vb.org Archive
Page 1 of 3 1 23
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.8 Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=235)
-   -   Miscellaneous Hacks - vB Dummy ACP 1.0.0 (https://vborg.vbsupport.ru/showthread.php?t=199683)

Deceptor 12-23-2008 10:00 PM
vB Dummy ACP 1.0.0
 
1 Attachment(s)
vB Dummy ACP

This addon will allow you to create as many dummy acps as you like. The dummy acp acts exactly like your true admincp, but it will not allow anyone to login through it, even if the username and password provided are correct.


Features
  • Acts just like real admincp login
  • Can automatically defend against detection (explained below)
  • Won't even allow real admin logins
  • Easily create as many dummy acps as you like
  • Will work without plugins enabled (partially)


Defense Against Detection

In order for the dummy acp to be of any use, I've made it impossible to detect being a "dummy". This is done through the following methods:

1. File Check
The dummy acp checks the file being requested to see if it exists in the true admincp directory, so if a user requested dummyacp/plugin.php, they would see a login despite there being no plugin.php in the dummyacp folder. If they request a file that is not in the true admincp directory, a 404 error is shown.

2. Login Validation
You may know, that normal forum members who try to login to the acp will see the successfully logged in page, but then redirect back to the login page. The dummy acp keeps this functionality instead of completely blocking all logins. It will only show the login error page under two circumstances:

1. The login provided is actually wrong
2. The login provided is real, but an administration login


Note
While this will work without plugins enabled, if plugins are not enabled then the dummy acp will show users who login successfully with an admin login a successful login page, but -still- redirect them to the login page. So while they may not actually gain access to your admincp, someone trying to get into your forum would know your login works.

Deceptor 12-24-2008 06:45 AM
Reserved :)

dtv100 12-24-2008 07:01 AM
thanks you becoming one of my favorite coder.
gone try it with 3.7.4 and report later

all that secure a website is love by me.

F0xy 12-24-2008 09:19 AM
what a brilliant idea, thanks

dtv100 12-24-2008 09:42 AM
so far seen to work with 3.7.4 thanks

Deceptor 12-24-2008 09:49 AM
Glad to hear it dtv100, I'll probably release it in the 3.7 section too then :)

Megatr0n 12-24-2008 01:54 PM
Deceptor, what's the purpose of this hack?

I am confused.

Deceptor 12-24-2008 01:59 PM
In short, a trick, for security :)

One of the things you can do to secure your vBulletin install is change the admincp/ directory to something else, so no one knows where your admincp URL is. With this, you can put up a dummy acp in its place, making people believe this dummy is the real one, and no matter what, not be able to log in :)

TheLastSuperman 12-24-2008 02:09 PM
Very nice Deceptor, I was getting ready to do this:

https://vborg.vbsupport.ru/showthread.php?t=197510

And this will help! took some of the work out of it and I like how you mentioned it's pretty much untraceable as a fake... Nice!

Thanks for all the recent mods and look for an install shortly :D

Plus... loved to see the names Deceptor and Megatron back to back... ohh the memories of autobots and deceptacons lol! WHAT?!?!? lol

Megatr0n 12-24-2008 02:11 PM
Quote:
Originally Posted by Deceptor (Post 1692877)
In short, a trick, for security :)

One of the things you can do to secure your vBulletin install is change the admincp/ directory to something else, so no one knows where your admincp URL is. With this, you can put up a dummy acp in its place, making people believe this dummy is the real one, and no matter what, not be able to log in :)
Awesome!!


All times are GMT. The time now is 05:24 PM.
Page 1 of 3 1 23
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.00992 seconds
  • Memory Usage 1,738KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete