Go Back   vb.org Archive > vBulletin Modifications > vBulletin 4.x Modifications > vBulletin 4.x Add-ons
Disable User Lockout Emails Details »»
Disable User Lockout Emails
Version: 0.9, by kh99 kh99 is offline
Developer Last Online: Sep 2020 Show Printable Version Email this Page

Category: Miscellaneous Hacks - Version: 4.2.2 Rating:
Released: 03-18-2015 Last Update: Never Installs: 14
Uses Plugins
Re-useable Code Translations Is in Beta Stage  
No support by the author.

What is it?
----------------------------
This mod adds the option to disable user 'lockout' emails, which are sent after 5 failed attempts to log in to a user's account.


Note: I'm currently working on another mod that will add other login attempt notifications for admins.


Installation:
----------------------------
1) Import the product XML file from the Product Manager.

2) Go to Settings > Options > General Options and set "Enable User Lockout Email Notifications" as desired. If you want to allow some usergroups (such as admins) to continue to receive notifications for their own accounts, you can list the usergroupids (separated by commas) in the "Force Usergroup Lockout Email Notifications" option.


History:
----------------------------
0.9 (Mar 19, 2015)
  • Initial Release

Download Now

File Type: zip product-kh99_lockout_email_v0_9.zip (83.2 KB, 37 views)

Screenshots

File Type: jpg sg1.JPG (101.1 KB, 0 views)

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.
Благодарность от:
TheLastSuperman

Comments
  #2  
Old 03-19-2015, 03:26 PM
synseal's Avatar
synseal synseal is offline
 
Join Date: Apr 2009
Posts: 334
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I have been getting (especially just of late) numerous failed log in attempts on members accounts which seem to be all from crawlers ignoring our robot.txt

This will put an end to that and hopefully stop members thinking there account is being hacked.

Perfect Thanks!

Edit=Tested and working fine
Reply With Quote
Благодарность от:
kh99
  #3  
Old 03-24-2015, 05:12 PM
409industries 409industries is offline
 
Join Date: Jan 2008
Posts: 63
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

So glad that this mod was released, thank you kh99!

In just the past 4 weeks our forum has been hammered by bots in China trying to brute force our login page on anyone and everyone's accounts. They don't appear to be getting in, but it causes a panic by our members who start emailing the admins thinking their account has been hacked when they get the notice.

Super easy install, i'll monitor how well it works.

One option that would be really nice is to keep the notifications disabled being sent to the forum member's email address but have the login attempts CC'd to an administrator. That way admins can keep an eye on any bot / hack activity trying to login unsuccessfully.

Marked as installed. 5 stars.
Reply With Quote
Благодарность от:
kh99
  #4  
Old 03-24-2015, 05:25 PM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I started to add that, then decided it would be better to write records to a db table and send a summary, like once an hour. But of course I got sidetracked. Maybe i'll just go back and add an alternate email address.
Reply With Quote
  #5  
Old 03-24-2015, 05:34 PM
409industries 409industries is offline
 
Join Date: Jan 2008
Posts: 63
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by kh99 View Post
I started to add that, then decided it would be better to write records to a db table and send a summary, like once an hour. But of course I got sidetracked. Maybe i'll just go back and add an alternate email address.
The DB entries might be interesting for generating ban lists, etc.

Depending on how much invalid login attempts are going on, the email route could generate a lot of email traffic. However, if its pretty quiet an occasional email would be just fine.

Still, some mechanism should be in place to keep admins aware if bots are constantly trying to login, so that we can react accordingly (more IP bans, etc)

Thank you again!
Reply With Quote
  #6  
Old 03-24-2015, 06:40 PM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by 409industries View Post
The DB entries might be interesting for generating ban lists, etc.

Depending on how much invalid login attempts are going on, the email route could generate a lot of email traffic. However, if its pretty quiet an occasional email would be just fine.

Still, some mechanism should be in place to keep admins aware if bots are constantly trying to login, so that we can react accordingly (more IP bans, etc)

Thank you again!
Well, I just saw your post in the dbtech product thread. Doesn't that take care of notifications?
Reply With Quote
  #7  
Old 03-25-2015, 11:17 AM
woodmj woodmj is offline
 
Join Date: Sep 2013
Posts: 66
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I found the IPs the attacks seemed to be coming from were member IPs so I was banning my members when I was blocking them. Is it possible the attacks just fake IPs?
Reply With Quote
  #8  
Old 03-25-2015, 11:23 AM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by woodmj View Post
I found the IPs the attacks seemed to be coming from were member IPs so I was banning my members when I was blocking them. Is it possible the attacks just fake IPs?
Yeah, we were talking about that on vbulletin.com I think. I guess it's possible but I don't know enough about it to know how it's done. I mean, I know an IP packet could contain a fake source ip, but then whoever sent it isn't going to get a response, so I don't see how that helps someone guess passwords. Could be something else is going on there. Have you been in contact with any of those users so that you know they had nothing to do with it?

Hmm, well, I guess maybe someone spoofing IPs could blindly send the right packets to try a login, then use a different ip to see if the user is online. In that case I think the "HV on login" mod should stop that, if the HV is something that can't be guessed.
Reply With Quote
  #9  
Old 03-25-2015, 04:45 PM
409industries 409industries is offline
 
Join Date: Jan 2008
Posts: 63
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by kh99 View Post
Well, I just saw your post in the dbtech product thread. Doesn't that take care of notifications?
Yes! It actually does. I forgot to reconfigure the watchers option there. Thanks for the heads up.
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 07:33 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.10467 seconds
  • Memory Usage 2,308KB
  • Queries Executed 25 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (4)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (4)navbar_link
  • (120)option
  • (9)post_thanks_box
  • (3)post_thanks_box_bit
  • (9)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (3)post_thanks_postbit
  • (9)post_thanks_postbit_info
  • (8)postbit
  • (2)postbit_attachment
  • (9)postbit_onlinestatus
  • (9)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_attachment
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete