vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.7 Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=228)
-   -   Miscellaneous Hacks - vB Dummy ACP 1.0.0 (https://vborg.vbsupport.ru/showthread.php?t=199878)

Deceptor 12-26-2008 10:00 PM
vB Dummy ACP 1.0.0
 
vB Dummy ACP

This addon will allow you to create as many dummy acps as you like. The dummy acp acts exactly like your true admincp, but it will not allow anyone to login through it, even if the username and password provided are correct.


Features
  • Acts just like real admincp login
  • Can automatically defend against detection (explained below)
  • Won't even allow real admin logins
  • Easily create as many dummy acps as you like
  • Will work without plugins enabled (partially)


Defense Against Detection

In order for the dummy acp to be of any use, I've made it impossible to detect being a "dummy". This is done through the following methods:

1. File Check
The dummy acp checks the file being requested to see if it exists in the true admincp directory, so if a user requested dummyacp/plugin.php, they would see a login despite there being no plugin.php in the dummyacp folder. If they request a file that is not in the true admincp directory, a 404 error is shown.

2. Login Validation
You may know, that normal forum members who try to login to the acp will see the successfully logged in page, but then redirect back to the login page. The dummy acp keeps this functionality instead of completely blocking all logins. It will only show the login error page under two circumstances:

1. The login provided is actually wrong
2. The login provided is real, but an administration login


Note
While this will work without plugins enabled, if plugins are not enabled then the dummy acp will show users who login successfully with an admin login a successful login page, but -still- redirect them to the login page. So while they may not actually gain access to your admincp, someone trying to get into your forum would know your login works.

valdet 12-27-2008 10:08 AM
Very interesting. I might use this on April 1-st

Alex LD 12-27-2008 08:21 PM
No.. log of the people? IT doesn't send a PM to people who tried to login to an admin, that would be nice,

that said, I'm removing it because it serves no purpose if its not going to help me other then take up space on my server and trick people\

Also whats point of XML if you can't edit anything with it.

Sorry I don't like it and I could do a better job myself. :(

Deceptor 12-27-2008 09:33 PM
Quote:
Originally Posted by Alex LD (Post 1695035)
No.. log of the people? IT doesn't send a PM to people who tried to login to an admin, that would be nice,

that said, I'm removing it because it serves no purpose if its not going to help me other then take up space on my server and trick people\

Also whats point of XML if you can't edit anything with it.

Sorry I don't like it and I could do a better job myself. :(
It's meant as a trick so they -never- crack your login, using Brute force or any other method for that matter. As for space on your server, unless your hosting package is limited to 10MB space, I don't see an issue with a file being a less than few KB.

You're more than welcome to do better yourself though.

rzpvile 12-27-2008 11:39 PM
Okay great app first off ignore any negative comments unless they make something better.

Here is what I am using this mod for:

Basically you leave this as your default admincp so you look like a noobish site owner and when a script kiddie gets mad at you for banning them or for whatever reason they try to "crack" your admincp thinking you're an idiot for leaving it at default when in fact it's a dummy cp so the tricks on them! so while they're trying to "crack" /admincp yours is actualy /customadmincp

Zachery 12-28-2008 12:55 AM
I think its an intresting idea, but a little htaccess and password protecting is far better than leaving some fake up.

Nice work though :)

Deceptor 12-28-2008 03:25 AM
Quote:
Originally Posted by Zachery (Post 1695202)
I think its an intresting idea, but a little htaccess and password protecting is far better than leaving some fake up.

Nice work though :)
I agree, and there's no reason htaccess can't be applied to the real Admin CP :)

Hornstar 01-06-2009 01:43 AM
this could be okay if there was still a strike system attached to it.


All times are GMT. The time now is 07:03 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01766 seconds
  • Memory Usage 1,731KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (8)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete