Administrative and Maintenance Tools - [DBTech] vBSecurity v2 (vB4)

vBSecurity: What is it?
vBSecurity keeps a watchful eye over your forum even when you are not there, and has the capability to alert you of any suspicious activity.

Uses

vBSecurity is the ideal product for forums that are concerned about security, or wish to be alerted when something suspicious happens.
It keeps a watchful eye on your configuration file, ensuring that it does not get modified by mods or plugins.
Another important feature is the ability to add a secondary login, unique to each administrator, that is required before accessing the AdminCP. Ideal for forums where multiple administrators may share login information, or where administrators may log in from public computers.
Add in quick settings for the most vital vBulletin Options and Usergroup password settings, vBSecurity can easily be called one of the most comprehensive security suites for your vBulletin forum.

-------------------------------------------------------------------------------------------

If you like this mod please hit the button to the right ---->

Please remember to click the, button to the right if you installed the mod ---->

What does 'Marking As Installed' do ?

* It helps you to stay on top of updates - members who have installed modifications will be notified by us whenever new updates are available.

* For security issues - vbulletin.org will contact all members who have installed a modification whenever a security issue is brought to their attention.

* Marking a modification as installed also helps us know how many people are using our work, giving us extra incentive to provide more features and new modifications.

We appreciate the support!
-------------------------------------------------------------------------------------------

Priority support & Product Demos available at: http://www.dragonbyte-tech.com

-------------------------------------------------------------------------------------------

Translations available @ our forum
Support for translations handled by the translator in its respective threads only.

-------------------------------------------------------------------------------------------

Major Features
Administrator Security: .htaccess-like logins for your administrators means that even if they use the same password on multiple sites, malicious users still need a fresh, unique password to log in.

Security Watchers: Keep an eye on the most important aspects of vBulletin: config.php tampering, AdminCP / User Account access attempts, vBulletin Options, User Data, Usergroup Settings and Usergroup Permissions.
Detailed changelogs available for each watcher dealing with changes.
IP Ban, User Ban, Email alerts and temporary forum closure options available for each watcher individually.

Lite
* Searchable list of all AdminCP access attempts
* Searchable list of all failed login attempts
* Searchable list of administrator changes for areas governed by the Security Watchers
* vBOption: IP Address whitelist for AdminCP access
* vBOption: Separate "Closed Reason" for closures that happened due to potential security breaches
* Quick setting page for the most important vBulletin Options security settings
* Quick setting page for the most important Usergroup security settings
* Security Watchers: General - config.php Variable Tampering, AdminCP Access Attempts
* Security Watchers: Logins - Failed Logons, Failed Mass Logons
* Security Watchers: vBOptions - vBulletin Active, Reason For Turning vBulletin Off, Banned Email Addresses, Banned IP Addresses, Use Login "Strikes" System, Whitelisted IP Addresses, Whitelisted IP Addresses - Exclude Super Administrators
* Security Watchers: User Data - User Name, Password, Email, Primary Usergroup, Additional Usergroups, Reputation Level, Warnings, Infractions, Infraction Points, Receive Admin Emails
* Security Watcher Actions: 2 thresholds with individual configuration options, IP Ban / User Ban / Email Webmaster / Close Forum options available for each Watcher option listed above. Some watcher options may not have all actions.

Pro
* Optional .htaccess-like login on a per-administrator basis
* Settings Snapshots - take a "snapshot" of how the vBulletin Options look at the time, instant restore by clicking Load on a previous snapshot
* Security Watchers: Usergroup - Password Expiry, Password History, every usergroup permission group, every "value" permission
* IP Guard: Administrator IP Address authorisation scheme (similar to Steam Guard) - Require email verification for new IP addresses to access the AdminCP, per-administrator disable

-------------------------------------------------------------------------------------------
This mod displays a copyright notification in the footer of all pages which includes:

• 1 Link to DragonByte Technologies homepage
• 1 Link to Product Description page of this modification

[DragonByte Tech]

Quote:

Originally Posted by Soidberg

Could you make it possible to position Data[IPADDRESS] at a random place within the phrase ("dbtech_vbmail_security_alert_body"&"dbtech_vbsec urity_access_new_ip_message")?. Like: $IPADDRESS ?

I want to restyle the email text completely with a new location of the IP address.

sry for my horrible English

You can translate the phrases via the Phrase Manager. Why would you want to randomise the location?

Quote:

Originally Posted by Soidberg

Dear DragonByte Tech,

I have an Idea which perhaps could be easily integrated within vBulletin. I? very interested in what you think about it.

My idea is about DDoS protection for vBulletin by Cloudflare. Cloudflare is focussed on DDoS protection and offers great free services for the public. Since Cloudflare provides a webservice API via an API Key, the DDoS protection of Cloudflare can be utilized by just invoking URIs by vBulletin to block attackers right in the Cloud so they even can reach the target system.

The technical approach is done by invoking URIs for blocking and unblocking IP addresses. A block could be triggered by any relevant alert to be defined by the vBulletin operators to fit their needs.

In vbulletin it could look like this ...

Admin Panel Menu (example):
Attachment 144558

Action (example):
Attachment 144560

Options (for example):
Attachment 144559


All you need is a free account with Cloudflare, the generated security tokens and of course your addon. :)

Example Block:

HTML Code:

https://www.cloudflare.com/api.html?a=ban&key <IPADRESS> = & u = EMAILUSER@EMAIL.com & tkn = TOKEN

Example unblock:

HTML Code:

https://www.cloudflare.com/api.html?a=nul&key <IPADRESS> = & u = EMAILUSER@EMAIL.com & tkn =TOKEN

Note: Since Cloudflare is acting as a reverse proxy operators should install mod_cloudflare for apache to see real origin IP addresses instead of Cloudflare proxy IP addresses....see here.

regards
Soidberg

Definitely an interesting idea, if you re-post it over at our forums we'll be sure to take it into consideration for future versions


Fillip

[Dwarden]

i do wonder ... would be possible to add usergroup watcher / protector into this plugin ?

so nobody can mess with such groups (adding users) ?

[DragonByte Tech]

There already is a watcher - it's a Pro-only feature.

Protectors are covered by your AdminCP permissions, which is a default vBulletin feature.

Fillip

[DragonByte Tech]

Update

Hotfix: PHP 5.4 Compatibility fixes


This does not guarantee the mod is error free on PHP 5.4, but it will take care of the reported errors. Thank you all for your reports



Fillip

[madness85]

Quote:

Originally Posted by DragonByte Tech

Update

Hotfix: PHP 5.4 Compatibility fixes


This does not guarantee the mod is error free on PHP 5.4, but it will take care of the reported errors. Thank you all for your reports



Fillip

Hi I see it logs all user login attempts but I see no option to prune the log is it possible?

[rhody401]

I upgraded to 1.1.1 today and now see this on the top left, every time I sign into ADMIN CP:

Quote:

IP Address Verifier
Current IP Address
1.2.3.4
Stored IP Address
N/A
Mismatch
[Admin Access Log]

(my real ip is the current, not 1.2.3.4 - changed for security reasons)

I'm not sure how to fix this, to make the notice go away. When I disable this mod temporarily, it goes away. My user id IS set up as a super administrator in config.php and I have even whitelisted the ip in the settings for this add-on.

Any suggestions appreciated

Rhody

[rhody401]

Ah disregard. The next day it had my real ip in both sections. I guess the first time it hasnt saved/logged your IP yet. (resulting in the mismatch error)

[sharcker]

Hi, This Works for vB 5.0.5?

[ForceHSS]

<a href="https://vborg.vbsupport.ru/attachment.php?attachmentid=135371&d=1325289905" target="_blank">Is this option only in the pro</a>

[rhody401]

I think I found a bug in version 1.1.1

On my 4.2.1 patched system, this has happened twice in the past month.

I have multiple admins and if an admin enters the wrong password just ONCE, it treats it like 25+ brute force attempts. It takes action with one attempt, ignoring the settings for # of attempts.

Under SECURITY WATCHERS: GENERAL - I have:

Quote:

12 AdminCP access attempts from SAME IP ADDRESS attempts in 1 hour: Email Webmaster

25 AdminCP access attempts from ANY IP ADDRESS attempts in 1 hour: Email Webmaster, Close Forum, Ban IP

Twice it has set off both of the above (two emails, closed forum, etc) for a single wrong password attempt.

I have temporarily taken away its ability to close the forum, because I was out yesterday and it shut down the forum for almost 5 hours.

If I can help in any way to help duplicate/identify this behavior - don't hesitate to email me.

Thanks
Rhody