The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
securing admin cp
i got some security problems last time
i saw in the logs that some ips tried constantly to access my admin cp and it wasnt my or any other admins ip so i tested the one mail-by-wrong-login hack by firefly, and hm ok i saw now, that someone try to bruteforce admin accounts passwords. i blocked the ip on the server then and what happened some hours later? ip changed and same thing again :/ ok im not totaly-stupid and tried to code a hack to automaticaly ban this users from the admin/index.phpm but everytime i screwed up something. one try i was banned after 3 visits, other try i even cant login :/ woulrd be nice if someone can take this 10 mins and code a secure hack for this, im sure its usefull for more some more users here required features: -automaticaly banned after x (3 or 5 or so) failed logins attempts to admin cp AND failed logins into normal board -if possible, banned from every script, if not, banned from index.php and admin/index.php -banned ips stored in sql database (to clean them out, if needed) -auto-unbanning after x hours (6,12,24 or so) would-be-nice-but-not-absolutely-needed features: -accessible in admin cp (manuel-banning and manuel-unbanning) -email-report (ip, tried passes, time and link to search on board for ip) (+perhaps to more as 1 email) -report stored in sql databse and visible on admin cp thanks for reading and hopefully helping me --Rehtsel-- |
#2
|
||||
|
||||
I wonder how you concluded that such a hack takes 10 min. to code? It is advanced with the features you are requesting and it sure takes much more than 10 min.
I suggest: * change your password to a complex one like 65hr5ywcv.65 * In your password use chars that does not exist in English language like ??????????? * put a second password to your admin dir via .htaccess * Trace attacker IP, find his ISP (unless he is using proxy) and complaint to them with your logs |
#3
|
|||
|
|||
hm ok, i thought that this little ban protection are only a few php lines. in my version it was only a php files, perhaps that was the reason why it doesnt work
and my password is more then 15 sign long with numbers and capital letters, but everytime i log in into admin cp i know again that it is long and complex :/ ok security needs some work, but if there are other possible solutions why dont try them? and with htaccess i got several problems on my host. i believe that opera doesnt work well with my host and htaccess and yes, he use proxy cause he can rapidly change his ip if i ban him manually from server but ok if this hack is too complex and need to much time, i will try then other solutions - so thanks for reply that someone saw my post and said that its not so easy as i thought --Rehtsel-- |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|