Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 3.0 > vBulletin 3.0 Full Releases

Reply
 
Thread Tools
Email notification if someone attempts to access your Admin CP Details »»
Email notification if someone attempts to access your Admin CP
Version: 1.1, by EvilLS1 EvilLS1 is offline
Developer Last Online: May 2021 Show Printable Version Email this Page

Version: 3.0.5 Rating:
Released: 04-28-2004 Last Update: 01-07-2005 Installs: 239
 
No support by the author.

This is my version of the hack that Firefly released for VB2.

VB3's standard log of failed admincp login attempts is a nice feature.. but since you get no instant notification, by the time you check the log it could be too late. Also, the log doesn't show which passwords the potential intruder is trying... If someone is close to guessing my password I wanna know about it!

What does it do? With this hack, when someone tries to login to your admincp or modcp you'll get an email that contains the username they tried, the password they tried, their ip address, hostname, # of strikes, referer, script, and the date & time of the attempt.

It will look something like this:

Quote:
--------------------------------------------------
WARNING: Failed admin logon in vBulletin 3.0.1
--------------------------------------------------
Someone is trying to login to your Admin CP!

Username tried: JimbobJoe
Password tried: aCcEsS
IP Address: 67.13.27.156
Host: asd691917124.whatever.com
Strikes: 1/5
Referer: http://www.yoursite.com/forums/admincp/
Script: http://www.yoursite.com/forums/login.php
Date: Wednesday 28th of April 2004 07:50:02 AM
--------------------------------------------------
If the person who is attempting to access your CP happens to be registered & logged in, this line will also be included in the email:
Quote:
vBulletin has identified this user as: (intruder's real username here)
(Thanks to AlexanderT for the idea for this addon.)


Update (1-4-05): A couple of users have expressed concern about this mod sending a plaintext password over http for all logins. This update (v1.1) addresses that concern by only sending the password for cplogins. To update just re-do the first step in the instructions for your vbulletin version (the first edit to adminfunctions.php). Or if you'd prefer that the attempted password not be sent at all simply skip the edits to adminfunctions.php.

If you don't recieve an email when testing, make sure you have the webmaster email set in the admincp (vBulletin Options + Site Name / URL / Contact Details). Also, sometimes it takes a while for the email to arrive. So give it plenty of time before screaming "it doesn't work"..

Still not working? Read this!

Credits: Thanks to the original creator of this hack (Chen) for the idea, and thanks to Boofo for helping me test it.

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #112  
Old 09-15-2004, 09:56 PM
royals's Avatar
royals royals is offline
 
Join Date: Jul 2004
Location: kansas city
Posts: 52
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

thanks!
Reply With Quote
  #113  
Old 09-16-2004, 02:11 PM
HondaATC HondaATC is offline
 
Join Date: May 2004
Posts: 96
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Well I guess I'm the only one having this problem (3.03) but when I search for

Code:
// log this error if attempting to access the control panel
require_once('./includes/functions_log_error.php');
in login.php, it says its not there. Therefor I cannot add

Code:
$fstrk = "Strikes: $GLOBALS[strikes]/5\r\n";

$subject= 'WARNING: Failed admin logon in ' . $DB_site->appname . ' ' . $vboptions['templateversion'] . "\r\n\r\n";
			
$message="Someone is trying to login to your Admin CP!\n\n $fusername $fpassword $fipaddress Host: $iphostname\r\n $fstrk $freferer $fscriptpath $fdate $realname";

vbmail($vboptions['webmasteremail'], $subject, $message);
I am using the instructions for vb3.02 and up. Help?
Reply With Quote
  #114  
Old 09-17-2004, 02:09 AM
EvilLS1's Avatar
EvilLS1 EvilLS1 is offline
 
Join Date: Apr 2002
Location: Georgia, USA
Posts: 987
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

HondaATC,
In an un-modified v3.0.3 login.php the code is on lines 169 & 170.
Reply With Quote
  #115  
Old 09-17-2004, 01:38 PM
HondaATC HondaATC is offline
 
Join Date: May 2004
Posts: 96
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I found it, about 6 lines above that. Weird, don't know why the find>replace command didn't get it. Thanks for the help!
Reply With Quote
  #116  
Old 09-23-2004, 06:05 AM
fuse3k fuse3k is offline
 
Join Date: Sep 2004
Location: Tampa, FL
Posts: 21
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Great step towards security. Thank you very much, *Installed*.
Reply With Quote
  #117  
Old 09-24-2004, 11:49 PM
theArchitect's Avatar
theArchitect theArchitect is offline
 
Join Date: Sep 2004
Location: Sydney
Posts: 417
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Very cool. *clicks install*.

And very useful for the security conscious admins out there.
Reply With Quote
  #118  
Old 09-26-2004, 12:39 AM
theArchitect's Avatar
theArchitect theArchitect is offline
 
Join Date: Sep 2004
Location: Sydney
Posts: 417
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by EvilLS1
Its possible but not practical b/c your inbox would be filled with notifications due to regular members mis-typing their password or username. To do something like that it would be a better idea to store failed logins in the database and let the admin view them in the control panel.
It is possible and I have achieved it (though I didn't want too). I have checked my install procedure a couple of times but seem to have done everything correctly.

Any thoughts as to what I did wrong? It is getting annoying receiving e-mails when users miss type their details.
Reply With Quote
  #119  
Old 09-26-2004, 12:48 AM
EvilLS1's Avatar
EvilLS1 EvilLS1 is offline
 
Join Date: Apr 2002
Location: Georgia, USA
Posts: 987
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by theArchitect
It is possible and I have achieved it (though I didn't want too). I have checked my install procedure a couple of times but seem to have done everything correctly.

Any thoughts as to what I did wrong? It is getting annoying receiving e-mails when users miss type their details.
About the only thing I can think of that would cause it to report all mistyped passwords/usernames would be if you placed the last bit of code from the instructions (the last edit to login.php) in the wrong place.

Make sure this bit of code:
Code:
$fstrk = "Strikes: $GLOBALS[strikes]/5\r\n";

$subject= 'WARNING: Failed admin logon in ' . $DB_site->appname . ' ' . $vboptions['templateversion'] . "\r\n\r\n";
			
$message="Someone is trying to login to your Admin CP!\n\n $fusername $fpassword $fipaddress Host: $iphostname\r\n $fstrk $freferer $fscriptpath $fdate $realname";

vbmail($vboptions['webmasteremail'], $subject, $message);
..is after this bit of code:
Code:
		if ($logintype === 'cplogin' OR $logintype === 'modcplogin')
			{

		// log this error if attempting to access the control panel
			require_once('./includes/functions_log_error.php');
Other than that I can't think of anything that would cause it.
Reply With Quote
  #120  
Old 09-26-2004, 01:03 AM
theArchitect's Avatar
theArchitect theArchitect is offline
 
Join Date: Sep 2004
Location: Sydney
Posts: 417
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by EvilLS1
About the only thing I can think of that would cause it to report all mistyped passwords/usernames would be if you placed the last bit of code from the instructions (the last edit to login.php) in the wrong place.

Make sure this bit of code:
Code:
$fstrk = "Strikes: $GLOBALS[strikes]/5\r\n";

$subject= 'WARNING: Failed admin logon in ' . $DB_site->appname . ' ' . $vboptions['templateversion'] . "\r\n\r\n";
			
$message="Someone is trying to login to your Admin CP!\n\n $fusername $fpassword $fipaddress Host: $iphostname\r\n $fstrk $freferer $fscriptpath $fdate $realname";

vbmail($vboptions['webmasteremail'], $subject, $message);
..is after this bit of code:
Code:
		if ($logintype === 'cplogin' OR $logintype === 'modcplogin')
			{

		// log this error if attempting to access the control panel
			require_once('./includes/functions_log_error.php');
Other than that I can't think of anything that would cause it.
Thankyou for your speedy response. It is in the right spot. It will just have to go down as a "vB X File".

I have had one or two of these, so am not excessively surprised. Luckily my users don't get their passwords wrong too often.
Reply With Quote
  #121  
Old 09-26-2004, 01:08 AM
EvilLS1's Avatar
EvilLS1 EvilLS1 is offline
 
Join Date: Apr 2002
Location: Georgia, USA
Posts: 987
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Hmmm.. Weird. Are you sure these users aren't trying to login through the admin section? In the emails that you get what does it say next to referer?
If it says: http://www.yoursite.com/forums/admincp/ then they are trying to login through the admincp.
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 06:38 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.08046 seconds
  • Memory Usage 2,305KB
  • Queries Executed 25 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (6)bbcode_code
  • (5)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)pagenav_pagelinkrel
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete