Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 03-01-2015, 08:55 AM
woodmj woodmj is offline
 
Join Date: Sep 2013
Posts: 66
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Add Login To HVM Config Options

Hi, Is there anyway I can add login to the list of configurable Human Verification options in VB4.2.2? I'd just like to put a dent in the mass brute force login attempts happening on my forum. Banning IP blocks and proxies doesn't seem to work. Maybe hackers are using fake IPs.
Reply With Quote
  #2  
Old 03-01-2015, 10:26 AM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Of course it can be done, but there is no simple way like setting an option or editing a template. It would take some coding and possibly some file changes. You could post a request in Modification Requests/Questions (Unpaid), or in Requests for Paid Services if you want to pay someone to do it.
Reply With Quote
  #3  
Old 03-01-2015, 09:42 PM
bridge2heyday's Avatar
bridge2heyday bridge2heyday is offline
 
Join Date: Aug 2014
Location: Egypt
Posts: 141
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Vbulletin has Strikes system and it is very effective against brute force attacks
Reply With Quote
Благодарность от:
kh99
  #4  
Old 03-02-2015, 10:51 AM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

That's a good point. I was thinking woodmj wanted additional security, but it could be that some people don't know about that.
Reply With Quote
  #5  
Old 03-02-2015, 11:34 AM
woodmj woodmj is offline
 
Join Date: Sep 2013
Posts: 66
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

My thinking is I'm getting waves of brute force attacks against member accounts that still persist past the VB strikes system, after blocking China etc in Apache and installing an anti-proxy mod. I'm guessing the hacking programs are just passing random values directly to login.php so I wondered if popping in some form of Captcha that needed to be satisfied before you could talk to login.php might slow the attacks down. For instance I use Q&A HVM on my registrations that has worked well for much time but it would be nice to apply that to accessing login.php as well.
Reply With Quote
  #6  
Old 03-02-2015, 11:37 AM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

OK, I think that does make sense, because probably any change in the login process will be enough to stop the attacks. Maybe if I have time later I'll look to see how hard that would be. One thing I can see right away is that the main login above the navbar will have to go to another page to do the HV.
Reply With Quote
  #7  
Old 03-02-2015, 11:45 AM
woodmj woodmj is offline
 
Join Date: Sep 2013
Posts: 66
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Ok. Any help/thoughts would be greatly appreciated.
Reply With Quote
  #8  
Old 03-02-2015, 11:53 AM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

And I'll say this before someone else does: some people will find it annoying to have anything extra to do when logging in. But I have an idea to reduce that. One is to make an option only to show it after one or two failures, so that it isn't there at first but kicks in before the strikes. Another would be to monitor any "strike outs" on any user name, and start showing the HV only if the lockouts hit a certain rate (like X in the past hour or whatever).
Reply With Quote
  #9  
Old 03-02-2015, 12:15 PM
woodmj woodmj is offline
 
Join Date: Sep 2013
Posts: 66
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

One thing I have noticed is I don't seem to be able to collate the attacks effectively with VBSecurity as far as IPs go as the IPs just seem to be random or faked to look like a member one which just leads to member's getting locked out and the hackers carrying on hacking.
Reply With Quote
  #10  
Old 03-02-2015, 12:18 PM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Yeah, I'm curious about that. As someone on vbulletin.com mentioned, I guess there's been a new wave of attacks because there's a new database of usernames and passwords going around. So I suppose it could include ip addresses as well. I also don't know how it could be faked, but if that's what you're seeing then there must be a way.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 04:18 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04644 seconds
  • Memory Usage 2,250KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (1)post_thanks_box_bit
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete