Email notification if someone attempts to access your Admin CP

This is my version of the hack that Firefly released for VB2.

VB3's standard log of failed admincp login attempts is a nice feature.. but since you get no instant notification, by the time you check the log it could be too late. Also, the log doesn't show which passwords the potential intruder is trying... If someone is close to guessing my password I wanna know about it!

What does it do? With this hack, when someone tries to login to your admincp or modcp you'll get an email that contains the username they tried, the password they tried, their ip address, hostname, # of strikes, referer, script, and the date & time of the attempt.

It will look something like this:

Quote:

--------------------------------------------------
WARNING: Failed admin logon in vBulletin 3.0.1
--------------------------------------------------
Someone is trying to login to your Admin CP!

Username tried: JimbobJoe
Password tried: aCcEsS
IP Address: 67.13.27.156
Host: asd691917124.whatever.com
Strikes: 1/5
Referer: http://www.yoursite.com/forums/admincp/
Script: http://www.yoursite.com/forums/login.php
Date: Wednesday 28th of April 2004 07:50:02 AM
--------------------------------------------------

If the person who is attempting to access your CP happens to be registered & logged in, this line will also be included in the email:

Quote:

vBulletin has identified this user as: (intruder's real username here)

(Thanks to AlexanderT for the idea for this addon.)


Update (1-4-05): A couple of users have expressed concern about this mod sending a plaintext password over http for all logins. This update (v1.1) addresses that concern by only sending the password for cplogins. To update just re-do the first step in the instructions for your vbulletin version (the first edit to adminfunctions.php). Or if you'd prefer that the attempted password not be sent at all simply skip the edits to adminfunctions.php.

If you don't recieve an email when testing, make sure you have the webmaster email set in the admincp (vBulletin Options + Site Name / URL / Contact Details). Also, sometimes it takes a while for the email to arrive. So give it plenty of time before screaming "it doesn't work"..

Still not working? Read this!

Credits: Thanks to the original creator of this hack (Chen) for the idea, and thanks to Boofo for helping me test it.

[EvilLS1]

Quote:

Originally Posted by SexyGal

How do you install hacks?

How to Install vBulletin Hacks - Guide for Newbies

[Zelda-King]

I'm glad the username thing has been added. It was on the vB2 version.

[SnowBot]

Great, now it shows the registered & logged in part it realy makes it complete

Fantastic hack and one that should be a standard vb feature, it adds abit of security to things Always a good idea though is to keep changing your password.

[SnowBot]

[high]* SnowBot clicks install. I love the way its done, so easy also.
[/high]

Code:

 

Someone is trying to login to your admincp!

 

Username tried: biggerboo 

Password tried: testing123 

IP Address: *.*.*.36

Host: ***-*****.*****.***.net

Strikes: 1/5

Referer: http://www.synergyforums.com/forum/admincp/index.php?

Script: http://www.synergyforums.com/forum/login.php

Date: Friday 30th of April 2004 12:33:11 AM

IP + Host removed.

[Ocean]

I'm having a curious problem trying to get this to work in vB 3.01.


I first tried this on my Test Board - and everything worked fine. I tweaked the email message for spacing - but ultimately, it worked as I wanted it to.

Then I applied the hack to my primary vB site. Everything should be exactly the same. However, I'm having two oddities:


1. The Attempted Password is not shown. The field name shows - but no password is listed.

2. It's not Identifying vB Users at all. This field just doesn't even show up - exactly as if it couldn't tell that anyone was logged in. And yes, I made sure that I was logged in at the time - so it should have listed me.


Any ideas?

[Ocean]

Update - after completely shutting down my browser and going back in - everything works now.

Strange, yes? Perhaps it had something to do with the cookies from the two vB boards (although they did have different prefixes).


As a seperate question, though - since this hack does something extra with the entered password before submitting it through the MD5 Hash - is there any additional security risk? Do normal or AdminCP logins end up with a cleartext copy of the password floating around anywhere?

[AlexanderT]

*install*

[EvilLS1]

Quote:

Originally Posted by Ocean

Update - after completely shutting down my browser and going back in - everything works now.

Strange, yes? Perhaps it had something to do with the cookies from the two vB boards (although they did have different prefixes).


As a seperate question, though - since this hack does something extra with the entered password before submitting it through the MD5 Hash - is there any additional security risk? Do normal or AdminCP logins end up with a cleartext copy of the password floating around anywhere?

Glad you got it working. To answer your question: No, the only place the attempted password gets passed to is the webmaster's email, and even then only if its incorrect. This has no effect on regular logins.

[Xtreame]

great hack. *click Install*

[Bulent Tekcan]

My board is 3.0.1 but not working....Everything is OK,webmaster mail is OK but not working...

Anybody send me 2 modified files ?

Thanks