Administrative and Maintenance Tools - Security Token Notification

This simple mod logs security token erorrs to vBulletin PHP error log and optionally sends an E-Mail to the webmaster.

Example Log Entry

Code:

Missing or Invalid Security Token detected.

Script Call Backtrace
=====================
#0 C:\Programme\XAMPP Lite\htdocs\vb310\includes\functions.php line 2420: eval()
#1 C:\Programme\XAMPP Lite\htdocs\vb310\includes\init.php line 417: fetch_error(security_token_missing,ltr,sendmessage.php)
#2 C:\Programme\XAMPP Lite\htdocs\vb310\global.php line 20: require_once(C:\Programme\XAMPP Lite\htdocs\vb310\includes\init.php)
#3 C:\Programme\XAMPP Lite\htdocs\vb310\newthread.php line 49: require_once(C:\Programme\XAMPP Lite\htdocs\vb310\global.php)

POST Variables
===============
Array
(
    [do] => foo
    [f] => 3
    [forumid] => 3
    [securitytoken] => 
)

Request URI
===========
/vb368pl1/newthread.php?do=foo

Datum: 24.04.2008 11:36:08
Benutzername: Kirby
IP-Adresse: 127.0.0.1

If you do not know what this is about, you most likely won't need it

[Dannyloski]

^ Read the vB.com Announcements for 3.6.10 and 3.7.0 RC4 and you will know.

[akanevsky]

Very nice mod. Thanks, Andreas.

[mihai11]

Quote:

Originally Posted by Mike-D

Security Tokens are small Hardware Devices that owners carries to authorize access to a Network Service. That means: Security Tokens provide an extra level of assurance thru a method known as TFA (Two-Factor Authentication). In this case the user has a PIN (Personal Identification Number which authorizes them as the owner of that particular device. So the device then shows a number which uniquely identifies the user to the service and allowing them to log in. The identification number for each user is changed frequently, usually every 3 min's. See also Wikipedia

Thank you for taking the time to write this. I think I understand what this hack does.

Most probably, this is useless for the majority of the webmasters because few people are actually using a "security token".

[mihai11]

Quote:

Originally Posted by Trana

OK, clearly something significant occurred to necessitate 3.6.10. Can you guys not be so cryptic for the rest of us who are not up on what is going on?

How does this affect 3.6.10? How does this affect installed mods?

You need not worry about this hack if you are not using a security token. And even if you are using one, you don't need to worry about this hack if you don't want to record security token errors into some VBulletin log.

[JKatz]

Thank you!!!!!!! Just installed 3.6.10 today & was scrambling to find out what needs updates.

[Darat]

Quote:

Originally Posted by mihai11

You need not worry about this hack if you are not using a security token. And even if you are using one, you don't need to worry about this hack if you don't want to record security token errors into some VBulletin log.

No mihai11 this isn't the case.

To fix a potential security issue Jelsoft has released a new version of vBulletin (3.6.10) and this adds something they've called a "security token", once you've upgraded to 3.6.10 you may find some Mods you've added stop working and your users will see a message telling them the "security token" is missing. This Mod helps you track down which parts of your vBulletin system need to be updated to deal with the new "security token" Jelsoft has added.

[Jasem]

Thank you, Nice share

[Boofo]

Just curious here... if this supposed to be in the xml file twice like this?

Code:

 $backtrace = debug_backtrace();
 
 $backtrace = debug_backtrace();

[powerful_rogue]

Hi,

Where abouts can i find the error log?

[Jase2]

Great! Thank you.