Email notification if someone attempts to access your Admin or Mod CP
 

Email notification if someone attempts to access your Admin or Mod CP for vBulletin vB3.7.0 beta 4
Version 1.0.2
(By Boofo)

What does this modification do?
When someone tries to login to your Admin CP or Mod CP, you will get an email that contains the username they tried, their IP address, hostname, number of strikes, referrer, script, and the date & time of the attempt. It also will now distinguish itself in the message subject between a failed Admin CP attempt and a failed Mode CP attempt, so you will know right off which CP they tried to login to.

NOTE: Those who respectfully donate will be have access to the password version of this hack by sending me a PM after donation.

Credits:
Thanks to EvilLS1 for making the vB 3.0 version of this modification on which this update is based and released with permission.

Version Information:
Version 1.0.1 --Initial release
Version 1.0.2 --Removed password code for security reasons.

Installation overview:
--------------------------------------
Files to edit: (1)
--login.php


What it looks like in the Mod CP when an anonymous user tries to login:

-----------------------------------------------------
Someone is trying to login to your Your Forums Mod CP!
-----------------------------------------------------
Username tried: Ned
IP Address: 1.123.23.4
Host: 1-123-23-4.some.name.com
Strikes: 4 out of 5
Referer: http://www.yoursite.com/forums/modcp/
Script: http://www.yoursite.com/forums/login.php
Date & Time: Thursday, January 31st, 2008 at 8:22:29 am
-----------------------------------------------------

What it looks like in the Mod CP when a user from your site tries to login:

-----------------------------------------------------
Someone is trying to login to your Your Forums Mod CP!
-----------------------------------------------------
Username tried: Boofo
IP Address: 1.123.23.4
Host: 1-123-23-4.some.name.com
Strikes: 4 out of 5
Referer: http://www.yoursite.com/forums/modcp/
Script: http://www.yoursite.com/forums/login.php
Date & Time: Thursday, January 31st, 2008 at 8:22:29 am

USER ATTEMPT: Your Forums has identified this registered user as: Boofo

NOTE: If you do not click install, you do not need support.

Does this use the "contact us" email address by default ?

** EDIT**

Nevermid ... read the code, I see where it goes.

It uses your webmaster email setting in the Admin CP.

Dude... this is AWESOME !!

Nominated fo' MOTM.

Later Edit: Oh man... too bad it needs file edits. Is there any way you could turn this into a product?

Sorry, there aren't any hooks in those files to be able to do it that way.

I see... i'm securing my AdminCP with .htpasswd now, it'll be a bit safer.

That just lets you know what password they try in case it is close to yours or what method they are trying to use to get in. I wouldn't run my site without this.

Don't forget the install buttion. ;)

I tagged this mod. :)

BOOFO is back everyone! :up:

This will work from 3.6 on up.

And I don't recall seeing you visitng at all, or did I miss that? ;)

You missed it. :)

This must be standard! we all know that we work hard for our communities!

1. What happen to the right password? or everything the Administrator login?
2. What if they know ur password and want to change it?

Well, if they get that... then that is why you do daily backups.
Just log onto your server, get the backup, reup it, and change your pw.

Please make a product out of this. As this is a template edit, it is currently in the wrong section.

How is this a template edit if PHP files are edited?

interesting hack boofo ... :)

erm. I'll go and buy glasses.

The password code in this hack has been removed due to security concerns by the staff of vbulletin.org.

I used to like the one that showed the attempted passwords lol

The concerns we had was more about the wording of your original thread, stating that no plaintext password would be sent from the server. Although this was technically correct, it did sent the plaintext passwords (over the internet) to the server upon any CP-login. As sending plaintext passwords over the internet is considered reducing the standard security, we requested that text to be changed to reflect the fact that the modification did sent plaintext passwords.

Instead the author choose to remove the password from the modification, thus circumventing any possible security degradation.

to sercurity your admin login just rename admincp to other folder name
ex:

admincp --> xxx2x
modcp-->zzz2x

dont forget edit on config file

On a personal note: This was something i never liked about this modification. If you are an admin on many forums, you might by mistake try the password for board A to login to board B. If they password used is sent to the admin of Board A, then he might be able to "guess" your admin login for Forum B. I always refused to be an admin on a board that had this modification installed.

PS Boofo know my opinion on this, we already discussed that many years ago.

gonna try this...hope its good and bring no problem...thanks for this bro... ;)

This hack has never brought anyone any problems. That is not what it is for. ;)

Ok so the password 'attempted' is sent to who???

So... do I edit ALL login.php files? I just edited the yoursite.com/login.php. Am I supposed to edit /modcp/login.php and /admincp/login.php?

Only edit the one file in your forums directory. The hack states only 1 file edit plus most hacks usually have the full path to any files needing editing.

Then... who receives the notification? :(

Interesting hack. If you use .htaccess to block AdminCP, does this do anything extra since the login.php is inside the forums directory?

Too bad that the plugin system requires vB to manage all these hooks.

Since vb is developed using svn and each line of code is probably logged somewhere, it would be so cool if they could come up with a way to dynamically create your own hooks with just vb file version and line number...I know, sounds really complicated but so is the hooks system ;)

The Admin receives the notification, but the password feature has been removed in this version as it wasn't worth the headache of listening to a few people complain about the so-called security issues.

Is it a good idea to just upload the new login.php here, so that others do not have to do the bit of editing the file?

Sorry, not allowed to upload vb files here. Besides, the edits aren't that bad. ;)

No, it's very easy to do.

*Installed*;)

i have this thing going off like crazy after i installed it and it wont give me an ip address any suggestions on what to do?

The IP address should show up fine if you did all the edits correctly. I would say make sure the edits are done correctly first.

i have and i know what I'm doing. Lets say the person isn't registered to the site and they try to log in will it still show the ip. The site is new and i have an enemy at a site called darksidehackers.com and i can't get him off my back.

Yes, it picks up the IP from whoever it is.

This is all i get in the email

Someone is trying to login to your Nextgen Squad Mod CP!

Strikes: 0 out of 5

or

Someone is trying to login to your Nextgen Squad Admin CP!

Strikes: 0 out of 5

Then you haven't done all the file edits properly.

hm
i redid them like 10 times and i get the same thing