vb.org Archive
Page 1 of 3 1 23
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.6 Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=194)
-   -   Administrative and Maintenance Tools - Security Token Notification (https://vborg.vbsupport.ru/showthread.php?t=177017)

Andreas 04-23-2008 10:00 PM
Security Token Notification
 
This simple mod logs security token erorrs to vBulletin PHP error log and optionally sends an E-Mail to the webmaster.

Example Log Entry
Code:
Missing or Invalid Security Token detected.

Script Call Backtrace
=====================
#0 C:\Programme\XAMPP Lite\htdocs\vb310\includes\functions.php line 2420: eval()
#1 C:\Programme\XAMPP Lite\htdocs\vb310\includes\init.php line 417: fetch_error(security_token_missing,ltr,sendmessage.php)
#2 C:\Programme\XAMPP Lite\htdocs\vb310\global.php line 20: require_once(C:\Programme\XAMPP Lite\htdocs\vb310\includes\init.php)
#3 C:\Programme\XAMPP Lite\htdocs\vb310\newthread.php line 49: require_once(C:\Programme\XAMPP Lite\htdocs\vb310\global.php)

POST Variables
===============
Array
(
    [do] => foo
    [f] => 3
    [forumid] => 3
    [securitytoken] =>
)

Request URI
===========
/vb368pl1/newthread.php?do=foo

Datum: 24.04.2008 11:36:08
Benutzername: Kirby
IP-Adresse: 127.0.0.1
If you do not know what this is about, you most likely won't need it :)

Stoebi 04-24-2008 11:22 AM
For 3.6.9 only?

Andreas 04-24-2008 11:37 AM
No, actually for 3.6.10+ and 3.7 RC4+

Guest190829 04-24-2008 12:12 PM
Just what I need. Thanks Andreas. :)

Boofo 04-24-2008 01:52 PM
Thank you, sir. This will be great to find out which hacks need to be updated. ;)

powerful_rogue 04-24-2008 02:00 PM
I get the following error when I try to import

XML Error: mismatched tag at Line 15

unitedpunjab 04-24-2008 02:40 PM
Quote:
Originally Posted by powerful_rogue (Post 1498168)
I get the following error when I try to import

XML Error: mismatched tag at Line 15
Same error on RC 4.

Barakat 04-24-2008 02:51 PM
</templates>

just delete it or use this file .lol

redlabour 04-24-2008 03:11 PM
Great work!

Boofo 04-24-2008 03:26 PM
Quote:
Originally Posted by Barakat (Post 1498216)
</templates>

just delete it or use this file .lol
What did you change in it? </templates> is still there.

Andreas 04-24-2008 03:35 PM
Works just fine for me

Barakat 04-24-2008 06:18 PM
Quote:
Originally Posted by Boofo (Post 1498256)
What did you change in it? </templates> is still there.
in his original xml there were

<templates>
</templates>
</templates>

one of them have no need to be there. i believe he just fix it ,

mihai11 04-24-2008 06:54 PM
Can somebody explain to me in more detail what this hack does ? First of all, what is a "security token" ?

Regards,
Razvan

Dannyloski 04-24-2008 07:15 PM
OMFG! Thank you for this, with 3.6.10 and the fact that some Modifications wont work because of the new Security Token, now I can rest in peace to know which one those are when they are accessed ... :up: on a great Mod ...

Mike-D 04-24-2008 09:59 PM
Quote:
Originally Posted by mihai11 (Post 1498452)
First of all, what is a "security token" ?
Security Tokens are small Hardware Devices that owners carries to authorize access to a Network Service. That means: Security Tokens provide an extra level of assurance thru a method known as TFA (Two-Factor Authentication). In this case the user has a PIN (Personal Identification Number which authorizes them as the owner of that particular device. So the device then shows a number which uniquely identifies the user to the service and allowing them to log in. The identification number for each user is changed frequently, usually every 3 min's. See also Wikipedia :)

Boofo 04-24-2008 10:09 PM
Good explanation, Mike, but I think they want to know how it applies to vBulletin now. ;)

Mike-D 04-24-2008 10:09 PM
Quote:
Originally Posted by mihai11 (Post 1498452)
Can somebody explain to me in more detail what this hack does ?
That what he wrotes...
Quote:
Originally Posted by Andreas
This simple mod logs security token erorrs to vBulletin PHP error log and optionally sends an E-Mail to the webmaster.
See also the Plugin called "Detect Security Token Failure". The most important is the $backtrace variable and the rest is pretty self explained :)

Konstantinos 04-24-2008 10:42 PM
so this will tell us which mod file needs to add define('CSRF_PROTECTION', true); immediately below define('THIS_SCRIPT', '... ???

steven s 04-24-2008 10:49 PM
Wouldn't this only be needed for v 3.6.10 and 3.7RC4?

Trana 04-25-2008 12:39 AM
Quote:
Originally Posted by Boofo (Post 1498606)
Good explanation, Mike, but I think they want to know how it applies to vBulletin now. ;)
OK, clearly something significant occurred to necessitate 3.6.10. Can you guys not be so cryptic for the rest of us who are not up on what is going on?

How does this affect 3.6.10? How does this affect installed mods?

Dannyloski 04-25-2008 01:53 AM
^ Read the vB.com Announcements for 3.6.10 and 3.7.0 RC4 and you will know.

akanevsky 04-25-2008 02:05 AM
Very nice mod. Thanks, Andreas.

mihai11 04-25-2008 04:49 AM
Quote:
Originally Posted by Mike-D (Post 1498602)
Security Tokens are small Hardware Devices that owners carries to authorize access to a Network Service. That means: Security Tokens provide an extra level of assurance thru a method known as TFA (Two-Factor Authentication). In this case the user has a PIN (Personal Identification Number which authorizes them as the owner of that particular device. So the device then shows a number which uniquely identifies the user to the service and allowing them to log in. The identification number for each user is changed frequently, usually every 3 min's. See also Wikipedia :)
Thank you for taking the time to write this. I think I understand what this hack does.

Most probably, this is useless for the majority of the webmasters because few people are actually using a "security token".

mihai11 04-25-2008 04:53 AM
Quote:
Originally Posted by Trana (Post 1498691)
OK, clearly something significant occurred to necessitate 3.6.10. Can you guys not be so cryptic for the rest of us who are not up on what is going on?

How does this affect 3.6.10? How does this affect installed mods?
You need not worry about this hack if you are not using a security token. And even if you are using one, you don't need to worry about this hack if you don't want to record security token errors into some VBulletin log.

JKatz 04-25-2008 05:43 AM
Thank you!!!!!!! Just installed 3.6.10 today & was scrambling to find out what needs updates.

Darat 04-25-2008 05:52 AM
Quote:
Originally Posted by mihai11 (Post 1498760)
You need not worry about this hack if you are not using a security token. And even if you are using one, you don't need to worry about this hack if you don't want to record security token errors into some VBulletin log.
No mihai11 this isn't the case.

To fix a potential security issue Jelsoft has released a new version of vBulletin (3.6.10) and this adds something they've called a "security token", once you've upgraded to 3.6.10 you may find some Mods you've added stop working and your users will see a message telling them the "security token" is missing. This Mod helps you track down which parts of your vBulletin system need to be updated to deal with the new "security token" Jelsoft has added.

Jasem 04-25-2008 07:38 AM
Thank you, Nice share

Boofo 04-25-2008 07:48 AM
Just curious here... if this supposed to be in the xml file twice like this?

Code:
$backtrace = debug_backtrace();
 
 $backtrace = debug_backtrace();

powerful_rogue 04-25-2008 05:58 PM
Hi,

Where abouts can i find the error log?

Jase2 04-25-2008 06:19 PM
Great! Thank you.

Andreas 04-26-2008 03:12 AM
@Boofo
Nope. But being there is not a big problem either ;)

Boofo 04-26-2008 03:15 AM
I didn't think it would be any problem. I was just checking, sir. ;)

redlabour 04-26-2008 04:50 AM
Hi,

this Hack does not work for me.

I get several Mails from Members telling me they get the Error Message for a Security Token but i dont get any Mail from the System about it. :confused:

rinkrat 04-26-2008 08:17 PM
When I try to install this mod I get this error.

Your submission could not be processed because a security token was missing or mismatched.

If this occurred unexpectedly, please inform the administrator and describe the action you performed before you received this error.

How do I fix it?

nesta2006 04-27-2008 11:32 PM
When I try to install this mod I get this error.

Your submission could not be processed because a security token was missing or mismatched.

If this occurred unexpectedly, please inform the administrator and describe the action you performed before you received this error.

Boofo 04-27-2008 11:49 PM
Quote:
Originally Posted by redlabour (Post 1499525)
Hi,

this Hack does not work for me.

I get several Mails from Members telling me they get the Error Message for a Security Token but i dont get any Mail from the System about it. :confused:
Have you enabled it in the settings? It installs as disabled.

Icy 04-28-2008 12:50 AM
Installed :D

Bounce 04-28-2008 01:36 AM
Quote:
Originally Posted by Boofo (Post 1501063)
Have you enabled it in the settings? It installs as disabled.
hmmmm,where in the settings?

Nought there in options,but as usual its 3:30 am and i'm blind :D

ME SEE now lol

vbOptions > Error Handling & Logging

Bounce 04-28-2008 01:55 AM
OK... I got mail :)

Pardon my french but what the ++++ does all this mean :)

HTML Code:
Missing or Invalid Security Token detected.

Script Call Backtrace
=====================
#0 /home/xxxxxx/public_html/forum/includes/functions.php line 2528: eval()
#1 /home/xxxxxx/public_html/forum/includes/init.php line 417: fetch_error(security_token_missing,ltr,/forum/sendmessage.php)
#2 /home/xxxxxx/public_html/forum/global.php line 20: require_once(/home/xxxxxx/public_html/forum/includes/init.php)
#3 /home/xxxxxx/public_html/forum/ajax.php line 58: require_once(/home/xxxxxx/public_html/forum/global.php)


POST Variables
==============
Array
(
  [do] => insertmood
  [mood] => Cannaebearsedsecuritytoken=d869994f6f11a8d80521950e1ddd3b1264d19b36
  [s] =>
  [ajax] => 1
  [securitytoken] =>
)

Request URI
===========
/forum/ajax.php

:confused:

Boofo 04-28-2008 02:26 AM
Sounds like the mood hack.


All times are GMT. The time now is 07:13 PM.
Page 1 of 3 1 23
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01416 seconds
  • Memory Usage 1,819KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_code_printable
  • (1)bbcode_html_printable
  • (12)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (40)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete