Version: 1.1, by EvilLS1
Developer Last Online: May 2021
Version: 3.0.5
Rating:
Released: 04-28-2004
Last Update: 01-07-2005
Installs: 239
No support by the author.
This is my version of the hack that Firefly released for VB2.
VB3's standard log of failed admincp login attempts is a nice feature.. but since you get no instant notification, by the time you check the log it could be too late. Also, the log doesn't show which passwords the potential intruder is trying... If someone is close to guessing my password I wanna know about it!
What does it do? With this hack, when someone tries to login to your admincp or modcp you'll get an email that contains the username they tried, the password they tried, their ip address, hostname, # of strikes, referer, script, and the date & time of the attempt.
It will look something like this:
Quote:
--------------------------------------------------
WARNING: Failed admin logon in vBulletin 3.0.1
--------------------------------------------------
Someone is trying to login to your Admin CP!
If the person who is attempting to access your CP happens to be registered & logged in, this line will also be included in the email:
Quote:
vBulletin has identified this user as: (intruder's real username here)
(Thanks to AlexanderT for the idea for this addon.)
Update (1-4-05): A couple of users have expressed concern about this mod sending a plaintext password over http for all logins. This update (v1.1) addresses that concern by only sending the password for cplogins. To update just re-do the first step in the instructions for your vbulletin version (the first edit to adminfunctions.php). Or if you'd prefer that the attempted password not be sent at all simply skip the edits to adminfunctions.php.
If you don't recieve an email when testing, make sure you have the webmaster email set in the admincp (vBulletin Options + Site Name / URL / Contact Details). Also, sometimes it takes a while for the email to arrive. So give it plenty of time before screaming "it doesn't work"..
Ok stupid me. I had the administrator email set to a wrong email that I don't check regularly. That is why I didn't get any notification from this hack (beside not getting like 200 other emails from people who tried to contact me :nervous: )
Ok stupid me. I had the administrator email set to a wrong email that I don't check regularly. That is why I didn't get any notification from this hack (beside not getting like 200 other emails from people who tried to contact me :nervous: )
Greets
I had the same thing happen when I was helping him test it. That's why the note about checking that in his instructions. LOL
Ok stupid me. I had the administrator email set to a wrong email that I don't check regularly. That is why I didn't get any notification from this hack (beside not getting like 200 other emails from people who tried to contact me :nervous: )
Greets
Heh.. Same thing happened to me when I was making the hack. I couldn't figure out why I wasn't getting an email so I changed the code about 5 times before noticing that I didn't have the webmaster's email set in the CP. Doh! Anyway, glad its workin' for ya.
can this hack be modded to get an email if someone tries to log in with an incorrect username or password to the normal board not admin
Yeah it could, but I'd rather not release a hack like that b/c it could easily be changed to send the user's correct password. Alot of people use the same password on several different sites so its not a good idea IMO. Not saying that you would use it for that, but theres some people out there who would abuse it.
Yeah it could, but I'd rather not release a hack like that b/c it could easily be changed to send the user's correct password. Alot of people use the same password on several different sites so its not a good idea IMO. Not saying that you would use it for that, but theres some people out there who would abuse it.
Agreed, i don't have any rights knowing there passwords, just like they don't have any rights if i was a member of there site.
Rob,
For regular logins it would probably be better to store failed attempts in the db and make a log rather than email them b/c if you have alot of members your inbox would be full due to users making typos when logging in. I might look into making a hack for that a little later when I get some free time.