had updated several other addons in the same session (all DB Tech addons: Advanced User Tagging, vB Arcade, Username Change and AJAX Threads), but we've confirmed the error did not crop up until after this addon was installed.
The error only happened after this addon was updated, but did not seem to vanish when the addon was disabled/uninstalled.

EDIT: Hmmmm. Looks like it may be an addon conflict with Tournaments, Ladders & Leagues Manager v4.x. Disabled that addon, and now it's working again. Don't know how the heck that error could stay there even when I'd disabled/uninstalled vBSecurity, but since it only cropped up after updating this...*shrugs*

Thank you ! I will try it :D

vBSecurity v1.1.2

ACP Access Log / Verifier

• Triggers an email alert if the IP addresses no longer match
• Sends email to the Webmaster Email listed in the vBulletin Options

Fillip

Please could I check something with this mod?

There's 2 kinds of rules you can set up for failed login attempts. 1 is for any IP address in eg. 5 mins and the other is for 1 IP address in eg. 5 mins. I think I understand the alerts produced for 1 IP address in eg. 5 mins in that 1 IP address has made multiple attempts to access accounts and has failed? but was does the alert for any IP address in eg. 5 mins mean? It will mention a handful of usernames but only one IP so I'm not sure what the IP relates to in that situation?

So far, this has been a great mod to have. I wish I'd installed in sooner :)

I would like to see two improvements in the Login Strikes Viewer to make this even more useful.

1. Differentiate between bogus (non-existent) usernames and existing usernames
2. Indicate if the displayed IP address has been banned

Awesome mod. Purchased the pro version.

Wish i had found this a long time ago to enforce password complexity requirements during registration / password changes.

Support is awesome too, they listened to some of my suggestions regarding the mass password reset feature and got the changes implemented very quickly. :-)

Yes it is a very good mod I use many of their pro versions myself

vBSecurity v1.1.3

Changes to Existing Features:

Mass Password Reset

• Now uses a more secure method of generating temporary passwords
• Enables greater security for users, avoiding brute force attacks on their passwords before the passwords can be changed

Fillip

EDIT: Answered on DBTech forums. ANSWERED HERE

I'm getting the following message when I try to change any vBSecurity settings in ACP.
----------
"Forbidden

You don't have permission to access /admincp/vbsecurity.php on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request."
----------

vB 4.2.2 - vBSecurity v1.1.3

Fresh vB install with a hand full of members and forums/post imported from phpbb3

Only other mod installed is DBTech Copyright Management v2.1.1
Have now disabled both in Manage Products but am still unable to change any settings.

8-)

UPDATE: Just installed vBShout and I'm getting the same Forbidden message when I try to change the settings.
"Forbidden

You don't have permission to access /admincp/vbshout.php on this server."

So I uninstalled vBSecurity and deleted all the files but this hasn't fixed it.

All other vB settings changes work fine, it's only DBTech mods that produce the error.

I've looked for any .htaccess and there's none and checked file permissions which all DBTech .php files are set to 0644 where all other vB .php files on the server are 0600.

8-/

After ugrading to the latest version there seems to be a problem when a standard password change is effected. Please could you advise? The below error is displayed :

Database error in vBulletin 4.2.2:

Invalid SQL:
UPDATE user SET
salt =
passworddate =
password =
dbtech_vbsecurity_forcenewpass =
WHERE userid = ;

MySQL Error : Unknown column 'dbtech_vbsecurity_forcenewpass' in 'field list'
Error Number : 1054
Request Date : Monday, April 20th 2015 @ 10:08:45 AM
Error Date : Monday, April 20th 2015 @ 10:08:45 AM
Script : /profile.php?do=updatepassword
Referrer : /profile.php?do=editpassword
IP Address :
Username :
Classname : vB_Database_MySQLi
MySQL Version : 5.5.41-0ubuntu0.14.04.1

The error means you are missing a table but that table was and is not there and never was in this plugin so I dont see how you are getting the error unless you edited the xml

Have not edited the XML. This just came about after upgrading to the latest release from the DB site. I believe it's tied in with one of the new features in the new release.

This wait for the coder to reply as they will know but I cant see that table or if its part of a table name so this see what the coder has to say

vBSecurity v1.1.4

New Features:

Scheduled Password Reset

• Enforces a password reset for a user upon next login, via the User Manager in the ACP
• Mimicks the "Password Expiry" feature in vBulletin
• Great for forcing users to provide a more secure password

(Pro) Mass Scheduled Password Reset

• Enforces a password reset for every account upon next login
• Mimicks the "Password Expiry" feature in vBulletin
• Great for forcing users to provide a more secure password

Fillip

Fillip

Did not install the latest until now so I see the coder has put in the new table to the update

hey guys thanks for the great mods you guys do :) just a quick question say for some odd reason you white list an ip and it changes > how would you then access the acp ? since i am the only one that will access. i want to just have my ip allowed. but if my cable company for some reason switched my ip. what would i do ? would i lose all ability to get in ?

Best to make yourself a superadmin and don't whitelist your IP if you are locked out you can disable plugins via config, but if that does not work you won't get back in

what controls the ban there has to be a way to access phpmyadmin and just remove the banned ip. I was banned by strikes system :( playing with it

since its a fresh install new board its not a huge issue, But it would be nice to be able to do something if this ever happened again when the forum is live and has many users.

Try removing your IP from setting/banip via PHPMyAdmin.

yeah i tried that still same So its storing somewhere else as well

Maybe try as ForceHSS suggested above and temporarily disable all hooks/plugins to get in and resolve things.

You can do this by inserting the line
define('DISABLE_HOOKS', true);
after the line that reads
<?php
in /includes.config.php on your web server.

that didnt work either. I just installed a fresh copy of the forum since it was just in the design stage so it wasn't a big deal. But it would be nice if the the creators could answer what you can do in case this happens.

If you cant access your admincp pm me your site url and admin login I will remove your ip from the list. There is a way to unban yourself but unless you know how to giving me access is faster

Thanks for the offer bud :) but i just ended up deleting that forum and just reinstalling it was a brand new instance so it wasnt anything major to lose :)

vBSecurity v1.1.4 Patch Level 1

Bug Fixes:

• Fixed an issue where the mod wasn't initialised in the ModCP

Fillip

vBSecurity v1.1.4 Patch Level 2

Bug Fixes:

• Fixed an issue where the "IP Awaiting Authorisation" message would not display correctly in the DBSEO CP.

Fillip

vBSecurity v1.1.4 Patch Level 3

Bug Fixes:

• The "Unrecognised AdminCP Login From <new IP address>" email would be sent without a subject and body

Fillip

vBSecurity v1.1.5

New Features:

AdminCP Login Viewer

• Paginated list of all AdminCP logins
• Filter by User Name
• Filter by start/end date
• Filter by IP Address
• Change sort column

AdminCP Login Prune

• Only accessible to users with the required config.php permission
• Optional age limit

Fillip

vBSecurity v1.1.6

New Features:

Admin Strikes Viewer: Prune

• Only accessible to users with the required config.php permission
• Optional age limit

Changes To Existing Features:

General / Other

• Streamlined the phrasing for the ACP Logins and Admin Strikes interfaces

Fillip

I just wanted to say this is a really good mod. I have known about it for the last year but had no idea all of what this did based on the description. It's crazy this hasn't won mod of the month yet. Everyone who runs a VBulletin forum should install this. It provides some nice logging that VBulletin doesn't have natively, it adds additional protections for privileged accounts and it provides some nice options for alerting of suspicious behavior. It even has a check you can run and provides suggestions on things you can do to better lock down your system.

I might have more ideas later but the one suggestion I would have for the developers is to consider bundling the strong authentication mod with this one and have some options to selectively turn that on for moderators, supermoderators and administrators - possibly as an alternative to the IP address check. I'd give the option to do both.

vBSecurity v1.1.7

New Features:

Change Log Viewer: Prune

• Only accessible to users with the required config.php permission
• Optional age limit

Fillip

vBSecurity v1.1.7 Patch Level 1

Bug Fixes:

• Turning off the modification via the vBulletin Options will now work as intended

Fillip

I'm noticing super moderators getting block from the moderator control panel with the blocked message saying they are not white-listed for access to the admincp. I thought this was only for blocking access to the admincp, no one reported any problems to me before the last update to vBSecurity. Am I missing something here?

That was added as a feature, they'll receive an email to confirm their IP addresses :)


Fillip

I thought the feature was added for super administrators. The admin account flagged in the config.php.

I'm talking about super moderators and I'm not seeing any documentation mentioning super moderators.