vb.org Archive
Page 3 of 5 12 3 45
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.0 Full Releases (https://vborg.vbsupport.ru/forumdisplay.php?f=33)
-   -   Email notification if someone attempts to access your Admin CP (https://vborg.vbsupport.ru/showthread.php?t=64519)

9mmPrincess 07-28-2004 10:43 AM
Quote:
Originally Posted by flyertalk
Works for me on version 3.0.0! Excellent stuff, thanks!
installed, tested, works great, muchas gracias :)

9mmPrincess 07-28-2004 10:50 AM
one thing-is it possible to get this for the modcpanel too?

Lee 07-28-2004 11:19 AM
I installed the version of the hack for 3.0.3 and when I go to test it by logging in with a wrong password, I get a white screen with this:

Fatal error: Call to undefined function: log_vbulletin_error() in /home/hsphere/local/home/projectp/projectprotect.org/forum/login.php on line 184

Any idea's on where I wen wrong?

Thanks!

Lee 07-28-2004 01:20 PM
Quote:
Originally Posted by speedpro50
I installed the version of the hack for 3.0.3 and when I go to test it by logging in with a wrong password, I get a white screen with this:

Fatal error: Call to undefined function: log_vbulletin_error() in /home/hsphere/local/home/projectp/projectprotect.org/forum/login.php on line 184


Any idea's on where I wen wrong?

Thanks!
Oh wait - I guess that is what it is supposed to do - I just got 3 emails telling someone (me) tried to login with an invalid password!

Okay okay, I am learning...THANKS FOR THIS HACK! :)

EvilLS1 07-28-2004 06:35 PM
Quote:
Originally Posted by 9mmPrincess
one thing-is it possible to get this for the modcpanel too?
It already does that. :)

speedpro50,
You shouldn't be getting that error. Check to make sure that you didn't accidentally remove this line of code:
Code:
// log this error if attempting to access the control panel
require_once('./includes/functions_log_error.php');
If that line is there then try temporarily removing this hack and see if it still happens when trying an incorrect password. This hack makes no changes or calls to that function so I'm guessing that the error will still be there even with it removed.

9mmPrincess 07-28-2004 08:50 PM
Quote:
Originally Posted by EvilLS1
It already does that. :)

.

lol-i checked, and so it does :) great hack :devious:

EvilLS1 07-29-2004 12:24 PM
Quote:
Originally Posted by 9mmPrincess
lol-i checked, and so it does :) great hack :devious:
Thank you. :)

Hiro 08-08-2004 07:51 PM
Someone is trying to login to your Admin CP!

Username tried: Psycho
Password tried:
IP Address: ***.***.***.***
Host: ***.***.***.***
Strikes: 1/5
Referer:
Script: http://www.teenagechaos.com/login.php
Date: Sunday 08th of August 2004 03:48:04 PM
vBulletin has identified this user as: Psycho

Amazing hack man!!!!

EvilLS1 08-08-2004 08:04 PM
Thank you, but credit for the concept goes to Chen. :)

weirdpixels 08-12-2004 12:25 PM
thanks for bring this hack to vb3 :)
*installs

Zelda-King 08-17-2004 10:12 AM
Upgrade to 3.0.3 functioning perfectly. :)

roundhost 08-17-2004 10:27 AM
This is great, im glad i found this, i am always looking to add extra security :)

joergh 08-18-2004 05:50 PM
Nice, small and very userful! :banana:

Thanks!

joergh

Allen Mead 08-19-2004 08:58 PM
That is a pukka Hack Top job fellas.

dsmcd01 08-20-2004 12:03 AM
Installed, and feeling better for it. ;)

However, on my forum the message is not sent until the next login event. In other words, if there's an unsuccessful login to admincp the email is not sent until someone logs into the main forum or the admincp (successfully or unsuccessfully).

It's as though a subsequent login event has to happen before the email notification occurs. Reinstalled the hack several times and tested thoroughly&repeatedly and this is the only conclusion I can come up with. My forum is not that active, especially in the evening. I can wait for hours to get the message, but as as soon as the next user enters the email is instantly sent.

vB303 on Win2kServ with PHP 433 MySQL 4.0.14b Deerfield WebSitePro.

Other than that, I'm glad to have it.

/clicked Install

D.

Onkel_Tom 08-20-2004 12:29 AM
Onkel_Tom clicks install on vB3.0.3
But a small problem with the used password, this field is empty in the email.
any idea ?

Zelda-King 08-20-2004 01:12 AM
I know this problem. It means you overlooked something. Go through your file edits again.

EvilLS1 08-20-2004 01:58 AM
dsmcd01,
Thats strange. On the previous pages of this thread someone mentioned that the Mailqueue system causes this. I didn't think that feature had any effect on the webmaster's email but it might be worth a try to turn it off if you have a slow board. If you want to see if it has any effect you can disable Mailqueue by going to admincp + server settings & optimization options. Other than that I can't think of anything that would be causing it.

Onkel_Tom,
Like Zelda-King said, that sounds like a missed file edit. Recheck all of your file edits, specifically those in adminfunctions.php.

dsmcd01 08-20-2004 03:51 AM
Quote:
Originally Posted by EvilLS1
dsmcd01,
Thats strange. On the previous pages of this thread someone mentioned that the Mailqueue system causes this. I didn't think that feature had any effect on the webmaster's email but it might be worth a try to turn it off if you have a slow board. If you want to see if it has any effect you can disable Mailqueue by going to admincp + server settings & optimization options. Other than that I can't think of anything that would be causing it.
That did the trick. Nice coding, and appreciate the assistance.

D.

Rahzel_hx 08-20-2004 10:25 AM
Why didn't i see this in vb2.... would have saved alot of hacking troubles... *Storms off mad but thankful i seen it today*

Onkel_Tom 08-20-2004 10:35 AM
Quote:
Originally Posted by EvilLS1
Onkel_Tom,
Like Zelda-King said, that sounds like a missed file edit. Recheck all of your file edits, specifically those in adminfunctions.php.
Sorry, i checked the code more than twice and the empty password field in eMail still exists. I also compared the installation instructions for vB before 3.0.2 with the 3.0.0 an above version to see what is the difference, but both look similar exclude the "find twice" step.

I'm using vB3.0.3, perhaps this could be the problem ?

Zelda-King 08-20-2004 12:43 PM
No, I'm using 3.0.3 and it's working.

Onkel_Tom 08-20-2004 01:15 PM
thanks for the answer.

grief 08-20-2004 04:42 PM
/me clicks install

italks 08-23-2004 06:28 PM
INSTALLED here too thanks.

RS25com 08-27-2004 12:15 PM
You know what could be an interesting add-on? Use it for SUCCESSFUL logons as well. Now, of course, if it's just a one-man show (like many sites) you'll know when you have logged on. If you had mods, you'll see their logon attempts and passwords, but hopefully you won't abuse your mods, now, anyway since you could easily change their password if you REALLY wanted to log in as them.

However, this could be good to identify someone who actually KNOWS your password and is logging in.

Thoughts?

EvilLS1 08-27-2004 01:56 PM
Quote:
Originally Posted by RS25com
You know what could be an interesting add-on? Use it for SUCCESSFUL logons as well. Now, of course, if it's just a one-man show (like many sites) you'll know when you have logged on. If you had mods, you'll see their logon attempts and passwords, but hopefully you won't abuse your mods, now, anyway since you could easily change their password if you REALLY wanted to log in as them.

However, this could be good to identify someone who actually KNOWS your password and is logging in.

Thoughts?
Check this post for my thoughts on viewing other user's passwords:
https://vborg.vbsupport.ru/showpost....2&postcount=46

SamirDarji 08-28-2004 01:41 AM
There has been a lot of discussion about something like this to see all login requests, which would be a huge amount of data on larger sites. But what about the idea of limiting the monitoring to a particular user group, like administrators or mods? That would target the important accounts. Just an idea at this point. I have to get my board up and running the way I want before I start hacking at it. :D

SaN-DeeP 09-01-2004 03:21 AM
someone the hack dont work for me ?
i am using vb 3.0.3

when a normal user enters correct username/password and tries to access the admincp, I do not receive an email.
Even the user dont get an error-message (only if he is using the correct user/pass)

I am getting email when he enters wrong user/pass to admincp

I guess, it should also send emails, when users enters correct username/password but they dont have access to admincp ?

correct me if i am wrong.

thank you

EvilLS1 09-01-2004 11:36 AM
San-Deep,
No, thats how its supposed to work. You will only get an email if someone enters an incorrect username or password. If they enter the correct username and password but do not have access it'll log them into the forum but not the admincp (just redirects them back to the cp login page).

royals 09-15-2004 09:56 PM
thanks!

HondaATC 09-16-2004 02:11 PM
Well I guess I'm the only one having this problem (3.03) but when I search for

Code:
// log this error if attempting to access the control panel
require_once('./includes/functions_log_error.php');
in login.php, it says its not there. Therefor I cannot add

Code:
$fstrk = "Strikes: $GLOBALS[strikes]/5\r\n";

$subject= 'WARNING: Failed admin logon in ' . $DB_site->appname . ' ' . $vboptions['templateversion'] . "\r\n\r\n";
                       
$message="Someone is trying to login to your Admin CP!\n\n $fusername $fpassword $fipaddress Host: $iphostname\r\n $fstrk $freferer $fscriptpath $fdate $realname";

vbmail($vboptions['webmasteremail'], $subject, $message);
I am using the instructions for vb3.02 and up. Help?

EvilLS1 09-17-2004 02:09 AM
HondaATC,
In an un-modified v3.0.3 login.php the code is on lines 169 & 170.

HondaATC 09-17-2004 01:38 PM
I found it, about 6 lines above that. Weird, don't know why the find>replace command didn't get it. Thanks for the help!

fuse3k 09-23-2004 06:05 AM
Great step towards security. Thank you very much, *Installed*.

theArchitect 09-24-2004 11:49 PM
Very cool. *clicks install*.

And very useful for the security conscious admins out there.

theArchitect 09-26-2004 12:39 AM
Quote:
Originally Posted by EvilLS1
Its possible but not practical b/c your inbox would be filled with notifications due to regular members mis-typing their password or username. To do something like that it would be a better idea to store failed logins in the database and let the admin view them in the control panel.
It is possible and I have achieved it (though I didn't want too). I have checked my install procedure a couple of times but seem to have done everything correctly.

Any thoughts as to what I did wrong? It is getting annoying receiving e-mails when users miss type their details.

EvilLS1 09-26-2004 12:48 AM
Quote:
Originally Posted by theArchitect
It is possible and I have achieved it (though I didn't want too). I have checked my install procedure a couple of times but seem to have done everything correctly.

Any thoughts as to what I did wrong? It is getting annoying receiving e-mails when users miss type their details.
About the only thing I can think of that would cause it to report all mistyped passwords/usernames would be if you placed the last bit of code from the instructions (the last edit to login.php) in the wrong place.

Make sure this bit of code:
Code:
$fstrk = "Strikes: $GLOBALS[strikes]/5\r\n";

$subject= 'WARNING: Failed admin logon in ' . $DB_site->appname . ' ' . $vboptions['templateversion'] . "\r\n\r\n";
                       
$message="Someone is trying to login to your Admin CP!\n\n $fusername $fpassword $fipaddress Host: $iphostname\r\n $fstrk $freferer $fscriptpath $fdate $realname";

vbmail($vboptions['webmasteremail'], $subject, $message);
..is after this bit of code:
Code:
                if ($logintype === 'cplogin' OR $logintype === 'modcplogin')
                        {

                // log this error if attempting to access the control panel
                        require_once('./includes/functions_log_error.php');
Other than that I can't think of anything that would cause it.

theArchitect 09-26-2004 01:03 AM
Quote:
Originally Posted by EvilLS1
About the only thing I can think of that would cause it to report all mistyped passwords/usernames would be if you placed the last bit of code from the instructions (the last edit to login.php) in the wrong place.

Make sure this bit of code:
Code:
$fstrk = "Strikes: $GLOBALS[strikes]/5\r\n";

$subject= 'WARNING: Failed admin logon in ' . $DB_site->appname . ' ' . $vboptions['templateversion'] . "\r\n\r\n";
                       
$message="Someone is trying to login to your Admin CP!\n\n $fusername $fpassword $fipaddress Host: $iphostname\r\n $fstrk $freferer $fscriptpath $fdate $realname";

vbmail($vboptions['webmasteremail'], $subject, $message);
..is after this bit of code:
Code:
                if ($logintype === 'cplogin' OR $logintype === 'modcplogin')
                        {

                // log this error if attempting to access the control panel
                        require_once('./includes/functions_log_error.php');
Other than that I can't think of anything that would cause it.
Thankyou for your speedy response. It is in the right spot. It will just have to go down as a "vB X File".

I have had one or two of these, so am not excessively surprised. Luckily my users don't get their passwords wrong too often.

EvilLS1 09-26-2004 01:08 AM
Hmmm.. Weird. Are you sure these users aren't trying to login through the admin section? In the emails that you get what does it say next to referer?
If it says: http://www.yoursite.com/forums/admincp/ then they are trying to login through the admincp.


All times are GMT. The time now is 06:18 PM.
Page 3 of 5 12 3 45
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01626 seconds
  • Memory Usage 1,831KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (7)bbcode_code_printable
  • (11)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (40)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete