Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 3.6 > vBulletin 3.6 Add-ons

Reply
 
Thread Tools
Multiple account login detector (AE Detector) Details »»
Multiple account login detector (AE Detector)
Version: 1.00, by MPDev MPDev is offline
Developer Last Online: Dec 2016 Show Printable Version Email this Page

Category: Administrative and Maintenance Tools - Version: 3.6.0 Rating:
Released: 09-04-2006 Last Update: Never Installs: 1908
 
No support by the author.

Mod of the Month winner!
Top 10 most installed mods for vB3.6!

Same plug-in found here:

https://vborg.vbsupport.ru/showthread.php?t=107566

There are no differences as this plug-in works with both 3.5 and 3.6 versions of vBulletin.


If you are like me and migrated from .threads, a common modification was an "AE detector", a simple mod that saved a cookie of a history of ids logged into on your site. If someone logged into more than one account, you got a PM letting you know that your site was being accessed from multiple accounts.

Over the years this was very helpful in identifying users who were posting under multiple accounts (alter-egos!) and users who would return after being banned.

You might be wondering why I don't use the vbcookie call - well, thats because on logout all vB cookies are cleared, so we need to store a cookie that is not effected by the login/logout process.

New Installation
1. Add New Product with attached XML
2. Go to vBulletin Options -> AE Multiple Login Detection Settings and set your specific settings.

Time to install: Easy - 2 minutes.

Upgrade
If you installed this as a Plug-in manually, you can delete that plugin and install this Product, just make sure to go into the Options and set them accordingly.

I hope you find this useful and will click INSTALL if you use it; should it prove useful to enough people I can look at making this installation more automated without the need for edits and an Admin Options page.

To upgrade you will want to reimport this XML file and edit your options accordingly.

1.0.3
-----
. Added a check to ensure that users weren't deleted when reporting violations
. added htmlspecialchars_uni call to username

Note: I am unable to get the call to construct_phrase with $vbphrase['multiplelogin_alert'] to work reliably, as such the $message variable is still set manually inside the plug-in and not via the phrase. If anyone has an idea of why this might not always work, I'm all ears.

1.0.2
-----
. Updated to include exclusion groups, users
. Changed so PM is sent by ae sender id

1.0.1
-----
. Released as a Product (thank you PHPGeek2k3 for your help)
. Added option to post to a forum versus send a PM (or both)
. All settings moved into Admin Option

1.0.0
-----
Initial release.

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.
Благодарность от:
too_cool_3

Comments
  #472  
Old 06-22-2008, 04:55 PM
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Location: Des Moines, IA (USA)
Posts: 15,776
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I think he is pulling your chain on this hack being the exploit. He got in another way and is directing you to this hack so you won't look elsewhere.
Reply With Quote
  #473  
Old 06-22-2008, 04:57 PM
Bubble #5 Bubble #5 is offline
 
Join Date: Apr 2005
Posts: 984
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thank you for the warning Frank. We'll be removing this hack until the issue is resolved.
Reply With Quote
  #474  
Old 06-22-2008, 04:59 PM
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Location: Des Moines, IA (USA)
Posts: 15,776
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

There is no issue with this hack.
Reply With Quote
  #475  
Old 06-22-2008, 05:00 PM
KURTZ KURTZ is offline
 
Join Date: Nov 2006
Location: Italy
Posts: 2,257
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

folks, if this hack has an exploit the Crew put this onto the graveyard ...
Reply With Quote
  #476  
Old 06-22-2008, 05:01 PM
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Location: Des Moines, IA (USA)
Posts: 15,776
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

And it would have showed up way before now. I trust Michael's code.
Reply With Quote
  #477  
Old 06-22-2008, 05:01 PM
FRANKTHETANK 2 FRANKTHETANK 2 is offline
 
Join Date: Sep 2006
Posts: 364
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Boofo View Post
I think he is pulling your chain on this hack being the exploit. He got in another way and is directing you to this hack so you won't look elsewhere.
All i know is it's better safe than sorry. I feel horrible for posting that this hack has an exploit but it does. I have actually seen the exploit in .txt format when he did remote desktop with me earlier today. He didn't mean to shut down the server he said. But who knows if he really did mean to. He has been banned but, i suggest disabling it for now if you have it uploaded to your site.
Reply With Quote
  #478  
Old 06-22-2008, 05:04 PM
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Location: Des Moines, IA (USA)
Posts: 15,776
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

If you have seen the exploit, please PM me with the proof and I will gladly eat my words. Otherwise, it is not right to label a hack as having exploits unless you can prove it.
Reply With Quote
  #479  
Old 06-22-2008, 05:04 PM
KURTZ KURTZ is offline
 
Join Date: Nov 2006
Location: Italy
Posts: 2,257
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Frank if you're sure about this, tell what you know to Marco, Paul or someone ... you cannot came here with these posts ...
Reply With Quote
  #480  
Old 06-22-2008, 05:04 PM
Videx's Avatar
Videx Videx is offline
 
Join Date: Feb 2007
Posts: 3,085
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I sort of agree. You're misinterpreting the AE Detector output for the problem, when it's only doing what you asked it to.

It could be a lot of exploits. Have you checked versions and updated everything like vbulletin, PHP and MySQL?

And - it should go without saying, but change ALL your passwords.
Reply With Quote
  #481  
Old 06-22-2008, 05:05 PM
KURTZ KURTZ is offline
 
Join Date: Nov 2006
Location: Italy
Posts: 2,257
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Boofo View Post
If you have seen the exploit, please PM me with the proof and I will gladly eat my words. Otherwise, it is not right to label a hack as having exploits unless you can prove it.
exactly!
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 10:50 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.08512 seconds
  • Memory Usage 2,307KB
  • Queries Executed 25 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (2)pagenav_pagelinkrel
  • (11)post_thanks_box
  • (1)post_thanks_box_bit
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete