vb.org Archive
Page 1 of 16 1 2311 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Modification Graveyard (https://vborg.vbsupport.ru/forumdisplay.php?f=224)
-   -   Administrative and Maintenance Tools - vB3.5 Email notification if someone attempts to access your Admin or Mod CP (https://vborg.vbsupport.ru/showthread.php?t=96921)

Boofo 09-25-2005 10:00 PM
vB3.5 Email notification if someone attempts to access your Admin or Mod CP
 
vB3.5 Email notification if someone attempts to access your Admin or Mod CP
Version 1.0.1
(By Boofo)

What does this modification do?
When someone tries to login to your Admin CP or Mod CP, you will get an email that contains the username they tried, the password they tried, their IP address, hostname, number of strikes, referrer, script, and the date & time of the attempt. It also will now distinguish itself in the message subject between a failed Admin CP attempt and a failed Mode CP attempt, so you will know right off which CP they tried to login to.

NOTE: To alleviate anyone getting upset about plain text passwords being transmitted from the server, the ONLY time a plain text password is sent, is when it is a failed login attempt. It is not stored on the server anywhere and no hashed passwords are ever revealed to anyone. I think it's good to know if anyone is getting close to what my CP password is so I can change it if necessary.

Credits:
Thanks to EvilLS1 for making the vB 3.0 version of this modification on which this update is based and released with permission.

Version Information:
Version 1.0.0 --Initial release
Version 1.0.1 --Fixed user name being wrong on a user attempt.


Installation overview:
--------------------------------------
Files to edit: (2)
--incudes/adminfunctions.php
--login.php


What it looks like in the Mod CP when an anonymous users tries to login:

-----------------------------------------------------
Someone is trying to login to your Your Forums Mod CP!
-----------------------------------------------------
Username tried: Ned
Password tried: does this work?
IP Address: 1.123.23.4
Host: 1-123-23-4.some.name.com
Strikes: 4 out of 5
Referer: http://www.yoursite.com/forums/modcp/
Script: http://www.yoursite.com/forums/login.php
Date & Time: Monday, September 26th, 2005 at 8:22:29 am
-----------------------------------------------------

What it looks like in the Mod CP when a user from your site tries to login:

-----------------------------------------------------
Someone is trying to login to your Your Forums Mod CP!
-----------------------------------------------------
Username tried: Boofo
Password tried: does this work?
IP Address: 1.123.23.4
Host: 1-123-23-4.some.name.com
Strikes: 4 out of 5
Referer: http://www.yoursite.com/forums/modcp/
Script: http://www.yoursite.com/forums/login.php
Date & Time: Monday, September 26th, 2005 at 8:22:29 am
-----------------------------------------------------
USER ATTEMPT: Your Forums has identified this registered user as: Boofo

Mith 09-26-2005 11:29 AM
Great hack!

I've tested this, and I do indeed get an E-mail message informing me of a wrongful attempt..

However..

The bottom information is incorrect:
Code:
 
Username tried: Boofo
Password tried: does this work?
IP Address: 1.123.23.4
Host: 1-123-23-4.some.name.com
Strikes: 4 out of 5
Referer: http://www.yoursite.com/forums/modcp/
Script: http://www.yoursite.com/forums/login.php
Date & Time: Monday, September 26th, 2005 at 8:22:29 am
-----------------------------------------------------
USER ATTEMPT: Your Forums has identified this registered user as: Boofo
So on my boards if I try to log in using the username Boofo (and as you and I both know, you aren't an admin of my board)

Then it comes up with the message above BUT

the bottom line SHOULD read:
USER ATTEMPT: Your Forums has identified this registered user as: <my user name>

So I think some small problem there.

Cheers

Boofo 09-26-2005 01:06 PM
Fixed! ;)

And how come I'm not an Admin on your board? ;)

TheComputerGuy 09-26-2005 02:17 PM
Installed

Thanks Boofo :)

Boofo 09-26-2005 02:37 PM
You're very welcome, sir. ;)

Hope to see you on the new site. ;)

icebox12 09-26-2005 03:41 PM
Good hack :)

I'm currently installing this on to my own forum I will post my full feedback on this after the installation has been completed.

Boofo 09-26-2005 03:46 PM
Quote:
Originally Posted by icebox12
Good hack :)

I'm currently installing this on to my own forum I will post my full feedback on this after the installation has been completed.
Which should take about 2 minutes. ;)

Darkwaltz4 09-26-2005 04:00 PM
hmm, this is an interesting hack, but i assume it sends to the same email for every failed attempt

this could reveal to that email the password of one of the mods, who just accidentally mispelled their USERNAME on the login panel.

i dunno, but mods might not enjoy this, and this might be an idea: if a submitted username matches an existing username, then the email of that username is the one who recieves the email :) that way the user in question knows they were the one targeted. (and perhaps the 'main' email getting the truly perhaps random attempt notices)

edit: hmm, although that wouldnt fix the whole mispelled name + correct password thing hmm...

truly a touchy subject :-p

edit: furthermore, this cant check if a login attempt worked, but wasnt that user (fully understandable), so this could actually serve to further give out your password :-/

nexialys 09-26-2005 04:04 PM
screenshot ?!

mouahhh... i had to ask !!! be the first is always good!

Boofo 09-26-2005 04:10 PM
The first post shows you what it looks like. LOL


All times are GMT. The time now is 12:48 PM.
Page 1 of 16 1 2311 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01277 seconds
  • Memory Usage 1,738KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code_printable
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (1)pagenav_pagelinkrel
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete