This is a hack that was suggested by paulomt1, all it does is log failed logins and stores them in a table. An admin can then look at the failed logins in the admin panel, searching based on ip, username, password or date. They can also prune the old logs to save space.

You will be required to create a table this can be done via phpmyAdmin or the hack by Firefly which allows you to run queries via the admin panel. You then have to edit member.php to add the query to insert the failed login information and /admin/index.php to add the links to the loginlog.php file.

Updated 25th November 2001 @ 22:15

Added additions suggested by Mike to the file. Instructions on how to upgrade from the pervious version of this hack is included within install.txt, you will need to run 2 sql queries to adjust the table, adjust the line in member.php and upload loginlog.php again to complete the upgrade.

Scott

U are a great programmer, thank you very match for your help.

Best Regards,

The only problem you would have is if you removed the gettemplate part from the bit you edited in member.php.

Ok, now is working very good, thanks to you.

Best Regards
paulomt1

If vbulletin.org had the hack "rate member" I would give you 5 stars :)


B.R
paulomt1

I don't really see the need for this hack....?

Nut yes he is a great programmer, If I could rate you, you would get 6 stars in my book!

[QUOTE]Originally posted by Psychdrone
I don't really see the need for this hack....?



Nut yes he is a great programmer, If I could rate you, you would get 6 stars in my book!

Psychdrone >
it logs all failed logins, so for example if you have someone that keeps trying to login as one of the admin usernames you will know his IP and can ban him from the boards hence stopping it. Its also good to see how many times people get their password wrong, someone could be trying to brute force a members username or password. I've implemented this hack as I think it would be intresting to see how many failed logins there would be as vBulletin doesn't log any of these occurences.

great hack PPN, what can i change in the code to log even the correct logins?

thanks

Works great for me, Thanks
:D

I see, you know what I think I'll need this one!
THanks bud!

Very usefull indeed, and I have installed it.

Changed a few things:
in admin/index.php, I added:
makenavoption("Login Failures","loginlog.php?action=modify");

And in loginlog.php I added:
echo "<li><a href=\"loginlog.php?s=$session[sessionhash]&action=prune\">Prune Failed Logins from database</a></li>\n";

The reason? Well, there's already a "Statistics & Logs" part in the admin panel. This fits in just nicely...

Hmm, also imported some stuff from adminlog.php into loginlog.php:

The link to the user edit (well, it needed a little extra)
And the resolve ip address bit :)

Installed on 2.2.0 and working great! Thanks PPN!

wot-Mike, Can you post your changes?

Thanks

Love it, appears to work great. :D
Great idea too!

Just a question PPN, why do you name the id field just id?
If you create a table named blabla, naming the id field blablaid enables usages of some nice functions with vBulletin, that rely on the fact that id field is the table name with id suffix. :)

that seemed too sensible :D

to tell the truth i done that in 30mins while having dinner and trying to talk on the phone and being pestered by people on AIM trying to get me to send them this hack because "The vBulletin is broken and I can't download anything"

I'll updated it tonight and add a small thing to alter the id name in case anyone using an old copy uploads a new one which will stop errors :D

cool nice hack :) thanks!

SteveK requested it, so here's my little changelog to add the user edit and resolve ip bit to loginlog.php. Hope it doesn't mess things up for you, hehe. I'm not very wise in the ways of php

But before you run off to install this, maybe wait a bit to see what PPN comes up with tonight :D

very nice idea
installed :)

ok Mike i can see why you would add resolve IP and if its ok I'll add that to loginlog.php but the link to edit the members profile I don't understand. Why do you need to check for failed logins then go to edit the member info?

Scott

Very useful! Installed easily! Thanks!

[QUOTE]Originally posted by PPN
ok Mike i can see why you would add resolve IP and if its ok I'll add that to loginlog.php but the link to edit the members profile I don't understand. Why do you need to check for failed logins then go to edit the member info?

Scott

Updated to accomodate for Mike's changes.

Hey how do you create a table?

Is it a query?

Umm, yeah, it's a query.

If you have phpMyAdmin, here's a short how to:

* Log into phpMyAdmin
* Click in the menu on the left on the database you want to open
* In the screen on the right, scroll down untill you see:
Run SQL query/queries on database <database-name>
* Copy the entire bit from the install txt file starting with:
CREATE TABLE
and ending with:
);
and paste it into the text field below the Run SQL query
* Click go, and you'll have your loginlog table :)

THanks bud! ;)

Just reporting back. :)

So far we have had 66 failed logins tries.
About 20 of them are by one member, who was banned, but thought he had forgotten his password or something. So sad...

Anyway, while looking at these logins it occurred to me that all of these passwords they're trying are probably passwords they use on other sites.
Just a thought.

yeah I thought of this hoped that limiting it to trusted admins would minimise this, they had access to see users passwords before 2.2.x
I didn't plan it on someone who was banned trying passwords, I was thinking of people trying to brute force accounts.

Reports for my forums are

6 failed logins

4 were for admin users and 2 was someone trying to guess a password.

guys how can i use this hack to log all the logins with time, date and ip adress for each user.

thanks in advance.

just move

to below

but why would you want to log successful logins instead of failed ones?

Hi PPN, first of all, great hack.

I needed a hack to log ALL the logins of my users, failed and successful ones. A few of my users have reported stolen passwords and I couldn't tell them WHEN during the week they logged on, but just the LAST login. So I was looking for a logging hack.

I took yours and I made some modifications:

In this way I can log TWO TYPES of FAILED LOGINS, and all the successful logins too. I added two fields to the database.

It works, now I only have to modify your control panel for the hack to query all the fields etc.

The only thing that I don't like is that if users have set automatic login via cookies their successful logins aren't logged (haven't tried with unsuccessful logins via cookie). So I was thinking about DISABLING automatic login via cookies, just to have complete control over the logins. We have had a supermoderator whose pw was stolen by an admin of a 2.0.3 vB forum. I'm very angry so I want to extend the logging features of vB in order to prevent this from happening.

I hope you like these ideas, you could also make it an option WHAT TO LOG (failure, successful and both).

Could you also give me a hint on the BEST way to disable the automatic login via cookie for ALL my users, prevent them from changing that option and to delete the cookie?

Thanks man, you've made a great job and if you make these modifications your hack will be GREAT. Like an OS event logging system. ;)

[QUOTE]Originally posted by PPN
but why would you want to log successful logins instead of failed ones?

Installed it and works well, thanks for it!

I installed it works fine but doesnt work fine for usernames with characters of /\

I have a user who has username /\

It gives a server error when the person logs in without the right password ... Ive tried other usernames, they all work fine !

do u know whats wrong ?

thanks ;)

that would be my bad :D

$DB_site->query("INSERT INTO loginlog (loginid, ip, username, password, userid, atime) VALUES ('','$ipaddress', '$username', '$password', '$user[userid]', '".time()."')");

should be

$DB_site->query("INSERT INTO loginlog (loginid, ip, username, password, userid, atime) VALUES ('','$ipaddress', '".addslashes($username)."', '$password', '$user[userid]', '".time()."')");

good idea for a hack i would have never thought of it

@ PPN, first of all, THX for the hack ! :)

when I search only for a ip address I get this error:

Invalid SQL: SELECT loginid,username,password,ip,userid,FROM_UNIXTIME( atime) as atime
FROM loginlog WHERE 1=1 AND INSTR(LCASE(ipaddress),'212.186.39.196')>0
ORDER BY username LIMIT 0,300 mysql error: Unbekanntes Tabellenfeld 'ipaddress' in where clause.

mysql error number: 1054


I cange in loginlog.php line 170-171 from:

if ($aipaddress!="") {
$condition.=" AND INSTR(LCASE(ipaddress),'".addslashes(strtolower($a ipaddress))."')>0";

to this:

if ($aipaddress!="") {
$condition.=" AND INSTR(LCASE(ip),'".addslashes(strtolower($aipaddre ss))."')>0";

You think that OK ?? because im not a SQL expert ! :rolleyes:

Wolfgang :)

ok will update it again now thanks for pointing that out Wolfgang

Where is the latest version of this hack ?

cheers !