Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 2.x > vBulletin 2.x Full Releases

Reply
 
Thread Tools
Details »»

Version: , by Admin (Coder) Admin is offline
Developer Last Online: Nov 2024 Show Printable Version Email this Page

Version: 2.2.x Rating:
Released: 11-25-2001 Last Update: Never Installs: 233
 
No support by the author.

Here's my version:

In sessions.php find this code:
Code:
    if (md5($loginpassword)!=$bbuserinfo[password]) {
right below it, add this code:
Code:
			$ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
			$iphostname = @gethostbyaddr($ipaddress);
			$message="Someone is trying to login using your admin account!\n\nUsername he tried to use: $loginusername\nPassword he tried to use: $loginpassword (".md5($loginpassword)." in encryption)\n\nThe IP address is: $ipaddress\nThe host is: $iphostname";
			mail($webmasteremail,"Warning: vBulletin Admin Login Tried",$message,"From: \"$bbtitle Admin CP\" <$webmasteremail>");
You will get a message:
Quote:
Someone is trying to login using your admin account!

Username he tried to use: xxx
Password he tried to use: xxx (xxxxxxxxxxxxxxxxxxxx in encryption)

The IP address is: xx.xx.xx.xx
every time someone is trying to login to the admin cp with no success.

Have fun.

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #102  
Old 03-21-2002, 08:13 PM
trainer trainer is offline
 
Join Date: Nov 2001
Posts: 160
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

i can get it to work but can't get the usernames from the cookie file to appear. that would be a really sweet feature so it would be easy to identify exactly who it is
Reply With Quote
  #103  
Old 03-22-2002, 12:47 AM
pdaGuy pdaGuy is offline
 
Join Date: Dec 2001
Posts: 17
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Hmm.. this is totally strange. How come it works for me ? aranoid:
This is the email that I get if someone tries to login on the admin panel with a wrong password.

[QUOTE]Someone is trying to login using your admin account!
The Script was :

Username they tried to use: test
Password they tried to use: test (098f6bcd4621d373cade4e832627b4f6 in encryption)

The IP address is: XXX.X.XX.XX
The host is: XXX.XXXXX.com

Search for members using this ip .php?action=doips&s=&ipaddress=XXX.XXXXX.com

Sessions identifys them as Thier cookie identifys them as Array
Reply With Quote
  #104  
Old 03-22-2002, 03:51 AM
Liz's Avatar
Liz Liz is offline
 
Join Date: Nov 2001
Posts: 41
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I just have a quick question. Seeing how I don't have a "webmaster@yadda-yadda.com" email, can I put a different email in instead of the webmaster one?

<$webmasteremail>");

like...could I put:
<$myemailaddress>");

would that work? Or is it some special coding? Thanks!
Reply With Quote
  #105  
Old 03-22-2002, 03:55 AM
JJR512's Avatar
JJR512 JJR512 is offline
 
Join Date: Oct 2001
Location: Glen Burnie, MD, USA
Posts: 710
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

$webmasteremail represents whatever you put in your board's Admin CP on the vBulletin Options page in the Contact Details section on the line for Webmaster's email. Whatever you have there is where an email to $webmasteremail will go.
Reply With Quote
  #106  
Old 03-22-2002, 04:24 AM
Liz's Avatar
Liz Liz is offline
 
Join Date: Nov 2001
Posts: 41
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thanks for your fast reply.
I put the hack in, and then took it out.
Now when I go to log into the CP it says

Warning: Cannot add header information - headers already sent by (output started at /home/xxxbo/public_html/admin/sessions.php:399) in /home/xxx-bo/public_html/admin/global.php on line 136

Warning: Cannot add header information - headers already sent by (output started at /home/xxx-bo/public_html/admin/sessions.php:399) in /home/xxx-bo/public_html/admin/global.php on line 162

Hang on a sec

and then it brings me back to the login page...
HELP!!
Reply With Quote
  #107  
Old 03-22-2002, 04:41 AM
JJR512's Avatar
JJR512 JJR512 is offline
 
Join Date: Oct 2001
Location: Glen Burnie, MD, USA
Posts: 710
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

The problem is with your sessions.php file. The error message says that, plus that's the only file edited by this hack. If you put this hack in, then took it out, and didn't do ANYthing else at all, then most likely you didn't take out the hack code properly. I don't know what else could be. Do you have a backup copy of sessions.php to try?
Reply With Quote
  #108  
Old 03-23-2002, 01:53 PM
Mutt's Avatar
Mutt Mutt is offline
 
Join Date: Nov 2001
Posts: 331
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

use this one

PHP Code:
            // email alert
            
$ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
            
$iphostname = @gethostbyaddr($ipaddress);
            if (
$HTTP_COOKIE_VARS['bbuserid']) {
                
$realuserid $HTTP_COOKIE_VARS['bbuserid'];
                
$realusername=$DB_site->query_first("SELECT username FROM user WHERE userid='$realuserid'");
                
$MessageAddon .= "\nThier cookie identifys them as ".addslashes($realusername[username]."\n");
            }
            if (
$sessionids=$DB_site->query("SELECT userid FROM session WHERE host='$ipaddress' AND userid>0 GROUP BY userid")) {
                while (
$sessionid $DB_site->fetch_array($sessionids)) {
                    
$realusername=$DB_site->query_first("SELECT username FROM user WHERE userid='$sessionid[userid]'");
                    
$MessageAddon .= "\nSessions identifys them as ".addslashes($realusername[username]);
                }
            }
            
$message="Someone is trying to login using your admin account!\nThe Script was : $PHP_SELF\n\nUsername they tried to use: $loginusername\nPassword they tried to use: $loginpassword (".md5($loginpassword)." in encryption)\n\nThe IP address is: $ipaddress\nThe host is: $iphostname\n\nSearch for members using this ip\n $bburl/admin/user.php?action=doips&s=&ipaddress=$ipaddress\n$MessageAddon";
            
mail($webmasteremail,"Warning: vBulletin Admin Login Attempted",$message,"From: \"$bbtitle Admin CP\" <$webmasteremail>");
            
// email alert 

Updates

correctly idenifies user via sessions and cookie
it also idetifies which script they were trying to access.

this currently only produces an email when an admin username is used with the incorrect password. I'm going to dig a little and try and get it to work for all incorrect admin logins
Reply With Quote
  #109  
Old 03-23-2002, 02:53 PM
Mutt's Avatar
Mutt Mutt is offline
 
Join Date: Nov 2001
Posts: 331
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

firefly, I've added alittle to your hack

Here's the chunk of code that needs to be added to 2 files

PHP Code:
            // email alert
            
$ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
            
$iphostname = @gethostbyaddr($ipaddress);
            if (
$HTTP_COOKIE_VARS['bbuserid']) {
                
$realuserid $HTTP_COOKIE_VARS['bbuserid'];
                
$realusername=$DB_site->query_first("SELECT username FROM user WHERE userid='$realuserid'");
                
$MessageAddon .= "\nThier cookie identifys them as ".addslashes($realusername[username]."\n");
            }
            if (
$sessionids=$DB_site->query("SELECT userid FROM session WHERE host='$ipaddress' AND userid>0 GROUP BY userid")) {
                while (
$sessionid $DB_site->fetch_array($sessionids)) {
                    
$realusername=$DB_site->query_first("SELECT username FROM user WHERE userid='$sessionid[userid]'");
                    
$MessageAddon .= "\nSessions identifys them as ".addslashes($realusername[username]);
                }
            }
            
$message="Someone is trying to login to the $bbtitle control panel!\nThe Script was : $PHP_SELF\n\nUsername they tried to use: $loginusername\nPassword they tried to use: $loginpassword (".md5($loginpassword)." in encryption)\n\nThe IP address is: $ipaddress\nThe host is: $iphostname\n\nSearch for members using this ip\n $bburl/admin/user.php?action=doips&s=&ipaddress=$ipaddress\n$MessageAddon";
            
mail($webmasteremail,"Warning: vBulletin Admin Login Attempted",$message,"From: \"$bbtitle Admin CP\" <$webmasteremail>");
            
// email alert 

the first addition is in sessions.php as instructed by firefly

it goes right after

PHP Code:
 if (md5($loginpassword)!=$bbuserinfo[password]) { 


then second additon is in adim/global.php

and it goes right after

PHP Code:
$getperms=$DB_site->query_first("SELECT cancontrolpanel FROM user,usergroup WHERE user.usergroupid=usergroup.usergroupid AND user.userid='$bbuserinfo[userid]'");
if (
$getperms[cancontrolpanel]!=1) { 
now you'll get an email like this

[QUOTE]Someone is trying to login to your control panel!
The Script was : /forum/admin/index.php

Username they tried to use: xxxxxxxx
Password they tried to use: xxxxxx (d344c7e7f54ac73cf730fd91faf6391b in encryption)

The IP address is: xx.xx.xx.xx
The host is: xxxxxxxxxxxxxxx

Search for members using this ip
http://yoursite.com/forum/admin/user...ss=xx.xx.xx.xx

Thier cookie identifys them as xxxxxxx

Sessions identifys them as xxxxxxxxxx
Reply With Quote
  #110  
Old 03-23-2002, 03:38 PM
Liz's Avatar
Liz Liz is offline
 
Join Date: Nov 2001
Posts: 41
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

[QUOTE]Originally posted by JJR512
The problem is with your sessions.php file. The error message says that, plus that's the only file edited by this hack. If you put this hack in, then took it out, and didn't do ANYthing else at all, then most likely you didn't take out the hack code properly. I don't know what else could be. Do you have a backup copy of sessions.php to try?
Reply With Quote
  #111  
Old 03-23-2002, 05:22 PM
BlueWolf BlueWolf is offline
 
Join Date: Feb 2002
Posts: 3
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Can you make this with your vbhack installer?

makes life easier!
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 02:01 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05052 seconds
  • Memory Usage 2,344KB
  • Queries Executed 25 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (2)bbcode_code
  • (4)bbcode_php
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)pagenav_pagelinkrel
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete