Get an e-mail if someone is trying to access your Admin CP (With IP address)

Here's my version:

In sessions.php find this code:

Code:

    if (md5($loginpassword)!=$bbuserinfo[password]) {

right below it, add this code:

Code:

			$ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
			$iphostname = @gethostbyaddr($ipaddress);
			$message="Someone is trying to login using your admin account!\n\nUsername he tried to use: $loginusername\nPassword he tried to use: $loginpassword (".md5($loginpassword)." in encryption)\n\nThe IP address is: $ipaddress\nThe host is: $iphostname";
			mail($webmasteremail,"Warning: vBulletin Admin Login Tried",$message,"From: \"$bbtitle Admin CP\" <$webmasteremail>");

You will get a message:

Quote:

Someone is trying to login using your admin account!

Username he tried to use: xxx
Password he tried to use: xxx (xxxxxxxxxxxxxxxxxxxx in encryption)

The IP address is: xx.xx.xx.xx

every time someone is trying to login to the admin cp with no success.

Have fun.

[trainer]

i can get it to work but can't get the usernames from the cookie file to appear. that would be a really sweet feature so it would be easy to identify exactly who it is

[pdaGuy]

Hmm.. this is totally strange. How come it works for me ? aranoid:
This is the email that I get if someone tries to login on the admin panel with a wrong password.

[QUOTE]Someone is trying to login using your admin account!
The Script was :

Username they tried to use: test
Password they tried to use: test (098f6bcd4621d373cade4e832627b4f6 in encryption)

The IP address is: XXX.X.XX.XX
The host is: XXX.XXXXX.com

Search for members using this ip .php?action=doips&s=&ipaddress=XXX.XXXXX.com

Sessions identifys them as Thier cookie identifys them as Array

[Liz]

I just have a quick question. Seeing how I don't have a "webmaster@yadda-yadda.com" email, can I put a different email in instead of the webmaster one?

<$webmasteremail>");

like...could I put:
<$myemailaddress>");

would that work? Or is it some special coding? Thanks!

[JJR512]

$webmasteremail represents whatever you put in your board's Admin CP on the vBulletin Options page in the Contact Details section on the line for Webmaster's email. Whatever you have there is where an email to $webmasteremail will go.

[Liz]

Thanks for your fast reply.
I put the hack in, and then took it out.
Now when I go to log into the CP it says

Warning: Cannot add header information - headers already sent by (output started at /home/xxxbo/public_html/admin/sessions.php:399) in /home/xxx-bo/public_html/admin/global.php on line 136

Warning: Cannot add header information - headers already sent by (output started at /home/xxx-bo/public_html/admin/sessions.php:399) in /home/xxx-bo/public_html/admin/global.php on line 162

Hang on a sec

and then it brings me back to the login page...
HELP!!

[JJR512]

The problem is with your sessions.php file. The error message says that, plus that's the only file edited by this hack. If you put this hack in, then took it out, and didn't do ANYthing else at all, then most likely you didn't take out the hack code properly. I don't know what else could be. Do you have a backup copy of sessions.php to try?

[Mutt]

use this one

PHP Code:

            // email alert
            $ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
            $iphostname = @gethostbyaddr($ipaddress);
            if ($HTTP_COOKIE_VARS['bbuserid']) {
                $realuserid = $HTTP_COOKIE_VARS['bbuserid'];
                $realusername=$DB_site->query_first("SELECT username FROM user WHERE userid='$realuserid'");
                $MessageAddon .= "\nThier cookie identifys them as ".addslashes($realusername[username]."\n");
            }
            if ($sessionids=$DB_site->query("SELECT userid FROM session WHERE host='$ipaddress' AND userid>0 GROUP BY userid")) {
                while ($sessionid = $DB_site->fetch_array($sessionids)) {
                    $realusername=$DB_site->query_first("SELECT username FROM user WHERE userid='$sessionid[userid]'");
                    $MessageAddon .= "\nSessions identifys them as ".addslashes($realusername[username]);
                }
            }
            $message="Someone is trying to login using your admin account!\nThe Script was : $PHP_SELF\n\nUsername they tried to use: $loginusername\nPassword they tried to use: $loginpassword (".md5($loginpassword)." in encryption)\n\nThe IP address is: $ipaddress\nThe host is: $iphostname\n\nSearch for members using this ip\n $bburl/admin/user.php?action=doips&s=&ipaddress=$ipaddress\n$MessageAddon";
            mail($webmasteremail,"Warning: vBulletin Admin Login Attempted",$message,"From: \"$bbtitle Admin CP\" <$webmasteremail>");
            // email alert 


Updates

correctly idenifies user via sessions and cookie
it also idetifies which script they were trying to access.

this currently only produces an email when an admin username is used with the incorrect password. I'm going to dig a little and try and get it to work for all incorrect admin logins

[Mutt]

firefly, I've added alittle to your hack

Here's the chunk of code that needs to be added to 2 files

PHP Code:

            // email alert
            $ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
            $iphostname = @gethostbyaddr($ipaddress);
            if ($HTTP_COOKIE_VARS['bbuserid']) {
                $realuserid = $HTTP_COOKIE_VARS['bbuserid'];
                $realusername=$DB_site->query_first("SELECT username FROM user WHERE userid='$realuserid'");
                $MessageAddon .= "\nThier cookie identifys them as ".addslashes($realusername[username]."\n");
            }
            if ($sessionids=$DB_site->query("SELECT userid FROM session WHERE host='$ipaddress' AND userid>0 GROUP BY userid")) {
                while ($sessionid = $DB_site->fetch_array($sessionids)) {
                    $realusername=$DB_site->query_first("SELECT username FROM user WHERE userid='$sessionid[userid]'");
                    $MessageAddon .= "\nSessions identifys them as ".addslashes($realusername[username]);
                }
            }
            $message="Someone is trying to login to the $bbtitle control panel!\nThe Script was : $PHP_SELF\n\nUsername they tried to use: $loginusername\nPassword they tried to use: $loginpassword (".md5($loginpassword)." in encryption)\n\nThe IP address is: $ipaddress\nThe host is: $iphostname\n\nSearch for members using this ip\n $bburl/admin/user.php?action=doips&s=&ipaddress=$ipaddress\n$MessageAddon";
            mail($webmasteremail,"Warning: vBulletin Admin Login Attempted",$message,"From: \"$bbtitle Admin CP\" <$webmasteremail>");
            // email alert 


the first addition is in sessions.php as instructed by firefly

it goes right after

PHP Code:

 if (md5($loginpassword)!=$bbuserinfo[password]) { 


then second additon is in adim/global.php

and it goes right after

PHP Code:

$getperms=$DB_site->query_first("SELECT cancontrolpanel FROM user,usergroup WHERE user.usergroupid=usergroup.usergroupid AND user.userid='$bbuserinfo[userid]'");
if ($getperms[cancontrolpanel]!=1) { 


now you'll get an email like this

[QUOTE]Someone is trying to login to your control panel!
The Script was : /forum/admin/index.php

Username they tried to use: xxxxxxxx
Password they tried to use: xxxxxx (d344c7e7f54ac73cf730fd91faf6391b in encryption)

The IP address is: xx.xx.xx.xx
The host is: xxxxxxxxxxxxxxx

Search for members using this ip
http://yoursite.com/forum/admin/user...ss=xx.xx.xx.xx

Thier cookie identifys them as xxxxxxx

Sessions identifys them as xxxxxxxxxx

[Liz]

[QUOTE]Originally posted by JJR512
The problem is with your sessions.php file. The error message says that, plus that's the only file edited by this hack. If you put this hack in, then took it out, and didn't do ANYthing else at all, then most likely you didn't take out the hack code properly. I don't know what else could be. Do you have a backup copy of sessions.php to try?

[BlueWolf]

Can you make this with your vbhack installer?

makes life easier!