Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 3.0 > vBulletin 3.0 Full Releases

Reply
 
Thread Tools
Email notification if someone attempts to access your Admin CP Details »»
Email notification if someone attempts to access your Admin CP
Version: 1.1, by EvilLS1 EvilLS1 is offline
Developer Last Online: May 2021 Show Printable Version Email this Page

Version: 3.0.5 Rating:
Released: 04-28-2004 Last Update: 01-07-2005 Installs: 239
 
No support by the author.

This is my version of the hack that Firefly released for VB2.

VB3's standard log of failed admincp login attempts is a nice feature.. but since you get no instant notification, by the time you check the log it could be too late. Also, the log doesn't show which passwords the potential intruder is trying... If someone is close to guessing my password I wanna know about it!

What does it do? With this hack, when someone tries to login to your admincp or modcp you'll get an email that contains the username they tried, the password they tried, their ip address, hostname, # of strikes, referer, script, and the date & time of the attempt.

It will look something like this:

Quote:
--------------------------------------------------
WARNING: Failed admin logon in vBulletin 3.0.1
--------------------------------------------------
Someone is trying to login to your Admin CP!

Username tried: JimbobJoe
Password tried: aCcEsS
IP Address: 67.13.27.156
Host: asd691917124.whatever.com
Strikes: 1/5
Referer: http://www.yoursite.com/forums/admincp/
Script: http://www.yoursite.com/forums/login.php
Date: Wednesday 28th of April 2004 07:50:02 AM
--------------------------------------------------
If the person who is attempting to access your CP happens to be registered & logged in, this line will also be included in the email:
Quote:
vBulletin has identified this user as: (intruder's real username here)
(Thanks to AlexanderT for the idea for this addon.)


Update (1-4-05): A couple of users have expressed concern about this mod sending a plaintext password over http for all logins. This update (v1.1) addresses that concern by only sending the password for cplogins. To update just re-do the first step in the instructions for your vbulletin version (the first edit to adminfunctions.php). Or if you'd prefer that the attempted password not be sent at all simply skip the edits to adminfunctions.php.

If you don't recieve an email when testing, make sure you have the webmaster email set in the admincp (vBulletin Options + Site Name / URL / Contact Details). Also, sometimes it takes a while for the email to arrive. So give it plenty of time before screaming "it doesn't work"..

Still not working? Read this!

Credits: Thanks to the original creator of this hack (Chen) for the idea, and thanks to Boofo for helping me test it.

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #102  
Old 08-20-2004, 10:35 AM
Onkel_Tom's Avatar
Onkel_Tom Onkel_Tom is offline
 
Join Date: Mar 2002
Location: Stuttgart- Germany
Posts: 208
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by EvilLS1
Onkel_Tom,
Like Zelda-King said, that sounds like a missed file edit. Recheck all of your file edits, specifically those in adminfunctions.php.
Sorry, i checked the code more than twice and the empty password field in eMail still exists. I also compared the installation instructions for vB before 3.0.2 with the 3.0.0 an above version to see what is the difference, but both look similar exclude the "find twice" step.

I'm using vB3.0.3, perhaps this could be the problem ?
Reply With Quote
  #103  
Old 08-20-2004, 12:43 PM
Zelda-King's Avatar
Zelda-King Zelda-King is offline
 
Join Date: Nov 2002
Location: London, England
Posts: 674
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

No, I'm using 3.0.3 and it's working.
Reply With Quote
  #104  
Old 08-20-2004, 01:15 PM
Onkel_Tom's Avatar
Onkel_Tom Onkel_Tom is offline
 
Join Date: Mar 2002
Location: Stuttgart- Germany
Posts: 208
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

thanks for the answer.
Reply With Quote
  #105  
Old 08-20-2004, 04:42 PM
grief's Avatar
grief grief is offline
 
Join Date: Jul 2004
Posts: 8
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

/me clicks install
Reply With Quote
  #106  
Old 08-23-2004, 06:28 PM
italks italks is offline
 
Join Date: Jan 2004
Location: New Delhi,INDIA
Posts: 47
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

INSTALLED here too thanks.
Reply With Quote
  #107  
Old 08-27-2004, 12:15 PM
RS25com RS25com is offline
 
Join Date: Dec 2001
Posts: 87
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You know what could be an interesting add-on? Use it for SUCCESSFUL logons as well. Now, of course, if it's just a one-man show (like many sites) you'll know when you have logged on. If you had mods, you'll see their logon attempts and passwords, but hopefully you won't abuse your mods, now, anyway since you could easily change their password if you REALLY wanted to log in as them.

However, this could be good to identify someone who actually KNOWS your password and is logging in.

Thoughts?
Reply With Quote
  #108  
Old 08-27-2004, 01:56 PM
EvilLS1's Avatar
EvilLS1 EvilLS1 is offline
 
Join Date: Apr 2002
Location: Georgia, USA
Posts: 987
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by RS25com
You know what could be an interesting add-on? Use it for SUCCESSFUL logons as well. Now, of course, if it's just a one-man show (like many sites) you'll know when you have logged on. If you had mods, you'll see their logon attempts and passwords, but hopefully you won't abuse your mods, now, anyway since you could easily change their password if you REALLY wanted to log in as them.

However, this could be good to identify someone who actually KNOWS your password and is logging in.

Thoughts?
Check this post for my thoughts on viewing other user's passwords:
https://vborg.vbsupport.ru/showpost....2&postcount=46
Reply With Quote
  #109  
Old 08-28-2004, 01:41 AM
SamirDarji SamirDarji is offline
 
Join Date: Apr 2004
Posts: 645
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

There has been a lot of discussion about something like this to see all login requests, which would be a huge amount of data on larger sites. But what about the idea of limiting the monitoring to a particular user group, like administrators or mods? That would target the important accounts. Just an idea at this point. I have to get my board up and running the way I want before I start hacking at it.
Reply With Quote
  #110  
Old 09-01-2004, 03:21 AM
SaN-DeeP's Avatar
SaN-DeeP SaN-DeeP is offline
 
Join Date: Jun 2002
Location: Mumbai, India
Posts: 1,195
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

someone the hack dont work for me ?
i am using vb 3.0.3

when a normal user enters correct username/password and tries to access the admincp, I do not receive an email.
Even the user dont get an error-message (only if he is using the correct user/pass)

I am getting email when he enters wrong user/pass to admincp

I guess, it should also send emails, when users enters correct username/password but they dont have access to admincp ?

correct me if i am wrong.

thank you
Reply With Quote
  #111  
Old 09-01-2004, 11:36 AM
EvilLS1's Avatar
EvilLS1 EvilLS1 is offline
 
Join Date: Apr 2002
Location: Georgia, USA
Posts: 987
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

San-Deep,
No, thats how its supposed to work. You will only get an email if someone enters an incorrect username or password. If they enter the correct username and password but do not have access it'll log them into the forum but not the admincp (just redirects them back to the cp login page).
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 01:56 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04977 seconds
  • Memory Usage 2,302KB
  • Queries Executed 25 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (4)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete