Administrative and Maintenance Tools - [DBTech] vBSecurity v2 (vB3)

vBSecurity: What is it?
vBSecurity keeps a watchful eye over your forum even when you are not there, and has the capability to alert you of any suspicious activity.

Uses

vBSecurity is the ideal product for forums that are concerned about security, or wish to be alerted when something suspicious happens.
It keeps a watchful eye on your configuration file, ensuring that it does not get modified by mods or plugins.
Another important feature is the ability to add a secondary login, unique to each administrator, that is required before accessing the AdminCP. Ideal for forums where multiple administrators may share login information, or where administrators may log in from public computers.
Add in quick settings for the most vital vBulletin Options and Usergroup password settings, vBSecurity can easily be called one of the most comprehensive security suites for your vBulletin forum.

-------------------------------------------------------------------------------------------

If you like this mod please hit the button to the right ---->

Please remember to click the, button to the right if you installed the mod ---->

What does 'Marking As Installed' do ?

* It helps you to stay on top of updates - members who have installed modifications will be notified by us whenever new updates are available.

* For security issues - vbulletin.org will contact all members who have installed a modification whenever a security issue is brought to their attention.

* Marking a modification as installed also helps us know how many people are using our work, giving us extra incentive to provide more features and new modifications.

We appreciate the support!
-------------------------------------------------------------------------------------------

Priority support & Product Demos available at: http://www.dragonbyte-tech.com

-------------------------------------------------------------------------------------------

Translations available @ our forum
Support for translations handled by the translator in its respective threads only.

-------------------------------------------------------------------------------------------

Major Features
Administrator Security: .htaccess-like logins for your administrators means that even if they use the same password on multiple sites, malicious users still need a fresh, unique password to log in.

Security Watchers: Keep an eye on the most important aspects of vBulletin: config.php tampering, AdminCP / User Account access attempts, vBulletin Options, User Data, Usergroup Settings and Usergroup Permissions.
Detailed changelogs available for each watcher dealing with changes.
IP Ban, User Ban, Email alerts and temporary forum closure options available for each watcher individually.

Lite
* Searchable list of all AdminCP access attempts
* Searchable list of all failed login attempts
* Searchable list of administrator changes for areas governed by the Security Watchers
* vBOption: IP Address whitelist for AdminCP access
* vBOption: Separate "Closed Reason" for closures that happened due to potential security breaches
* Quick setting page for the most important vBulletin Options security settings
* Quick setting page for the most important Usergroup security settings
* Security Watchers: General - config.php Variable Tampering, AdminCP Access Attempts
* Security Watchers: Logins - Failed Logons, Failed Mass Logons
* Security Watchers: vBOptions - vBulletin Active, Reason For Turning vBulletin Off, Banned Email Addresses, Banned IP Addresses, Use Login "Strikes" System, Whitelisted IP Addresses, Whitelisted IP Addresses - Exclude Super Administrators
* Security Watchers: User Data - User Name, Password, Email, Primary Usergroup, Additional Usergroups, Reputation Level, Warnings, Infractions, Infraction Points, Receive Admin Emails
* Security Watcher Actions: 2 thresholds with individual configuration options, IP Ban / User Ban / Email Webmaster / Close Forum options available for each Watcher option listed above. Some watcher options may not have all actions.

Pro
* Optional .htaccess-like login on a per-administrator basis
* Settings Snapshots - take a "snapshot" of how the vBulletin Options look at the time, instant restore by clicking Load on a previous snapshot
* Security Watchers: Usergroup - Password Expiry, Password History, every usergroup permission group, every "value" permission
* IP Guard: Administrator IP Address authorisation scheme (similar to Steam Guard) - Require email verification for new IP addresses to access the AdminCP, per-administrator disable

-------------------------------------------------------------------------------------------
This mod displays a copyright notification in the footer of all pages which includes:

• 1 Link to DragonByte Technologies homepage
• 1 Link to Product Description page of this modification

[keharris53]

I'm already working on the update, thanks. I can handle that myself but if I have to also update MySql in the process that will be server side and there will be fees involved. Thanks!

[DragonByte Tech]

vBSecurity v3.3.0:
Feature: New option: Enable Account Breach Check
Feature: New option: Account Breach Check: Check Username

This mod has been updated to be brought in line with the XenForo version.

Fillip

[cheech47]

Hi,
Tried to install, had previous version before but had removed.
On Import received an error regarding global_complete.php
Need to edit path for config.php as i had changed this.
In AdminCP any options for this mod shows this sql error:

Code:

Invalid SQL:

		SELECT  administrator.*, 
			userfield.*, usertextfield.*, user.*, UNIX_TIMESTAMP(passworddate) AS passworddate, user.languageid AS saved_languageid,
			IF(user.displaygroupid=0, user.usergroupid, user.displaygroupid) AS displaygroupid,
			language.phrasegroup_global AS phrasegroup_global,
			language.phrasegroup_dbtech_vbsecurity AS phrasegroup_dbtech_vbsecurity,
			language.phrasegroup_cphome AS phrasegroup_cphome,
			language.phrasegroup_logging AS phrasegroup_logging,
			language.phrasegroup_threadmanage AS phrasegroup_threadmanage,
			language.phrasegroup_maintenance AS phrasegroup_maintenance,
			language.phrasegroup_banning AS phrasegroup_banning,
			language.phrasegroup_cpuser AS phrasegroup_cpuser,
			language.phrasegroup_cpoption AS phrasegroup_cpoption,
			language.phrasegroup_cppermission AS phrasegroup_cppermission,
			language.phrasegroup_diagnostic AS phrasegroup_diagnostic,
			language.phrasegroup_cpglobal AS phrasegroup_cpglobal,
			language.options AS lang_options,
			language.languagecode AS lang_code,
			language.charset AS lang_charset,
			language.locale AS lang_locale,
			language.imagesoverride AS lang_imagesoverride,
			language.dateoverride AS lang_dateoverride,
			language.timeoverride AS lang_timeoverride,
			language.registereddateoverride AS lang_registereddateoverride,
			language.calformat1override AS lang_calformat1override,
			language.calformat2override AS lang_calformat2override,
			language.logdateoverride AS lang_logdateoverride,
			language.decimalsep AS lang_decimalsep,
			language.thousandsep AS lang_thousandsep
			
		FROM user AS user
		LEFT JOIN userfield AS userfield ON (user.userid = userfield.userid)
		LEFT JOIN usertextfield AS usertextfield ON (usertextfield.userid = user.userid) LEFT JOIN administrator AS administrator ON (administrator.userid = user.userid) LEFT JOIN language AS language ON (language.languageid = IF(user.languageid = 0, 2, user.languageid)) 
		
		WHERE user.userid = 1;

MySQL Error   : Unknown column 'language.phrasegroup_dbtech_vbsecurity' in 'field list'

Any help? Cheers

[cataplasia]

I am confused by the purpose of the IP Address Verifier - can someone explain it to me? I tried it out with my VPN, and the 'Stored IP Address' changes to whatever IP I am currently browsing from, so how is this supposed to work?

[DragonByte Tech]

The download package has been updated to address a minor security vulnerability that could allow an attacker to inject code for their own user only (not other users) when viewing their currently active login sessions.

This vulnerability cannot be used to exploit your forum, this is not a critical vulnerability.

Fillip