Get an e-mail if someone is trying to access your Admin CP (With IP address)

Here's my version:

In sessions.php find this code:

Code:

    if (md5($loginpassword)!=$bbuserinfo[password]) {

right below it, add this code:

Code:

			$ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
			$iphostname = @gethostbyaddr($ipaddress);
			$message="Someone is trying to login using your admin account!\n\nUsername he tried to use: $loginusername\nPassword he tried to use: $loginpassword (".md5($loginpassword)." in encryption)\n\nThe IP address is: $ipaddress\nThe host is: $iphostname";
			mail($webmasteremail,"Warning: vBulletin Admin Login Tried",$message,"From: \"$bbtitle Admin CP\" <$webmasteremail>");

You will get a message:

Quote:

Someone is trying to login using your admin account!

Username he tried to use: xxx
Password he tried to use: xxx (xxxxxxxxxxxxxxxxxxxx in encryption)

The IP address is: xx.xx.xx.xx

every time someone is trying to login to the admin cp with no success.

Have fun.

[squawell]

oh~~thankz FireFly

this hack is my looking for~~

[Goldfinger]

Nice hack firefly .

[-=dm=-]

hmm it dont works for me.

btw what to do if u get the email with that message.

[Mincer]

Many thanks Chen, yet again a great bit of work.

[QUOTE]Originally posted by -=dm=-
btw what to do if u get the email with that message.

[-=dm=-]

very funny

man Im seriouse what to do? (actually there is nothing u can do)

[JJR512]

Hopefully with the IP, you can trace it to one of your members and ask them what's up. If the IP doesn't belong to a current member, and it happens more than once, you should consider banning that IP from the board. I would personally take it one step further and block that IP out of the entire site by doing a deny from statement in the .htaccess file.

[JJR512]

I've made a slight modification to this hack, so that the email also includes not only the IP name, but the host name as well.

This is the code to add:

Code:

			$ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
			$iphostname = @gethostbyaddr($ipaddress);
			$message="Someone is trying to login using your admin account!\n\nThe IP address is: $ipaddress\nThe host is: $iphostname";
			mail($webmasteremail,"Warning: vBulletin Admin Login Tried",$message,"From: \"$bbtitle Admin CP\" <$webmasteremail>");

FireFly, if you like you can put that into your "official" version, or if you have any suggestions to improve what I did, please let me know.

[Syphin]

Great hack.. ^^

But i just have my whole admin folder password protected... So i dont think this would help me... >_<

-Syphin

[almightyone]

if ya got htaccess installed this wouldnt do much good would it? or does this send the info upon them entering username and a pw or if they try to access it period i use htaccess to protect my directory

[MarkB]

Works great! Thanks FlyingFlea!