The Arcive of Official vBulletin Modifications Site.

About Developer · **Released**: 11-25-2001

Here's my version:

In sessions.php find this code:

Code:

    if (md5($loginpassword)!=$bbuserinfo[password]) {

right below it, add this code:

Code:

			$ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
			$iphostname = @gethostbyaddr($ipaddress);
			$message="Someone is trying to login using your admin account!\n\nUsername he tried to use: $loginusername\nPassword he tried to use: $loginpassword (".md5($loginpassword)." in encryption)\n\nThe IP address is: $ipaddress\nThe host is: $iphostname";
			mail($webmasteremail,"Warning: vBulletin Admin Login Tried",$message,"From: \"$bbtitle Admin CP\" <$webmasteremail>");

You will get a message:

Quote:

Someone is trying to login using your admin account!

Username he tried to use: xxx
Password he tried to use: xxx (xxxxxxxxxxxxxxxxxxxx in encryption)

The IP address is: xx.xx.xx.xx

every time someone is trying to login to the admin cp with no success.

Have fun.

Hooper · #42 11-29-2001, 02:02 AM

[QUOTE]Originally posted by timmiman
i had a problem, when i use the right password, he sends the email too! what do i wrong?

scopeman · #43 11-29-2001, 02:10 AM

o.k thank for your reply, i exactly look at the code again.

sorry for my bad english, i am a german boy

scopeman · #44 11-29-2001, 02:18 AM

ok i found the error. i had the code placed befor not behind the

if (md5($loginpassword)!=$bbuserinfo[password]) {

thanks for your 1a support here

Hooper · #45 11-29-2001, 02:21 AM

[QUOTE]Originally posted by timmiman
ok i found the error. i had the code placed befor not behind the

if (md5($loginpassword)!=$bbuserinfo[password]) {

thanks for your 1a support here

Lesane · #46 11-29-2001, 10:22 AM

Does anyone know where 2 put this in sessions.php of 2.0.3 because the 2.0.3 sessions.php doesnt have this line:

PHP Code:


			
    if (md5($loginpassword)!=$bbuserinfo[password]) {

GameCrash · #47 11-29-2001, 12:05 PM

This is because 2.0.3 didn't have password encryption... The line should be

PHP Code:


			
if ($loginpassword!=$bbuserinfo[password]) {

Lesane · #48 11-29-2001, 01:05 PM

[QUOTE]Originally posted by GameCrash
This is because 2.0.3 didn't have password encryption... The line should be

PHP Code:

if ($loginpassword!=$bbuserinfo[password]) {

VirtueTech · #49 12-08-2001, 08:27 PM

I don't think I need to install this hack if I use htaccess to protect the directory ..correct?

Because if they don't get past the HTACCESS then they won't be able to trip the code to email me.

JJR512 · #50 12-08-2001, 09:49 PM

You might want to use this hack anyway. If someone does manage to get past the .htaccess password block, you'll never know just from that. But unless you use the same password for the .htaccess block as you do for your admin account, after they break past the .htaccess block, they'll trip this hack next.

Prezident · #51 12-10-2001, 02:38 PM

I was just thinking about this the other night.

I have other directories on my webserver that are protected by .htaccess, and thought it would be nice to have people who were not able to authenticate within the 3 try limit to be sent to a custom error page that would also send me an email with some information about their IP address.

I know this is not related to vBulletin, but this hack is what got me thinking about that.

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.05887 seconds Memory Usage 2,305KB Queries Executed 25 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (2)bbcode_code (3)bbcode_php (1)bbcode_quote (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)modsystem_post (1)navbar (6)navbar_link (120)option (1)pagenav (1)pagenav_curpage (4)pagenav_pagelink (1)pagenav_pagelinkrel (11)post_thanks_box (11)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (11)post_thanks_postbit_info (10)postbit (11)postbit_onlinestatus (11)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start pagenav_page pagenav_complete tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!