vb.org Archive - Miscellaneous Hacks - Human Verification on Login

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- vBulletin 4.x Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=245)

- - Miscellaneous Hacks - Human Verification on Login (https://vborg.vbsupport.ru/showthread.php?t=317856)

Human Verification on Login

What is it?
----------------------------
This mod adds human verification to login, after a selectable number of failures (strikes).

Why would I want this? Users will hate it.
----------------------------
The idea is that attempts at account hacking by guessing passwords will fail if they are automated and not expecting the HV input. This will reduce the number of guesses per lockout period, and also since an incorrect or missing HV response does not count as a strike, your users will not get "lockout" emails. You can configure the mod so that HV input isn't required until a certain number of failures, so most of the time users won't even notice. Also, many users probably use "Remember Me" and so will never notice.

Note: This hasn't been tested with Forum Runner, Tapatalk, or anything similar. The mod attempts to disable itself for Forum Runner and Tapatalk, but this hasn't been tested. If you install this mod and you use one those on your forum, you should test it (for example, try logging in with incorrect password 4 times and make sure it works if you enter the correct password the 5th time). Also, I will appreciate any reports of problems or success.

Thanks to woodmj for ideas and testing.

Installation:
----------------------------
1) Import the product XML file from the Product Manager.

2) Go to Settings > Human Verification Options (in the options, not the human verification manager) to enable and configure.

You can select a different type of HV than you are using for other actions. For example, you might use some type of captcha for registration, but use Q&A for login. Note that you still have to use the Human Verification Manager to configure each type. So if you want to use Q&A for login, you would have to temporarily select it in the HV Manager to configure your questions. You can then re-select a different HV type for other actions if desired.

3) Test the mod in each of your styles. There is a field in the options for an ip address, and if this is filled in, the HV will only be active for that ip address, allowing testing without affecting other users. You can then clear the field when you are done testing.

Testing each style is important because the mod attempts to insert the HV template automatically, but if it can't (if you have custom styles for example) the mod will still be expecting the HV answer to be submitted, which will result in login failures. If this happens, the mod can still be used by manually editing the STANDARD_ERROR and mobile_login templates and inserting {vb:raw kh99_login_hv} after the password field.

History:
----------------------------
0.9 (Mar 19, 2015)

Initial Release

Thanks Kevin very sweet mod. Not running customized skins, but works great with vB styles generated skins. :):up:

Quote:

Originally Posted by Alibass (Post 2540946)

Thanks Kevin very sweet mod. Not running customized skins, but works great with vB styles generated skins. :):up:

Thanks, that's good to know. So if you have a number of styles that are just different colors schemes, there's probably no reason to test them all.

Thanks once again for this Kevin. It's working very nicely for me :-)

Very Good Work , thanks for the mod

Very great and awesome thank you KH99 :)

Really Brilliant, this should be a core feature of vBulletin. I have seen this on a mybb site which i frequent, this should reduce the brute forcing attack to an extent.

This + Your New reCAPTCHA Mod = Spam Assassin :D

my forum is closed to public so when they visit my site its displayed like this with no human verification

https://vborg.vbsupport.ru/external/2015/03/11.png

if you try login it will ask you to login again but with the human verification can i add it the the first login displayed?

Also it effects the admincp if you try login it will redirect to the the login with human verification then you need to login to admincp again kinda annoying lol

great mod hopefully you can help me :)

OK, I'll look in to it. It's probably something I didn't consider. So when you say it's closed to the public, what do you mean exactly? That all forums are set so that they're not visible to guests?

What do you have the stirkes set to? I guess 0 if you want to see it the first time?

Also, what do you mean about the admincp, is it when you go directly to the admincp and you're not logged in at all yet?

Quote:

Originally Posted by kh99 (Post 2541193)

All above yes buddy :)

X vBulletin 3.8.12 by vBS Debug Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (2)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (2)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages:

Phrase Groups Available:

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01138 seconds Memory Usage 1,740KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (2)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (2)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: