The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
Email notification if someone attempts to access your Admin CP Details »» | |||||||||||||||||||||||||||||
Email notification if someone attempts to access your Admin CP
Developer Last Online: May 2021
This is my version of the hack that Firefly released for VB2.
VB3's standard log of failed admincp login attempts is a nice feature.. but since you get no instant notification, by the time you check the log it could be too late. Also, the log doesn't show which passwords the potential intruder is trying... If someone is close to guessing my password I wanna know about it! What does it do? With this hack, when someone tries to login to your admincp or modcp you'll get an email that contains the username they tried, the password they tried, their ip address, hostname, # of strikes, referer, script, and the date & time of the attempt. It will look something like this: Quote:
Quote:
Update (1-4-05): A couple of users have expressed concern about this mod sending a plaintext password over http for all logins. This update (v1.1) addresses that concern by only sending the password for cplogins. To update just re-do the first step in the instructions for your vbulletin version (the first edit to adminfunctions.php). Or if you'd prefer that the attempted password not be sent at all simply skip the edits to adminfunctions.php. If you don't recieve an email when testing, make sure you have the webmaster email set in the admincp (vBulletin Options + Site Name / URL / Contact Details). Also, sometimes it takes a while for the email to arrive. So give it plenty of time before screaming "it doesn't work".. Still not working? Read this! Credits: Thanks to the original creator of this hack (Chen) for the idea, and thanks to Boofo for helping me test it. Show Your Support
|
Comments |
#112
|
||||
|
||||
thanks!
|
#113
|
|||
|
|||
Well I guess I'm the only one having this problem (3.03) but when I search for
Code:
// log this error if attempting to access the control panel require_once('./includes/functions_log_error.php'); Code:
$fstrk = "Strikes: $GLOBALS[strikes]/5\r\n"; $subject= 'WARNING: Failed admin logon in ' . $DB_site->appname . ' ' . $vboptions['templateversion'] . "\r\n\r\n"; $message="Someone is trying to login to your Admin CP!\n\n $fusername $fpassword $fipaddress Host: $iphostname\r\n $fstrk $freferer $fscriptpath $fdate $realname"; vbmail($vboptions['webmasteremail'], $subject, $message); |
#114
|
||||
|
||||
HondaATC,
In an un-modified v3.0.3 login.php the code is on lines 169 & 170. |
#115
|
|||
|
|||
I found it, about 6 lines above that. Weird, don't know why the find>replace command didn't get it. Thanks for the help!
|
#116
|
|||
|
|||
Great step towards security. Thank you very much, *Installed*.
|
#117
|
||||
|
||||
Very cool. *clicks install*.
And very useful for the security conscious admins out there. |
#118
|
||||
|
||||
Quote:
Any thoughts as to what I did wrong? It is getting annoying receiving e-mails when users miss type their details. |
#119
|
||||
|
||||
Quote:
Make sure this bit of code: Code:
$fstrk = "Strikes: $GLOBALS[strikes]/5\r\n"; $subject= 'WARNING: Failed admin logon in ' . $DB_site->appname . ' ' . $vboptions['templateversion'] . "\r\n\r\n"; $message="Someone is trying to login to your Admin CP!\n\n $fusername $fpassword $fipaddress Host: $iphostname\r\n $fstrk $freferer $fscriptpath $fdate $realname"; vbmail($vboptions['webmasteremail'], $subject, $message); Code:
if ($logintype === 'cplogin' OR $logintype === 'modcplogin') { // log this error if attempting to access the control panel require_once('./includes/functions_log_error.php'); |
#120
|
||||
|
||||
Quote:
I have had one or two of these, so am not excessively surprised. Luckily my users don't get their passwords wrong too often. |
#121
|
||||
|
||||
Hmmm.. Weird. Are you sure these users aren't trying to login through the admin section? In the emails that you get what does it say next to referer?
If it says: http://www.yoursite.com/forums/admincp/ then they are trying to login through the admincp. |
Thread Tools | |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|