Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 3.5 > vBulletin 3.5 Add-ons

Reply
 
Thread Tools
Cracker Tracker Details »»
Cracker Tracker
Version: 1.0.2, by Onur Onur is offline
Developer Last Online: Apr 2015 Show Printable Version Email this Page

Version: 3.5.4 Rating:
Released: 03-09-2006 Last Update: 05-15-2006 Installs: 84
Uses Plugins
Additional Files  
No support by the author.

CrackerTracker

this is a port from the standalone system of the Cback.de CrackerTracker (was original made for phpBB) to an Product for vB
  • Description
    this hack search in the requeststring for definied codeparts, is found any hit the skript was die and send a little massage
    in addition of security this simply skript discharged the server by automatic attacks from botskripts if the definations have a hit in the requests
  • Instructions
    Install
    • upload the /elog/ directory and set the CHMOD of counter.txt and logfile_injects.txt to 666, this is only to log blocked requests
      if you not want to have writeable files on youre server this hack works without logging too and you can leave this part
    • at last install the CrackerTracker100-product.xml
    Update
    • uninstall product of v100
    • reinstall new product of v101
    Uninstall
    • uninstall the CrackerTracker100-product.xml
    • upload thedelete /elog/ directory
  • Credits & Information
    i have only port this hack to a Plugin
    Authorof the Hack is Cback from www.cback.de
    only restraint of Cback is the Copyright in the footer

    (i hope my english was understandable )


  • History
    • 10/03/06 Release 1.0.0
    • 15/05/06 Release 1.0.1
      • new searchpattern and handfull old replaced
      • little codemodifications
    • 15/05/06 Release 1.0.2
      • one typo in list (missing ",")

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #22  
Old 04-17-2006, 07:30 AM
Devil Woman Devil Woman is offline
 
Join Date: Jul 2005
Location: England
Posts: 390
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thankyou
Reply With Quote
  #23  
Old 04-20-2006, 08:38 PM
H@K@N H@K@N is offline
 
Join Date: Dec 2004
Location: Dortmund
Posts: 75
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Have a Security Alert if i use vBadvanced CMPS and try to add a Module.

The Link is following:
http://www.domain.com/admincp/vba_cm...&type=php_file

What should i change, to let the System add Modules ?

th@nks
Reply With Quote
  #24  
Old 04-26-2006, 04:05 PM
sandalwood sandalwood is offline
 
Join Date: Mar 2006
Posts: 35
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Onur
@sandalwood
1. no, on this hook are no userinfo avalible
2. this is possible at next release
ok i understand, thats too bad. though the ip address is known, and only one user will have been logged in using that ip address at that time, so perhaps you can somehow set another hook later so WHEN we do know the username, you can have a little check in there that will record it to file.

i know this would only matter for attacks from users, and that many attacks are not even from users, or from people who never log in. but some are

when the incident happens, record what we know, perhaps with ip address, and the set a variable like "intrusion_detected = 1" sort of thing. then in a separate hook at some point where we know the user logged in and we have username, check that variable, and if intrusion_detected is set, then record their username/ip to the file, so that way we can cross-reference it or something.

isn't there some kind of global variable that can be used? how does that work.

also, even if you can't do the second part, why not record the IP address at least. that way we can manually cross reference it, just search for the ip in the admin console and that will show us what user(s) have used that ip.

thanks

ps. this has never tripped for me except in testing. i guess most attacks are not in the URL part but in post string.
Reply With Quote
  #25  
Old 04-27-2006, 09:51 PM
SweetHome's Avatar
SweetHome SweetHome is offline
 
Join Date: Jan 2006
Location: turkey-istanbul
Posts: 24
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Hi
onur hocam bu eklenti hakkında saldırıları engelliyor gibisinden duyumlar aldık
Bu hack forum hacklama icin kullanilan bircok tehliklei scriptleri önlüyor hemde daha database ulasmadan önlüyor.
Böylece hem sunucunun gereksiz yere mesgul edilmesini hemde bircok tehlikle scriptlerin databaseinizi cökertmesii önleyen cok iyi bir korunma yöntemi.


bu şekilde bir arkadaş konu açtı vb turkiye'de yardımclı olup ne işe yaradığı hakkında türkçe açıklamasını yaparsan sevinirim..
kolay gelsin
Reply With Quote
  #26  
Old 05-13-2006, 11:57 PM
Webdude? Webdude? is offline
 
Join Date: Jan 2002
Posts: 48
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

<a href="https://vborg.vbsupport.ru/showthread.php?threadid=115351" target="_blank">https://vborg.vbsupport.ru/showt...hreadid=115351</a>

CrackerTracker is blocking this plugin... how do I allow the linked plugin?
Reply With Quote
  #27  
Old 05-14-2006, 06:15 AM
Onur Onur is offline
 
Join Date: Oct 2005
Posts: 13
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Webdude™
https://vborg.vbsupport.ru/showthrea...hreadid=115351

CrackerTracker is blocking this plugin... how do I allow the linked plugin?
what blockstring was displayed, or look into /elog/logfile_injects.txt and post the list of strings, so i can search the request was blocked
Reply With Quote
  #28  
Old 05-14-2006, 01:07 PM
Webdude? Webdude? is offline
 
Join Date: Jan 2002
Posts: 48
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

1147567050,130506,24.182.112.118,u=17&admin_log_in _as_user=17,Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322)
Reply With Quote
  #29  
Old 05-15-2006, 08:07 PM
Onur Onur is offline
 
Join Date: Oct 2005
Posts: 13
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Version 1.0.1 added

some little changes and the searchpattern was now compatible to some hacks (i hope *g*)
Reply With Quote
  #30  
Old 05-15-2006, 08:35 PM
Lover1 Lover1 is offline
 
Join Date: Mar 2006
Location: Germany
Posts: 12
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I did install that and i got this, when entering the ACP:

Code:
Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING, expecting ')' in /xxx/xxx/htdocs/board/includes/init.php(292) : eval()'d code on line 34
:cross-eyed:

There is NOW no possibility to uninstall that, because i cant enter the acp.

Kannste mir da mal helfen bitte ?
Reply With Quote
  #31  
Old 05-15-2006, 09:16 PM
redlabour's Avatar
redlabour redlabour is offline
 
Join Date: Mar 2004
Location: Wuppertal, NRW, Germany
Posts: 1,541
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

?ber dem Forum und Portal steht nun auch :

Quote:
Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING, expecting ')' in /poltbofu/www.politikstube.de/forum/includes/init.php(292) : eval()'d code on line 81
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 01:32 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04977 seconds
  • Memory Usage 2,303KB
  • Queries Executed 25 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)bbcode_code
  • (3)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete