Get an e-mail if someone is trying to access your Admin CP (With IP address)

Here's my version:

In sessions.php find this code:

Code:

    if (md5($loginpassword)!=$bbuserinfo[password]) {

right below it, add this code:

Code:

			$ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
			$iphostname = @gethostbyaddr($ipaddress);
			$message="Someone is trying to login using your admin account!\n\nUsername he tried to use: $loginusername\nPassword he tried to use: $loginpassword (".md5($loginpassword)." in encryption)\n\nThe IP address is: $ipaddress\nThe host is: $iphostname";
			mail($webmasteremail,"Warning: vBulletin Admin Login Tried",$message,"From: \"$bbtitle Admin CP\" <$webmasteremail>");

You will get a message:

Quote:

Someone is trying to login using your admin account!

Username he tried to use: xxx
Password he tried to use: xxx (xxxxxxxxxxxxxxxxxxxx in encryption)

The IP address is: xx.xx.xx.xx

every time someone is trying to login to the admin cp with no success.

Have fun.

[Lethal]

works great!!! thanks firefly

[Airwaves]

It only sends me mail when someone tries accessing with an Admin user name

normal users and their passwords arent emailed
made up user names and passwords arent emailed either

can this be added in?

[Learner29]

what a cooooooool hack . thank you so much . lol.

[GsxrTony]

[QUOTE]Originally posted by Mutt
firefly, I've added alittle to your hack

Here's the chunk of code that needs to be added to 2 files

PHP Code:

            // email alert
            $ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
            $iphostname = @gethostbyaddr($ipaddress);
            if ($HTTP_COOKIE_VARS['bbuserid']) {
                $realuserid = $HTTP_COOKIE_VARS['bbuserid'];
                $realusername=$DB_site->query_first("SELECT username FROM user WHERE userid='$realuserid'");
                $MessageAddon .= "\nThier cookie identifys them as ".addslashes($realusername[username]."\n");
            }
            if ($sessionids=$DB_site->query("SELECT userid FROM session WHERE host='$ipaddress' AND userid>0 GROUP BY userid")) {
                while ($sessionid = $DB_site->fetch_array($sessionids)) {
                    $realusername=$DB_site->query_first("SELECT username FROM user WHERE userid='$sessionid[userid]'");
                    $MessageAddon .= "\nSessions identifys them as ".addslashes($realusername[username]);
                }
            }
            $message="Someone is trying to login to the $bbtitle control panel!\nThe Script was : $PHP_SELF\n\nUsername they tried to use: $loginusername\nPassword they tried to use: $loginpassword (".md5($loginpassword)." in encryption)\n\nThe IP address is: $ipaddress\nThe host is: $iphostname\n\nSearch for members using this ip\n $bburl/admin/user.php?action=doips&s=&ipaddress=$ipaddress\n$MessageAddon";
            mail($webmasteremail,"Warning: vBulletin Admin Login Attempted",$message,"From: \"$bbtitle Admin CP\" <$webmasteremail>");
            // email alert 


the first addition is in sessions.php as instructed by firefly

it goes right after

PHP Code:

 if (md5($loginpassword)!=$bbuserinfo[password]) { 


then second additon is in adim/global.php

and it goes right after

PHP Code:

$getperms=$DB_site->query_first("SELECT cancontrolpanel FROM user,usergroup WHERE user.usergroupid=usergroup.usergroupid AND user.userid='$bbuserinfo[userid]'");
if ($getperms[cancontrolpanel]!=1) { 


now you'll get an email like this



now the email gets sent for any incorect login instead of just ones with a correct username and wrong password. If they are somehow listed in sessions under multiple userids, (logged on and then logged on again under a second account) you'll get them all.

Firefly, thanks for this. I really like it and plan to keept expanding it. Security is key. I have a bunch of jerkoffs at my Stern site and have been pushing off upgrading it to VB until I had lots of admin tools like this little email notice.

I'll be doing something very similar to this which will be used to track multiple accounts.

Hey people, let me know if you have any problems with this

[Learner29]

> New at vBulletin.org!
> You can now reply to the thread by replying to this message

that is an amaaaaaasing great feature!!!!
vbulletin.org, you are real cool guys.

[Chris M]

And they know it...

Satan

[Learner29]

> And they know it...

LOL. Do you think those cool guys would tell me what hack is used to send
new posts by email???

[Chris M]

I dont think it is released...

If it is, then it is a well kept secret...

I think FireFly wanted it to be a vb.org exclusive, but I may be wrong...

Satan

[KarateKid]

@FireFly:

Do you release a new complete explanation for this hack in the first post in this thread?

[Jawelin]

I followed many of this long thread tips and now I have at least 5 different points where the email is launched...

To optimize code, I created a function mail2wm() within adminfunctions.php so I simply call it from everywhere passing some parameters...

So, I can receive many emails each time. A general question is: could I set, within that function, a global variable to tell the function itself it has already done its job ?
Sorry, but I'm not too good at php about globals and sessions... Actual question is: such a global variable will be unique for the entire board - each user - or only for that user set it up ?
First case, could I 'localize' any way that variable for that particular session ?

Thanks a lot, and sorry for the O-T.
Bye