Administrative and Maintenance Tools - vB3.5 Email notification if someone attempts to access your Admin or Mod CP

vB3.5 Email notification if someone attempts to access your Admin or Mod CP
Version 1.0.1
(By Boofo)

What does this modification do?
When someone tries to login to your Admin CP or Mod CP, you will get an email that contains the username they tried, the password they tried, their IP address, hostname, number of strikes, referrer, script, and the date & time of the attempt. It also will now distinguish itself in the message subject between a failed Admin CP attempt and a failed Mode CP attempt, so you will know right off which CP they tried to login to.

NOTE: To alleviate anyone getting upset about plain text passwords being transmitted from the server, the ONLY time a plain text password is sent, is when it is a failed login attempt. It is not stored on the server anywhere and no hashed passwords are ever revealed to anyone. I think it's good to know if anyone is getting close to what my CP password is so I can change it if necessary.

Credits:
Thanks to EvilLS1 for making the vB 3.0 version of this modification on which this update is based and released with permission.

Version Information:
Version 1.0.0 --Initial release
Version 1.0.1 --Fixed user name being wrong on a user attempt.


Installation overview:
--------------------------------------
Files to edit: (2)
--incudes/adminfunctions.php
--login.php


What it looks like in the Mod CP when an anonymous users tries to login:

-----------------------------------------------------
Someone is trying to login to your Your Forums Mod CP!
-----------------------------------------------------
Username tried: Ned
Password tried: does this work?
IP Address: 1.123.23.4
Host: 1-123-23-4.some.name.com
Strikes: 4 out of 5
Referer: http://www.yoursite.com/forums/modcp/
Script: http://www.yoursite.com/forums/login.php
Date & Time: Monday, September 26th, 2005 at 8:22:29 am
-----------------------------------------------------

What it looks like in the Mod CP when a user from your site tries to login:

-----------------------------------------------------
Someone is trying to login to your Your Forums Mod CP!
-----------------------------------------------------
Username tried: Boofo
Password tried: does this work?
IP Address: 1.123.23.4
Host: 1-123-23-4.some.name.com
Strikes: 4 out of 5
Referer: http://www.yoursite.com/forums/modcp/
Script: http://www.yoursite.com/forums/login.php
Date & Time: Monday, September 26th, 2005 at 8:22:29 am
-----------------------------------------------------
USER ATTEMPT: Your Forums has identified this registered user as: Boofo

[Boofo]

Quote:

Originally Posted by Darkwaltz4

hmm, this is an interesting hack, but i assume it sends to the same email for every failed attempt

this could reveal to that email the password of one of the mods, who just accidentally mispelled their USERNAME on the login panel.

i dunno, but mods might not enjoy this, and this might be an idea: if a submitted username matches an existing username, then the email of that username is the one who recieves the email that way the user in question knows they were the one targeted. (and perhaps the 'main' email getting the truly perhaps random attempt notices)

edit: hmm, although that wouldnt fix the whole mispelled name + correct password thing hmm...

truly a touchy subject :-p

edit: furthermore, this cant check if a login attempt worked, but wasnt that user (fully understandable), so this could actually serve to further give out your password :-/

I explained the passsord reason in the first post. If the main Admin of your board cannot be trusted with the information if you make a mistake, then you really shouldn't be a Mod there anyway, right?

I think the main Admin should get an email if someone attempts to log in no matter what account is trying to be used. Your idea of sending an email to the username tried is an intersting idea, but only as long as it would be staff personel that had access to whatever CP was trying to be accessed.

How could it further give out your password if they make a successful login? You wouldn't get an email and no information would be sent. If they make a successful login, they would already know your passord. Duh?

[Darkwaltz4]

well of course, but anywhere where passwords are lying around in plaintext are troublesome if something is compromised (its happened to my email once). and also the untrustworthy admin thing :-p

well, yeah sorry i implied the 'and must be a mod/admin thing as well' :-p

im saying it could further give it out if its coupled with the whole compromised thing above. youd think this would be some sort of safeguard against logins who arent you, whereas its undetectable and yet posts your password in plaintext somewhere :-p hence the possibility of being negative on the whole.

im just helping to examine some vulnerabilities which can (and for me, have) arise

[Boofo]

The plain text password is not stored anywhere. It is only sent in the email. So there is no way for anyone to get it, because it isn't there.

[Darkwaltz4]

yes it is stored somewhere; in the email message, as plaintext :-p thats what i keep talking about. if this message is left in the email client, and the email account is compromised, then the hacker has a host of email messages containing login failures at their disposal, and can probably deduce correct passwords from common mistakes with logins (like mispelled name + correct password)

if they did this quietly, then they could use them to log into the CPs, and nobody would detect that - correct login :-p

[Boofo]

Well, I don't feel that way about it so if someone doesn't want to have the password in the email, they can comment the password line out in the code. Simple as that. Easy fix.

[Delphiprogrammi]

i was waiting for this ...

[Boofo]

The wait is over!

[Marco van Herwaarden]

/me moves Boofo up on his ignore list, oops he already was on top.
/me will from now on stay away from each board that is touched by Boofo

[Boofo]

I wish I had known that was all it took a long time ago.

[Delphiprogrammi]

hi,

I don't receive the warning email ... vbulletins mails function is working fine (i know for sure since i tested it => maintenance =>diagnostics =>email test) and no PHP errors are displayed anywhere so i goto my admincp and i enter wrong login and password but nope .. vbversion i'm using (look at the left side)