g'day Firefly,

I installed this hack onto 2.2.9 and it did not send any email notification to me at all!

I left it for a while incase it was a mail server issue, but still no notifications.

But, strangely and no more importantly, it corrupted the forums to the point that my hidden forum was being displayed! :confused:

I wasnt able to log into my admin area either! (with the correct u/name & p/word)

If you have any suggestions that would be great! as i have had to revert back to the original code.

hey guys, great hack got it working on 2.2.8 with the following code
and it sends me a nice email like the following (when i tested it out myself)

awesome stuff, way to go guys!

Installed above version! :)

I would say I am fairly good with installing hacks and whatnot. But I could not get this to work with 2.2.5 and I got a parse error text at the top of my forums when i installed it. Very strange. Im confuseled

Nice, it works perfectly. :)

EDIT: I mean the older version. ^^;; I just saw this new version. Where do I insert all that? :ermm:

damn. upgraded to 2.2.9 and now ive got to reinstall it!!!

so does this work for 2.2.9 then people? just checking before i install it :)

no reason why not. every other hack ive installed has worked so far but now youve gone and made me paranoid :) so ill wait too :)

Works for my 2.2.9, but having trouble sending to multiple recipients.

Working great with the updated version posted, using 2.3.0.

well today i sent out a mass email to 6000 members on my site

to find to my astonishment it sent out 6000 emails to everyone saying that someone was trying to access the admin cp :(

it also sent out my password in encryption to everyone of my members :(

lucky people have auto responses on ..... so i saw it straight away from a few members auto's

to be honest i find this site fantastic and the work people do, i have been hacking boards for about 5 years now i followed this down to the last letter.

but i am so unhappy that this could happen ... it makes me look incompetent , stupid and now everyone will be wondering what this this admin cp is all about :(

please someone tell me this is not a joke !!!!

[QUOTE]Originally posted by Mickie D
well today i sent out a mass email to 6000 members on my site

to find to my astonishment it sent out 6000 emails to everyone saying that someone was trying to access the admin cp :(

it also sent out my password in encryption to everyone of my members :(

lucky people have auto responses on ..... so i saw it straight away from a few members auto's

to be honest i find this site fantastic and the work people do, i have been hacking boards for about 5 years now i followed this down to the last letter.

but i am so unhappy that this could happen ... it makes me look incompetent , stupid and now everyone will be wondering what this this admin cp is all about :(

please someone tell me this is not a joke !!!!

thank you m8, it was like a hit from the blue (whatever that is like lol)

the worst part is the members that got the mail all tried to login into the admin panel not on purpose of course but to get in the site

i had 2000 mails to my hotmail acount telling me that these people tried to login there :( it actually stopped at 1000 odd because i run out of space with hotmail :(

please if you have installed this be careful when mass mailing :(

http://www.world-of-digital.com/foru...threadid=15492

look at this :(

im not advertising my site just so pissed that this has happened

I'm sorry to say I have the same problem, when sending mail within the CP

it sends:

Someone is trying to login to the Sushi Incorporated control panel!
The Script was : /forums/admin/email.php

Username they tried to use:xxxxx
Password they tried to use:xxxxx (xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx in encryption)

The IP address is: xxx.xxx.xxx.xxx
The host is: xxx.xxx.dk

Search for members using this ip
http://www.sushi-inc.dk/forums/admin...xx.xxx.xxx.xxx

Thier cookie identifys them as W@NKER?

Sessions identifys them as W@NKER?

Any solution to that??

and I also recieve 4-5 mails every time I log in admin with correct password.
:(

I use VB 2.2.9

Please help!!

Thanks in advance


[QUOTE]Originally posted by Mickie D
http://www.world-of-digital.com/foru...threadid=15492

look at this :(

im not advertising my site just so pissed that this has happened

is there a way so it can send it to two email addresses?

l8er
sonic

Another great hack FireFly. *clicks install*

There is one part I would like to see added on though for future versions. How about the "hackers" IP being banned after 3 un-sucessful attempts to login to the panel ? Something to think about.

M

hehe :)

I would like to put a text warning on below the admin password box about the protection and a note that says all unauthorized violators will be recored and sent to my data center.

Which file or template would I add my warning to?

Cheers,

Midz

hehe :)

I would like to put a text warning on below the admin password box about the protection and a note that says all unauthorized violators will be recored and sent to my data center.

Which file or template would I add my warning to?

