Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 3.6 > vBulletin 3.6 Add-ons
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
Security Token Notification Details »»
Security Token Notification
Version: 1.0.1, by Andreas Andreas is offline
Developer Last Online: Jan 2023 Show Printable Version Email this Page

Category: Administrative and Maintenance Tools - Version: 3.6.9 Rating:
Released: 04-23-2008 Last Update: 05-26-2008 Installs: 75
Uses Plugins
 
No support by the author.

This simple mod logs security token erorrs to vBulletin PHP error log and optionally sends an E-Mail to the webmaster.

Example Log Entry
Code:
Missing or Invalid Security Token detected.

Script Call Backtrace
=====================
#0 C:\Programme\XAMPP Lite\htdocs\vb310\includes\functions.php line 2420: eval()
#1 C:\Programme\XAMPP Lite\htdocs\vb310\includes\init.php line 417: fetch_error(security_token_missing,ltr,sendmessage.php)
#2 C:\Programme\XAMPP Lite\htdocs\vb310\global.php line 20: require_once(C:\Programme\XAMPP Lite\htdocs\vb310\includes\init.php)
#3 C:\Programme\XAMPP Lite\htdocs\vb310\newthread.php line 49: require_once(C:\Programme\XAMPP Lite\htdocs\vb310\global.php)

POST Variables
===============
Array
(
    [do] => foo
    [f] => 3
    [forumid] => 3
    [securitytoken] => 
)

Request URI
===========
/vb368pl1/newthread.php?do=foo

Datum: 24.04.2008 11:36:08
Benutzername: Kirby
IP-Adresse: 127.0.0.1
If you do not know what this is about, you most likely won't need it

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #12  
Old 04-24-2008, 03:35 PM
Andreas's Avatar
Andreas Andreas is offline
 
Join Date: Jan 2004
Location: Germany
Posts: 6,863
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Works just fine for me
Reply With Quote
  #13  
Old 04-24-2008, 06:18 PM
Barakat's Avatar
Barakat Barakat is offline
 
Join Date: Nov 2004
Location: Jerusalem
Posts: 571
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Boofo View Post
What did you change in it? </templates> is still there.
in his original xml there were

<templates>
</templates>
</templates>

one of them have no need to be there. i believe he just fix it ,
Reply With Quote
  #14  
Old 04-24-2008, 06:54 PM
mihai11 mihai11 is offline
 
Join Date: Dec 2005
Location: Sibiu - Romania
Posts: 199
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Can somebody explain to me in more detail what this hack does ? First of all, what is a "security token" ?

Regards,
Razvan
Reply With Quote
  #15  
Old 04-24-2008, 07:15 PM
Dannyloski Dannyloski is offline
 
Join Date: Jun 2006
Location: FL
Posts: 401
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

OMFG! Thank you for this, with 3.6.10 and the fact that some Modifications wont work because of the new Security Token, now I can rest in peace to know which one those are when they are accessed ... :up: on a great Mod ...
Reply With Quote
  #16  
Old 04-24-2008, 09:59 PM
Mike-D Mike-D is offline
 
Join Date: Jan 2006
Location: Cologne / Germany
Posts: 270
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by mihai11 View Post
First of all, what is a "security token" ?
Security Tokens are small Hardware Devices that owners carries to authorize access to a Network Service. That means: Security Tokens provide an extra level of assurance thru a method known as TFA (Two-Factor Authentication). In this case the user has a PIN (Personal Identification Number which authorizes them as the owner of that particular device. So the device then shows a number which uniquely identifies the user to the service and allowing them to log in. The identification number for each user is changed frequently, usually every 3 min's. See also Wikipedia
Reply With Quote
  #17  
Old 04-24-2008, 10:09 PM
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Location: Des Moines, IA (USA)
Posts: 15,776
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Good explanation, Mike, but I think they want to know how it applies to vBulletin now.
Reply With Quote
  #18  
Old 04-24-2008, 10:09 PM
Mike-D Mike-D is offline
 
Join Date: Jan 2006
Location: Cologne / Germany
Posts: 270
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by mihai11 View Post
Can somebody explain to me in more detail what this hack does ?
That what he wrotes...
Quote:
Originally Posted by Andreas
This simple mod logs security token erorrs to vBulletin PHP error log and optionally sends an E-Mail to the webmaster.
See also the Plugin called "Detect Security Token Failure". The most important is the $backtrace variable and the rest is pretty self explained
Reply With Quote
  #19  
Old 04-24-2008, 10:42 PM
Konstantinos Konstantinos is offline
 
Join Date: Apr 2006
Posts: 443
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

so this will tell us which mod file needs to add define('CSRF_PROTECTION', true); immediately below define('THIS_SCRIPT', '... ???
Reply With Quote
  #20  
Old 04-24-2008, 10:49 PM
steven s's Avatar
steven s steven s is offline
 
Join Date: Aug 2004
Location: Greenville, SC
Posts: 572
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Wouldn't this only be needed for v 3.6.10 and 3.7RC4?
Reply With Quote
  #21  
Old 04-25-2008, 12:39 AM
Trana Trana is offline
 
Join Date: Apr 2005
Posts: 604
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Boofo View Post
Good explanation, Mike, but I think they want to know how it applies to vBulletin now.
OK, clearly something significant occurred to necessitate 3.6.10. Can you guys not be so cryptic for the rest of us who are not up on what is going on?

How does this affect 3.6.10? How does this affect installed mods?
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 04:39 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.08844 seconds
  • Memory Usage 2,309KB
  • Queries Executed 25 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)bbcode_code
  • (5)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete