vB3.5 Email notification if someone attempts to access your Admin or Mod CP
 

vB3.5 Email notification if someone attempts to access your Admin or Mod CP
Version 1.0.1
(By Boofo)

What does this modification do?
When someone tries to login to your Admin CP or Mod CP, you will get an email that contains the username they tried, the password they tried, their IP address, hostname, number of strikes, referrer, script, and the date & time of the attempt. It also will now distinguish itself in the message subject between a failed Admin CP attempt and a failed Mode CP attempt, so you will know right off which CP they tried to login to.

NOTE: To alleviate anyone getting upset about plain text passwords being transmitted from the server, the ONLY time a plain text password is sent, is when it is a failed login attempt. It is not stored on the server anywhere and no hashed passwords are ever revealed to anyone. I think it's good to know if anyone is getting close to what my CP password is so I can change it if necessary.

Credits:
Thanks to EvilLS1 for making the vB 3.0 version of this modification on which this update is based and released with permission.

Version Information:
Version 1.0.0 --Initial release
Version 1.0.1 --Fixed user name being wrong on a user attempt.


Installation overview:
--------------------------------------
Files to edit: (2)
--incudes/adminfunctions.php
--login.php


What it looks like in the Mod CP when an anonymous users tries to login:

-----------------------------------------------------
Someone is trying to login to your Your Forums Mod CP!
-----------------------------------------------------
Username tried: Ned
Password tried: does this work?
IP Address: 1.123.23.4
Host: 1-123-23-4.some.name.com
Strikes: 4 out of 5
Referer: http://www.yoursite.com/forums/modcp/
Script: http://www.yoursite.com/forums/login.php
Date & Time: Monday, September 26th, 2005 at 8:22:29 am
-----------------------------------------------------

What it looks like in the Mod CP when a user from your site tries to login:

-----------------------------------------------------
Someone is trying to login to your Your Forums Mod CP!
-----------------------------------------------------
Username tried: Boofo
Password tried: does this work?
IP Address: 1.123.23.4
Host: 1-123-23-4.some.name.com
Strikes: 4 out of 5
Referer: http://www.yoursite.com/forums/modcp/
Script: http://www.yoursite.com/forums/login.php
Date & Time: Monday, September 26th, 2005 at 8:22:29 am
-----------------------------------------------------
USER ATTEMPT: Your Forums has identified this registered user as: Boofo

Great hack!

I've tested this, and I do indeed get an E-mail message informing me of a wrongful attempt..

However..

The bottom information is incorrect:
So on my boards if I try to log in using the username Boofo (and as you and I both know, you aren't an admin of my board)

Then it comes up with the message above BUT

the bottom line SHOULD read:
USER ATTEMPT: Your Forums has identified this registered user as: <my user name>

So I think some small problem there.

Cheers

Fixed! ;)

And how come I'm not an Admin on your board? ;)

Installed

Thanks Boofo :)

You're very welcome, sir. ;)

Hope to see you on the new site. ;)

Good hack :)

I'm currently installing this on to my own forum I will post my full feedback on this after the installation has been completed.

Which should take about 2 minutes. ;)

hmm, this is an interesting hack, but i assume it sends to the same email for every failed attempt

this could reveal to that email the password of one of the mods, who just accidentally mispelled their USERNAME on the login panel.

i dunno, but mods might not enjoy this, and this might be an idea: if a submitted username matches an existing username, then the email of that username is the one who recieves the email :) that way the user in question knows they were the one targeted. (and perhaps the 'main' email getting the truly perhaps random attempt notices)

edit: hmm, although that wouldnt fix the whole mispelled name + correct password thing hmm...

truly a touchy subject :-p

edit: furthermore, this cant check if a login attempt worked, but wasnt that user (fully understandable), so this could actually serve to further give out your password :-/

screenshot ?!

mouahhh... i had to ask !!! be the first is always good!

The first post shows you what it looks like. LOL

I explained the passsord reason in the first post. If the main Admin of your board cannot be trusted with the information if you make a mistake, then you really shouldn't be a Mod there anyway, right? ;)

I think the main Admin should get an email if someone attempts to log in no matter what account is trying to be used. Your idea of sending an email to the username tried is an intersting idea, but only as long as it would be staff personel that had access to whatever CP was trying to be accessed.

How could it further give out your password if they make a successful login? You wouldn't get an email and no information would be sent. If they make a successful login, they would already know your passord. Duh? ;)

well of course, but anywhere where passwords are lying around in plaintext are troublesome if something is compromised (its happened to my email once). and also the untrustworthy admin thing :-p

well, yeah sorry i implied the 'and must be a mod/admin thing as well' :-p

im saying it could further give it out if its coupled with the whole compromised thing above. youd think this would be some sort of safeguard against logins who arent you, whereas its undetectable and yet posts your password in plaintext somewhere :-p hence the possibility of being negative on the whole.

im just helping to examine some vulnerabilities which can (and for me, have) arise

The plain text password is not stored anywhere. It is only sent in the email. So there is no way for anyone to get it, because it isn't there. ;)

yes it is stored somewhere; in the email message, as plaintext :-p thats what i keep talking about. if this message is left in the email client, and the email account is compromised, then the hacker has a host of email messages containing login failures at their disposal, and can probably deduce correct passwords from common mistakes with logins (like mispelled name + correct password)

if they did this quietly, then they could use them to log into the CPs, and nobody would detect that - correct login :-p

Well, I don't feel that way about it so if someone doesn't want to have the password in the email, they can comment the password line out in the code. Simple as that. Easy fix.

i was waiting for this ...

The wait is over! ;)

/me moves Boofo up on his ignore list, oops he already was on top.
/me will from now on stay away from each board that is touched by Boofo

I wish I had known that was all it took a long time ago. ;)

hi,

I don't receive the warning email ... vbulletins mails function is working fine (i know for sure since i tested it => maintenance =>diagnostics =>email test) and no PHP errors are displayed anywhere so i goto my admincp and i enter wrong login and password but nope .. vbversion i'm using (look at the left side) :D

EvilLS1 did one for 3.0. Try that one. ;)

eerm i'm wrong i'm using vb 3.5.0(RC3)

Then upload fresh files and re-edit them. There's no way it should not work. It goes to the webmasteremail.

Great Hack [installed]

**works Great!

Is there a way to create a thread also in a certain forum ?

A Plugin rather then fileedits would be great too

Wrong forum? ;)

You're right, a plug-in would be beter. But there are no hooks to handle this so we're stuck with file edits for now. I tried, but it couldn't happen. :(

No, I mean a thread instead an email :)

I wouldn't do that as there is some personal info (ips, password tried) that really doesn't need to be posted anywhere. I only convereted this because I like to know if someone is messing around with the board. And since the email only comes to me, I feel that it is safeguarded enough for my purpose. I'm catching all sort of flack now over the tried password being sent. Think of the flack I would get over it being sent to a thread. ;)

A word of warning, for shits and giggles, I thought I'd see if this would function on vBulletin Version 3.0.7. This seems to install fine until you log out.... you cannot get back in! ;) So, for those that are gonna ask if it works on older versions.... nope.
Once the General Release of 3.5 non RC is out, I'll be back to get this one.
Thanks Boofo!

Well, of course it won't run on earler versions of 3.0. Things have changed. There is a 3.0 version of this out that works fine. This is the 3.5 upgrade to the earlier version. ;)

Nice Bob..

/me clicks install

problem solved must of been typo anyway nice one and working like a charm

[high]* Delphiprogrammi clicks install[/high]

Glad it's working for you. ;)

*INSTALL*

Nice hack... works great!

Thanks Boofo

Works on 3.5 finall too :) Thanks

Works on 3.5 finall too :) Thanks

Works on 3.5 gold too :) Thanks

Woah, triple whammy post! :) Now that's appreciation, Boofo!

...works great, thanks so much for this!