The Arcive of Official vBulletin Modifications Site.

About Developer · **Released**: 01-31-2008

Email notification if someone attempts to access your Admin or Mod CP for vBulletin vB3.7.0 beta 4
Version 1.0.2
(By Boofo)

What does this modification do?
When someone tries to login to your Admin CP or Mod CP, you will get an email that contains the username they tried, their IP address, hostname, number of strikes, referrer, script, and the date & time of the attempt. It also will now distinguish itself in the message subject between a failed Admin CP attempt and a failed Mode CP attempt, so you will know right off which CP they tried to login to.

NOTE: Those who respectfully donate will be have access to the password version of this hack by sending me a PM after donation.

Credits:
Thanks to EvilLS1 for making the vB 3.0 version of this modification on which this update is based and released with permission.

Version Information:
Version 1.0.1 --Initial release
Version 1.0.2 --Removed password code for security reasons.

Installation overview:
--------------------------------------
Files to edit: (1)
--login.php

What it looks like in the Mod CP when an anonymous user tries to login:

-----------------------------------------------------
Someone is trying to login to your Your Forums Mod CP!
-----------------------------------------------------
Username tried: Ned
IP Address: 1.123.23.4
Host: 1-123-23-4.some.name.com
Strikes: 4 out of 5
Referer: http://www.yoursite.com/forums/modcp/
Script: http://www.yoursite.com/forums/login.php
Date & Time: Thursday, January 31st, 2008 at 8:22:29 am
-----------------------------------------------------

What it looks like in the Mod CP when a user from your site tries to login:

-----------------------------------------------------
Someone is trying to login to your Your Forums Mod CP!
-----------------------------------------------------
Username tried: Boofo
IP Address: 1.123.23.4
Host: 1-123-23-4.some.name.com
Strikes: 4 out of 5
Referer: http://www.yoursite.com/forums/modcp/
Script: http://www.yoursite.com/forums/login.php
Date & Time: Thursday, January 31st, 2008 at 8:22:29 am

USER ATTEMPT: Your Forums has identified this registered user as: Boofo

NOTE: If you do not click install, you do not need support.

Marco van Herwaarden · #22 02-04-2008, 08:44 AM

Quote:

Originally Posted by hornstar1337

I used to like the one that showed the attempted passwords lol

On a personal note: This was something i never liked about this modification. If you are an admin on many forums, you might by mistake try the password for board A to login to board B. If they password used is sent to the admin of Board A, then he might be able to "guess" your admin login for Forum B. I always refused to be an admin on a board that had this modification installed.

PS Boofo know my opinion on this, we already discussed that many years ago.

princeedward · #23 02-04-2008, 11:10 AM

gonna try this...hope its good and bring no problem...thanks for this bro...

Boofo · #24 02-04-2008, 12:10 PM

This hack has never brought anyone any problems. That is not what it is for.

iogames · #25 02-04-2008, 08:30 PM

Quote:

Originally Posted by Marco van Herwaarden

On a personal note: This was something i never liked about this modification. If you are an admin on many forums, you might by mistake try the password for board A to login to board B. If they password used is sent to the admin of Board A, then he might be able to "guess" your admin login for Forum B. I always refused to be an admin on a board that had this modification installed.

PS Boofo know my opinion on this, we already discussed that many years ago.

Ok so the password 'attempted' is sent to who???

Conner85 · #26 02-05-2008, 06:12 PM

So... do I edit ALL login.php files? I just edited the yoursite.com/login.php. Am I supposed to edit /modcp/login.php and /admincp/login.php?

Boofo · #27 02-05-2008, 06:23 PM

Only edit the one file in your forums directory. The hack states only 1 file edit plus most hacks usually have the full path to any files needing editing.

iogames · #28 02-07-2008, 11:23 PM

Then... who receives the notification?

dwh · #29 03-11-2008, 07:43 AM

Interesting hack. If you use .htaccess to block AdminCP, does this do anything extra since the login.php is inside the forums directory?

Too bad that the plugin system requires vB to manage all these hooks.

Since vb is developed using svn and each line of code is probably logged somewhere, it would be so cool if they could come up with a way to dynamically create your own hooks with just vb file version and line number...I know, sounds really complicated but so is the hooks system

Boofo · #30 03-11-2008, 10:34 AM

Quote:

Originally Posted by iogames

Then... who receives the notification?

The Admin receives the notification, but the password feature has been removed in this version as it wasn't worth the headache of listening to a few people complain about the so-called security issues.

Alfa1 · #31 03-11-2008, 04:24 PM

Is it a good idea to just upload the new login.php here, so that others do not have to do the bit of editing the file?

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.07656 seconds Memory Usage 2,305KB Queries Executed 27 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (3)bbcode_quote (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)modsystem_post (1)navbar (4)navbar_link (120)option (1)pagenav (1)pagenav_curpage (4)pagenav_pagelink (11)post_thanks_box (11)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (11)post_thanks_postbit_info (10)postbit (11)postbit_onlinestatus (11)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_postinfo_query fetch_postinfo fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start pagenav_page pagenav_complete tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!