Cheers,

Midz

is not working for me ????????? :(

if (isset($loginusername) and isset($loginpassword)) {
if ($bbuserinfo=$DB_site->query_first("SELECT user.*,userfield.* FROM user LEFT JOIN userfield ON userfield.userid=user.userid WHERE user.username='".addslashes(htmlspecialchars($logi nusername))."'")) {
if (md5($loginpassword)!=$bbuserinfo[password]) {
$ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("R EMOTE_ADDR"),$HTTP_HOST);
$iphostname = @gethostbyaddr($ipaddress);
$message="Someone is trying to login using your admin account!\n\nUsername he tried to use: $loginusername\nPassword he tried to use: $loginpassword (".md5($loginpassword)." in encryption)\n\nThe IP address is: $ipaddress\nThe host is: $iphostname";
mail($webmasteremail,"Warning: vBulletin Admin Login Tried",$message,"From: \"$bbtitle Admin CP\" <$webmasteremail>");

works fine on 2.3.0 final for me.

Great Hack, love it =]

thanks for this hack
i've got a suggestion:
it would be great if you can receive this message via icq/msn/aim/etc. :)

Chen, the same thing on 2.3 - fix-it, please!

This is working as written in my 2.3.0-final upgrade.

I LOVE this hack.

:cool:

I have upgraded to version 2.3.0 and used this code (see attachment). Is this code still correct or do I need an updated code? At this moment Vbulletin is not sending me a breakin message :ermm:

Please help...

Well i tried the first post of Firefly on the final 2.3.0 and it is not sending any mail to me.
Does anyone have the plain original Firefly version working on 2.3.0? I do not need the version with host lookups and all, knowing the stuff that's in FF's original hack is enough for me.
Please help.

people using 2.3 change "mail" to "vbmail", I think that may help. However, I haven't tested the hack so :dead:

Thank you for the tip, but unfortunately that does not work, i just tried. I also think the mail command is send to the server and the server would not understand vbmail as command, or maybe it should be $vbmail then?

Would be nice if Firefly would have a look into this. It's a great hack and I really would like to continue to use it in 2.3.0 beside my .htaccess security, double security is always more safe.;)

Maybe I could also use the updated version with more info but I need a version then which is tested and working on 2.3.0 too.

YES! It's working again in 2.3.0 final. But maybe some feature can be added. I will state it below
I did it like this:

Under this line:
if (md5($loginpassword)!=$bbuserinfo[password]) {

add:
$ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("R EMOTE_ADDR"),$HTTP_HOST);
$iphostname = @gethostbyaddr($ipaddress);
$message="Someone is trying to login using your admin account!\n\nUsername he tried to use: $loginusername\nPassword he tried to use: $loginpassword (".md5($loginpassword)." in encryption)\n\nThe IP address is: $ipaddress\nThe host is: $iphostname";
mail($webmasteremail,"Warning: vBulletin Admin Login Tried",$message,"From: \"$bbtitle Admin CP\" <$webmasteremail>");

It works in 2.3.0 final, but only when the username of the admin is used.
So if you don't have the username Administrator as admin, you won't get any mail if somebody is trying to login as Administrator.
If you username is Joe and you are admin, and somebody is trying to login as Joe, you -will- get an email.

Feature:
A nice feature would be if could be detected if *anybody* is trying to login to the Admin cp no matter which username he is trying, so you will also get an email if somebody is trying to login as Administrator in your admin cp, even if the user "Administrator" does not exist.

Nice hack FireFly.

/me clicks install.

Nice Hack, Chen! :classic:

[high]* Salazar clicked install already ;)[/high]

[QUOTE]06-08-03 at 01:02 PM BlackTiger said this in Post #230
Thank you for the tip, but unfortunately that does not work, i just tried. I also think the mail command is send to the server and the server would not understand vbmail as command, or maybe it should be $vbmail then?

Would be nice if Firefly would have a look into this. It's a great hack and I really would like to continue to use it in 2.3.0 beside my .htaccess security, double security is always more safe.;)

Maybe I could also use the updated version with more info but I need a version then which is tested and working on 2.3.0 too.

i have installed it ;)

vieln dank
diesen hack habe ich gesucht
gute arbeit
thx

Just testing this... looks good.. THANKS !

I'd like to use this hack, if its working on stable release of vB 2.3.0 ??

thanks

Yes this hack works fine, I just followed the instructions in the very first post.

I'm on 2.3.3 here :)

*Clicks install!

is it possaible to mods this a little to alert the webmaster of all invalid attemps not just admin cp