Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 3.0 > vBulletin 3.0 Full Releases

Reply
 
Thread Tools
Email notification if someone attempts to access your Admin CP Details »»
Email notification if someone attempts to access your Admin CP
Version: 1.1, by EvilLS1 EvilLS1 is offline
Developer Last Online: May 2021 Show Printable Version Email this Page

Version: 3.0.5 Rating:
Released: 04-28-2004 Last Update: 01-07-2005 Installs: 239
 
No support by the author.

This is my version of the hack that Firefly released for VB2.

VB3's standard log of failed admincp login attempts is a nice feature.. but since you get no instant notification, by the time you check the log it could be too late. Also, the log doesn't show which passwords the potential intruder is trying... If someone is close to guessing my password I wanna know about it!

What does it do? With this hack, when someone tries to login to your admincp or modcp you'll get an email that contains the username they tried, the password they tried, their ip address, hostname, # of strikes, referer, script, and the date & time of the attempt.

It will look something like this:

Quote:
--------------------------------------------------
WARNING: Failed admin logon in vBulletin 3.0.1
--------------------------------------------------
Someone is trying to login to your Admin CP!

Username tried: JimbobJoe
Password tried: aCcEsS
IP Address: 67.13.27.156
Host: asd691917124.whatever.com
Strikes: 1/5
Referer: http://www.yoursite.com/forums/admincp/
Script: http://www.yoursite.com/forums/login.php
Date: Wednesday 28th of April 2004 07:50:02 AM
--------------------------------------------------
If the person who is attempting to access your CP happens to be registered & logged in, this line will also be included in the email:
Quote:
vBulletin has identified this user as: (intruder's real username here)
(Thanks to AlexanderT for the idea for this addon.)


Update (1-4-05): A couple of users have expressed concern about this mod sending a plaintext password over http for all logins. This update (v1.1) addresses that concern by only sending the password for cplogins. To update just re-do the first step in the instructions for your vbulletin version (the first edit to adminfunctions.php). Or if you'd prefer that the attempted password not be sent at all simply skip the edits to adminfunctions.php.

If you don't recieve an email when testing, make sure you have the webmaster email set in the admincp (vBulletin Options + Site Name / URL / Contact Details). Also, sometimes it takes a while for the email to arrive. So give it plenty of time before screaming "it doesn't work"..

Still not working? Read this!

Credits: Thanks to the original creator of this hack (Chen) for the idea, and thanks to Boofo for helping me test it.

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #152  
Old 01-08-2005, 03:42 AM
ozmazdaclub's Avatar
ozmazdaclub ozmazdaclub is offline
 
Join Date: Oct 2003
Posts: 136
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Excellent Hack!

Install Button > Click!
Reply With Quote
  #153  
Old 01-09-2005, 05:22 AM
therczone therczone is offline
 
Join Date: Sep 2003
Posts: 21
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Worked beautifully on my vB 3.0.5. I accidentally locked myself out for 15 minutes though. Any chance of making a hack, or an addon, that makes it so user id 1 cannot be locked out? Someone could go to your forum and try to log in 6 times and then you have to wait 15 minutes.

My idea would be that the hack would stop the person trying to login from continuing to attempt to login, but to NOT lock out the admin's account. It may seem stupid, but someone with your talent should be able to work something out?
Reply With Quote
  #154  
Old 01-09-2005, 01:58 PM
EvilLS1's Avatar
EvilLS1 EvilLS1 is offline
 
Join Date: Apr 2002
Location: Georgia, USA
Posts: 987
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by therczone
Worked beautifully on my vB 3.0.5. I accidentally locked myself out for 15 minutes though. Any chance of making a hack, or an addon, that makes it so user id 1 cannot be locked out? Someone could go to your forum and try to log in 6 times and then you have to wait 15 minutes.

My idea would be that the hack would stop the person trying to login from continuing to attempt to login, but to NOT lock out the admin's account. It may seem stupid, but someone with your talent should be able to work something out?
You could bypass it for the admins account but that would defeat the whole purpose of the strike system b/c if your not logged in it has no way of knowing if you're the admin or not.

You could do something like this, so that it doesn't give the admin strikes or lock him out when trying to login to the control panel as long as he's already logged into the board:

In includes/functions_login.php find:
Code:
function verify_strike_status($username = '')
{
	global $DB_site, $vboptions;

	$DB_site->query("DELETE FROM " . TABLE_PREFIX . "strikes WHERE striketime < " . (TIMENOW - 3600));

	if (!$vboptions['usestrikesystem'])
	{
		return 0;
	}
Replace it with:
Code:
function verify_strike_status($username = '')
{
	global $DB_site, $vboptions, $bbuserinfo;

	$DB_site->query("DELETE FROM " . TABLE_PREFIX . "strikes WHERE striketime < " . (TIMENOW - 3600));

	if (!$vboptions['usestrikesystem'] OR $bbuserinfo[usergroupid]==6)
	{
		return 0;
	}
Find:
Code:
// ###################### Start exec_strike_user #######################
function exec_strike_user($username = '', $strikes = 0)
{
	global $DB_site, $strikes, $vboptions;

	if (!$vboptions['usestrikesystem'])
	{
		return 0;
	}
Replace it with:
Code:
// ###################### Start exec_strike_user #######################
function exec_strike_user($username = '', $strikes = 0)
{
	global $DB_site, $strikes, $vboptions, $bbuserinfo;

	if (!$vboptions['usestrikesystem'] OR $bbuserinfo[usergroupid]==6)
	{
		return 0;
	}
With that change, if the admin is logged in to the forum but not the control panel it will not give him a strike for an incorrect cp login and shouldn't lock him out even if someone else has 5 strikes with his username. All other usergroups will still get a strike.

If you're not logged into the forum you'll still get a strike.

I didn't test it but it should work.

Thanks for verifying that this hack works with 3.0.5 btw.
Reply With Quote
  #155  
Old 01-11-2005, 03:50 PM
YabbaDabba YabbaDabba is offline
 
Join Date: May 2004
Posts: 122
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by therczone
Worked beautifully on my vB 3.0.5. I accidentally locked myself out for 15 minutes though. Any chance of making a hack, or an addon, that makes it so user id 1 cannot be locked out? Someone could go to your forum and try to log in 6 times and then you have to wait 15 minutes.

My idea would be that the hack would stop the person trying to login from continuing to attempt to login, but to NOT lock out the admin's account. It may seem stupid, but someone with your talent should be able to work something out?
Just set up a second admin account for yourself. I use 2 so that if one has a problem, I have a back door.
Reply With Quote
  #156  
Old 01-17-2005, 08:41 PM
Delphiprogrammi Delphiprogrammi is offline
 
Join Date: Feb 2004
Location: Landen(Belgium)
Posts: 1,335
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

well,

this hack works fine except for one little thing

Code:
Script: http://www.yoursite.com/forums/login.php
why isn't this line hypperlinked ?? this is bugging me i know just a rediculious detail but it's bugging me
Reply With Quote
  #157  
Old 01-17-2005, 08:47 PM
Eagle Creek's Avatar
Eagle Creek Eagle Creek is offline
 
Join Date: Jan 2004
Location: Netherlands
Posts: 742
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Delphiprogrammi
well,

this hack works fine except for one little thing

Code:
Script: http://www.yoursite.com/forums/login.php
why isn't this line hypperlinked ?? this is bugging me i know just a rediculious detail but it's bugging me
Uuhm then get it hyperlinked? <a href=...
Reply With Quote
  #158  
Old 01-17-2005, 10:56 PM
Mechanical Mind's Avatar
Mechanical Mind Mechanical Mind is offline
 
Join Date: Sep 2004
Location: USA
Posts: 107
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Installed. Not working.

1. Version 3.0.3 (patched init.php - twice)
2. vBadvanced hack
3. IBProarcade hack
4. vBquiz hack

Checked and tried everything (twice) listed in the "Checklist"... still no luck?

I have a question: my administrator folder IS NOT named "admincp", could this be the cause?

Thanks.
mm :nervous:
Reply With Quote
  #159  
Old 01-18-2005, 03:17 AM
EvilLS1's Avatar
EvilLS1 EvilLS1 is offline
 
Join Date: Apr 2002
Location: Georgia, USA
Posts: 987
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Mechanical Mind,
I don't think the name of the folder would have any effect on it but I could be wrong.

The only other thing I can think of is maybe one of the other hacks changes something which effects this hack. Since I don't use any of those myself I can't say for sure. You could try applying this hack to fresh un-modified files and see what happens.
Reply With Quote
  #160  
Old 01-18-2005, 03:20 AM
EvilLS1's Avatar
EvilLS1 EvilLS1 is offline
 
Join Date: Apr 2002
Location: Georgia, USA
Posts: 987
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Delphiprogrammi
well,

this hack works fine except for one little thing

Code:
Script: http://www.yoursite.com/forums/login.php
why isn't this line hypperlinked ?? this is bugging me i know just a rediculious detail but it's bugging me
Its not hyperlinked for two reasons:
1) Its not meant to be clicked on. That line is only there to show you where the intruder is attempting to login from.. i.e. your site or a remote script.
2) Not all email clients support HTML.
Reply With Quote
  #161  
Old 01-18-2005, 08:32 AM
Delphiprogrammi Delphiprogrammi is offline
 
Join Date: Feb 2004
Location: Landen(Belgium)
Posts: 1,335
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

oooh so i didn't do anything wrong i thought i did something wrong ok so i didn't anyway your hack worked fine with vb 3.0.3 & 3.04 & 3.0.5 i don't use any of those other either
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 03:01 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05227 seconds
  • Memory Usage 2,321KB
  • Queries Executed 25 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (7)bbcode_code
  • (6)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)pagenav_pagelinkrel
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete