Administrative and Maintenance Tools - Mail Admin When fail to login to admincp V2

hello

Please remember to Click Mark as Installed if you use this modification.

this simple plugin :
it will send you mail when someone try to login at your AdminCP.

How to Install

• Import XML file from your AdminCP
• Click Mark as Installed if you install it !

Control :

• AdminCP -> vBulletin Options -> Send message to Admin when fail to login to admincp options

Note : Arabic translation also attached

What 's new with version 2 :

• work any where not only AdminCP
• custom error message when try to login
• add HTTP_USER_AGENT !
• you can input any username when someone try to login you will mailed!

please remember to Mark it as installed if you like and Nominate for MOTM

[Domenico]

Quote:

Originally Posted by Delphiprogrammi

hi,

I just noticed the plugin author is using values directly from $_POST[] superglobal array.This is a bad programming attitude certainly without any form of sanitization this could lead to XSS security holes he should use

PHP Code:

$vbulletin->GPC['variablename'] 


at least this way you're sure the values being submitted are clean

Has this been fixed?

[lapiervb]

Can you add your mods names to the "Administrator usernames" and have it send you an email if somebody tries to login to their account as well?

[Christian_]

Thank you very much for the plugin, however I do have a question. Is it only my impression or does this plugin bypass the 5 strikes protection feature? If I try to login with wrong admin credentials at the top bar of the forum, I was able to enter passwords more than 5 times. I was always shown the predefined website that says my IP address was logged and sent to the admins, which is perfectly OK. I also received a mail every time the login attempt failed. But I'm not sure whether the 5 strikes protection mechanism is still in effect, since I wasn't shown this page.

[Marios858]

Excellent Modification , thanks , works fine on 4.1.5pli

[garethsp]

I like this mod worked well on latest version Thank you

[lapiervb]

Plugin doesnt seem to work with vb 4.1.10

[mgurain]

It's working on 4.2, but shouldn't this be upgraded ?

Regards,,

[Orfalopi]

Hi,

Nope, doesn't work,
I tried every suggestion as

Code:

http://www.FORUM.com/admincp/index.php

but it doesn't work !
Regrettable, because of security this could be a useful plugin.

Orfalopi

[AliMadkour]

sorry for my bad follow,
soon in days Version 2.5 with lot of customization

[Orfalopi]

Hi Ali

No problem and thanks for the response.
Meanwhile, I've managed to install the plugin.
(Just a small oversight on my part, which made that it didn't worked at first.)
Now it works perfectly on 4.1.12

Quote:

Originally Posted by Christian_

Thank you very much for the plugin, however I do have a question. Is it only my impression or does this plugin bypass the 5 strikes protection feature? If I try to login with wrong admin credentials at the top bar of the forum, I was able to enter passwords more than 5 times. I was always shown the predefined website that says my IP address was logged and sent to the admins, which is perfectly OK. I also received a mail every time the login attempt failed. But I'm not sure whether the 5 strikes protection mechanism is still in effect, since I wasn't shown this page.

I've noticed this too.
If I, lets say, enter 7 times in succession a wrong password for the Admin,
then I receive 7 messages in my mailbox.
So far so good.
But, when I look at the _strikes table in my database, I see no record of this event,
which means that the waiting time of 15 minutes after 5 incorrect login attempts is circumvented.
When a cracker tries to break in with password-cracking software,
the mailbox will be flooded with messages.
Because there is no restriction on the number of login attempts, the cracker can continue to enter passwords without delay.
Maybe you can implement something, with which the 5 times (failed) login limit is preserved.

Otherwise, a great plugin
Good work :up:

Orfalopi