The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
Email notification if someone attempts to access your Admin CP Details »» | |||||||||||||||||||||||||||||
Email notification if someone attempts to access your Admin CP
Developer Last Online: May 2021
This is my version of the hack that Firefly released for VB2.
VB3's standard log of failed admincp login attempts is a nice feature.. but since you get no instant notification, by the time you check the log it could be too late. Also, the log doesn't show which passwords the potential intruder is trying... If someone is close to guessing my password I wanna know about it! What does it do? With this hack, when someone tries to login to your admincp or modcp you'll get an email that contains the username they tried, the password they tried, their ip address, hostname, # of strikes, referer, script, and the date & time of the attempt. It will look something like this: Quote:
Quote:
Update (1-4-05): A couple of users have expressed concern about this mod sending a plaintext password over http for all logins. This update (v1.1) addresses that concern by only sending the password for cplogins. To update just re-do the first step in the instructions for your vbulletin version (the first edit to adminfunctions.php). Or if you'd prefer that the attempted password not be sent at all simply skip the edits to adminfunctions.php. If you don't recieve an email when testing, make sure you have the webmaster email set in the admincp (vBulletin Options + Site Name / URL / Contact Details). Also, sometimes it takes a while for the email to arrive. So give it plenty of time before screaming "it doesn't work".. Still not working? Read this! Credits: Thanks to the original creator of this hack (Chen) for the idea, and thanks to Boofo for helping me test it. Show Your Support
|
Comments |
#122
|
||||
|
||||
Quote:
As I said no worries. |
#123
|
||||
|
||||
I use HT Access on my ADMINCP DIR as well, but I installed this and tested it.
It works really well. Nice, Xrayhead |
#124
|
|||
|
|||
Excellent - thank you, works like a real charm. Clicked install
|
#125
|
|||
|
|||
Works well! Thanks a lot.
*Clicks Install* |
#126
|
|||
|
|||
Simply wonderful. I've always wondered about a hack like this. loe and behold it's here. I LOVE THIS PLACE>
|
#127
|
||||
|
||||
Clicked Installed! Tested OK on v3.0.3. Works like a charm! Asked a couple of friends (close) to try and log in (after I tested it first), and got the emails within 5 minutes. Now if we could only have it send out a message to your cellphone or pager, locate the user attempting to get into your Admincp, drag them before the "Court of Board Administrators", pronouce sentence on them, and string them up by their thumbs. :banana:
Great little hack EvilLS1! Thanks |
#128
|
|||
|
|||
Quote:
What this really does is remove security from vBulletin, instead of just sending the md5 hash which at least hides the original password. I modified this version of the hack and removed the reference to the password used from this version I was working on and I think the hack author should consider adjusting the version posted. |
#129
|
||||
|
||||
Well, actually from what i read inthe description is that, it shold send the tried password:
Quote:
so if you just mistyped your username, then no mail would be sent, as this user doesn't exist or is no admin, but if someone tries to hack into a real admin account, sending the passwords to this' accounts email wouldn't hurt. |
#130
|
||||
|
||||
Yes, its supposed to send the password with any failed cp logins attempted. If the username is mistyped it will still send the password but again this is only for cp logins. Only staff members should be trying to login from here anyway. It doesn't send anything for regular logins. If you'd rather have it send an encrypted password instead simply skip the edits to adminfunctions.php and use the vb_login_md5password variable instead of the one added with the hack.
|
#131
|
|||
|
|||
Well I at least think it should be mentioned in the first post and the install file. I wasn't really bothered about it emailing the admin, its the fact it went through a proxy server and travelled about on the net unencrypted.
I went out of my way for vB3 to remove all cases of plain text passwords being sent over the network and I was just a bit shocked to find this out. I automatically assumed that my password was fine since i saw it clear the input boxes onsubmit as expected. Is there a real purpose to telling them what the password is? Someone logged in with an admin username you have their IP and everything else, why does it matter if they typed in "bob" as the password. |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|