Great Hack, installed perfectly on my board running 2.2.0.

Hi,

i found that it only works if the username is already in the database! That make no sense for me! I want to be informed also if someone is trying to log in when he is not a registered member! is that possible?

Or does it work on your site?

Greetings

Also wondering.

thanx a million

Works as stated on a 2.2.2 board.

Thanks alot FireFly!!!

RoC

Thanks for the awesome hack!

[QUOTE]Originally posted by Birdie501
Hi,

i found that it only works if the username is already in the database! That make no sense for me! I want to be informed also if someone is trying to log in when he is not a registered member! is that possible?

Or does it work on your site?

Greetings

Nobody has a solution for me?
Thats bad (sad)

:cry:

Hi, Chen.

I have been using this simple but essential hack since it was born... :stoned:
Yesterday, for the first time, I received a true alert of someone trying to access the AdminCP, I guess... Hwr, some /admin/ dir script, as it is within the session.php of the admin section...
The first true after a lot of simulated ones by me to tryout the efficience...

Well; this is a very strange thing, as I protected the web dir also by an .htaccess of Apache... with another userid/password, of course.

So I realized should be needed more informations about the potential intruder.
For example, the exact page/script he (oopss.... he/she :pleased: ) called, the referrer page and many more info.

Where (which object within the session.php script) could I retrieve those informations and more ?
I though something like phpinfo(INFO_ENVIRONMENT) or phpinfo(INFO_VARIABLES) (what better?), for example to be attached to the mail() function ...

What do you think about ? How could I save all these and set a mime type to attach the buffer ?

Thanks a lot, FF.

Bye

How do u password protect your admin control panel please help

thanks

.htaccess on Apache web-server.
It does protect the urls (from a given directory with all children..)

Another question: HOW COULD I read the bboard cookies on cracker browser and send them along with the phpinfo (above) email ?
Thanks again.

Thnx but i have no idea but i will have a go and also how do u do this

(in attachment)

[QUOTE]Originally posted by Shane_2k
Thnx but i have no idea but i will have a go and also how do u do this
(in attachment)

Hi, would this work for 2.2.4?

Got home from work - installed the hack - no problems there, but I am not getting any emails sent to me.

Checked my VB options, the email address is correct, it works, just tested it...

Mmm... maybe it's my server... I'm with VO...

Same here Erwin.
Installed the hack but I don't get any emails!
Anyone managed to fix it??

not sure if this works yet. just playing around with it so if anyone can think of how to fix/improve it let me know.

I added the scriptpath, real username as found from cookie, real username as found from sessions, and a link to search for username using that ip

Thanks Mutt, it's working now! (on version 2.2.4 too) ;-)

Mutt i have tried your version and the original version but no luck with 2.2.4

does yours work with 2.2.4? i like the idea alot.

maybe i am doing something wrong cause i did have this hack installed before with version 2.2.1

thanks for the help

got it working for the most part but can't seem to get any memberinfo from the cookies

doesn't identify anyone. i logged into the forums under a test account then did a bogus login to the admin section and i only got this message in teh email alert

Sessions identifys them as Thier cookie identifys them as Array

I can't get it to work. I can't even get it to email me :( Code looks like it should work but I just can't test it

i can get it to work but can't get the usernames from the cookie file to appear. that would be a really sweet feature so it would be easy to identify exactly who it is

Hmm.. this is totally strange. How come it works for me ? :paranoid:
This is the email that I get if someone tries to login on the admin panel with a wrong password.

[QUOTE]Someone is trying to login using your admin account!
The Script was :

Username they tried to use: test
Password they tried to use: test (098f6bcd4621d373cade4e832627b4f6 in encryption)

The IP address is: XXX.X.XX.XX
The host is: XXX.XXXXX.com

Search for members using this ip .php?action=doips&s=&ipaddress=XXX.XXXXX.com

Sessions identifys them as Thier cookie identifys them as Array

I just have a quick question. Seeing how I don't have a "webmaster@yadda-yadda.com" email, can I put a different email in instead of the webmaster one?

<$webmasteremail>");

like...could I put:
<$myemailaddress>");

would that work? Or is it some special coding? Thanks!

$webmasteremail represents whatever you put in your board's Admin CP on the vBulletin Options page in the Contact Details section on the line for Webmaster's email. Whatever you have there is where an email to $webmasteremail will go.

Thanks for your fast reply.
I put the hack in, and then took it out.
Now when I go to log into the CP it says

Warning: Cannot add header information - headers already sent by (output started at /home/xxxbo/public_html/admin/sessions.php:399) in /home/xxx-bo/public_html/admin/global.php on line 136

Warning: Cannot add header information - headers already sent by (output started at /home/xxx-bo/public_html/admin/sessions.php:399) in /home/xxx-bo/public_html/admin/global.php on line 162

Hang on a sec

and then it brings me back to the login page...
HELP!!

The problem is with your sessions.php file. The error message says that, plus that's the only file edited by this hack. If you put this hack in, then took it out, and didn't do ANYthing else at all, then most likely you didn't take out the hack code properly. I don't know what else could be. Do you have a backup copy of sessions.php to try?

use this one


Updates

correctly idenifies user via sessions and cookie
it also idetifies which script they were trying to access.

this currently only produces an email when an admin username is used with the incorrect password. I'm going to dig a little and try and get it to work for all incorrect admin logins

firefly, I've added alittle to your hack

Here's the chunk of code that needs to be added to 2 files


the first addition is in sessions.php as instructed by firefly

it goes right after



then second additon is in adim/global.php

and it goes right after

now you'll get an email like this

[QUOTE]Someone is trying to login to your control panel!
The Script was : /forum/admin/index.php

Username they tried to use: xxxxxxxx
Password they tried to use: xxxxxx (d344c7e7f54ac73cf730fd91faf6391b in encryption)

The IP address is: xx.xx.xx.xx
The host is: xxxxxxxxxxxxxxx

Search for members using this ip
http://yoursite.com/forum/admin/user...ss=xx.xx.xx.xx

Thier cookie identifys them as xxxxxxx

Sessions identifys them as xxxxxxxxxx

[QUOTE]Originally posted by JJR512
The problem is with your sessions.php file. The error message says that, plus that's the only file edited by this hack. If you put this hack in, then took it out, and didn't do ANYthing else at all, then most likely you didn't take out the hack code properly. I don't know what else could be. Do you have a backup copy of sessions.php to try?

Can you make this with your vbhack installer?

makes life easier!

[QUOTE]Originally posted by Mutt
firefly, I've added alittle to your hack
.......

Hey people, let me know if you have any problems with this

you are getting 2 emails?

I'll throw some more testing at it and see if I can duplicate the problem

[QUOTE]Originally posted by Mutt
you are getting 2 emails?

I'll throw some more testing at it and see if I can duplicate the problem

Great hack !

I have added some code to see through proxy in combination with this .htaccess: Options Indexes FollowSymLinks Includes

$ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("R EMOTE_ADDR"),$HTTP_HOST);
$iphostname = @gethostbyaddr($ipaddress);
$ipaddress2=iif(getenv("HTTP_X_FORWARDED_FOR")!="" ,getenv("HTTP_X_FORWARDED_FOR" ),$HTTP_HOST);
$iphostname2 = @gethostbyaddr($ipaddress2);
$message="Someone is trying to login using your admin account!\n\nUsername he tried to use: $loginusername\nPassword he tried to use: $loginpassword (".md5($loginpassword)." in encryption)\n\nThe (Proxy) IP address is: $ipaddress\nThe host is: $iphostname\nIP address is: $ipaddress2\nThe host is: $iphostname2";
mail($webmasteremail,"Warning: vBulletin Admin Login Tried",$message,"From: \"$bbtitle Admin CP\" <$webmasteremail>");
eval("standarderror(\"".gettemplate("error_wrongpa ssword")."\");");

HTH

Peter

[QUOTE]Originally posted by Heckwork
Great hack !

I have added some code to see through proxy in combination with this .htaccess: Options Indexes FollowSymLinks Includes


Peter

[high]* Floris waits for firefly to update the original code with all the tweaks here and makes it an xxx.hack.php for vbhacker :)[/high]

/me might do that

Does this only work if someone uses a username that is in the database? Or does this work with any name a person might put in?

]just added that "addon" by Mutt and Heckwork.
works good! :D

Thanks firefly,

Installed and works great.

phil