Version: 1.1, by EvilLS1
Developer Last Online: May 2021
Version: 3.0.5
Rating:
Released: 04-28-2004
Last Update: 01-07-2005
Installs: 239
No support by the author.
This is my version of the hack that Firefly released for VB2.
VB3's standard log of failed admincp login attempts is a nice feature.. but since you get no instant notification, by the time you check the log it could be too late. Also, the log doesn't show which passwords the potential intruder is trying... If someone is close to guessing my password I wanna know about it!
What does it do? With this hack, when someone tries to login to your admincp or modcp you'll get an email that contains the username they tried, the password they tried, their ip address, hostname, # of strikes, referer, script, and the date & time of the attempt.
It will look something like this:
Quote:
--------------------------------------------------
WARNING: Failed admin logon in vBulletin 3.0.1
--------------------------------------------------
Someone is trying to login to your Admin CP!
If the person who is attempting to access your CP happens to be registered & logged in, this line will also be included in the email:
Quote:
vBulletin has identified this user as: (intruder's real username here)
(Thanks to AlexanderT for the idea for this addon.)
Update (1-4-05): A couple of users have expressed concern about this mod sending a plaintext password over http for all logins. This update (v1.1) addresses that concern by only sending the password for cplogins. To update just re-do the first step in the instructions for your vbulletin version (the first edit to adminfunctions.php). Or if you'd prefer that the attempted password not be sent at all simply skip the edits to adminfunctions.php.
If you don't recieve an email when testing, make sure you have the webmaster email set in the admincp (vBulletin Options + Site Name / URL / Contact Details). Also, sometimes it takes a while for the email to arrive. So give it plenty of time before screaming "it doesn't work"..
After our former PHPbb board got hacked a few weeks ago, we decided to revert to vBulletin. And this hack is just the thing we need in case something like this happens again.
I have largish board (approaching a million posts) with thousands of posts/visits per day. To support that, I have admins and mods, of course, as well as super user groups with increased permission levels.
It would be useful if I could know about failed log-in attempts for all super-permission groups, regardless of log-in location. That is, if someone is trying to crack my admin pwd or the pwd of a mod by logging into the public forums, I would want to know about that too!
So, if I could track all failed log-ins, regardless of log-in point, for just certain, small groups, that would help. I don't care about the attempted pwd.
I have largish board (approaching a million posts) with thousands of posts/visits per day. To support that, I have admins and mods, of course, as well as super user groups with increased permission levels.
It would be useful if I could know about failed log-in attempts for all super-permission groups, regardless of log-in location. That is, if someone is trying to crack my admin pwd or the pwd of a mod by logging into the public forums, I would want to know about that too!
So, if I could track all failed log-ins, regardless of log-in point, for just certain, small groups, that would help. I don't care about the attempted pwd.
I have not installed this hack yet, but im about to...but this is a really good idea what you said, i would like to know if someone is trying to hack into for instance one of my members that are in the usergroup underground....so we could assign which usergroup to track.
Email notification if someone attempts to access your Admin CP Details »»
About Developer
Visit Web Site
No support by the author.
05-02-2005, 02:30 PM
