Go Back   vb.org Archive > Community Discussions > Modification Requests/Questions (Unpaid)
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 04-23-2003, 04:08 AM
Rehtsel Rehtsel is offline
 
Join Date: Jan 2002
Posts: 2
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default securing admin cp

i got some security problems last time
i saw in the logs that some ips tried constantly to access my admin cp and it wasnt my or any other admins ip
so i tested the one mail-by-wrong-login hack by firefly, and hm ok i saw now, that someone try to bruteforce admin accounts passwords. i blocked the ip on the server then and what happened some hours later? ip changed and same thing again :/
ok im not totaly-stupid and tried to code a hack to automaticaly ban this users from the admin/index.phpm but everytime i screwed up something.
one try i was banned after 3 visits, other try i even cant login :/

woulrd be nice if someone can take this 10 mins and code a secure hack for this, im sure its usefull for more some more users here

required features:

-automaticaly banned after x (3 or 5 or so) failed logins attempts to admin cp AND failed logins into normal board
-if possible, banned from every script, if not, banned from index.php and admin/index.php
-banned ips stored in sql database (to clean them out, if needed)
-auto-unbanning after x hours (6,12,24 or so)

would-be-nice-but-not-absolutely-needed features:

-accessible in admin cp (manuel-banning and manuel-unbanning)
-email-report (ip, tried passes, time and link to search on board for ip) (+perhaps to more as 1 email)
-report stored in sql databse and visible on admin cp

thanks for reading and hopefully helping me

--Rehtsel--
Reply With Quote
  #2  
Old 04-23-2003, 08:21 AM
Logician's Avatar
Logician Logician is offline
 
Join Date: Nov 2001
Location: inside vb code
Posts: 4,449
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I wonder how you concluded that such a hack takes 10 min. to code? It is advanced with the features you are requesting and it sure takes much more than 10 min.

I suggest:
* change your password to a complex one like 65hr5ywcv.65
* In your password use chars that does not exist in English language like ???????????
* put a second password to your admin dir via .htaccess
* Trace attacker IP, find his ISP (unless he is using proxy) and complaint to them with your logs
Reply With Quote
  #3  
Old 04-23-2003, 03:50 PM
Rehtsel Rehtsel is offline
 
Join Date: Jan 2002
Posts: 2
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

hm ok, i thought that this little ban protection are only a few php lines. in my version it was only a php files, perhaps that was the reason why it doesnt work

and my password is more then 15 sign long with numbers and capital letters, but everytime i log in into admin cp i know again that it is long and complex :/
ok security needs some work, but if there are other possible solutions why dont try them?

and with htaccess i got several problems on my host. i believe that opera doesnt work well with my host and htaccess

and yes, he use proxy cause he can rapidly change his ip if i ban him manually from server


but ok if this hack is too complex and need to much time, i will try then other solutions - so thanks for reply that someone saw my post and said that its not so easy as i thought

--Rehtsel--
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 12:37 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03505 seconds
  • Memory Usage 2,175KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (3)post_thanks_box
  • (3)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (3)post_thanks_postbit_info
  • (3)postbit
  • (3)postbit_onlinestatus
  • (3)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete