Go Back   vb.org Archive > vBulletin Modifications > vBulletin 4.x Modifications > vBulletin 4.x Add-ons
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
AdminCP Firewall ~ Protect your AdminCP! Details »»
AdminCP Firewall ~ Protect your AdminCP!
Version: 1.3.3, by liamwli liamwli is offline
Developer Last Online: Dec 2019 Show Printable Version Email this Page

Category: Administrative and Maintenance Tools - Version: 4.x.x Rating:
Released: 03-20-2013 Last Update: 04-04-2013 Installs: 103
Uses Plugins
Re-useable Code Translations  
No support by the author.

This is a mod I made to increase the security of your forum!

It has the following features:
  • Email alert when an Admin logs into the CP
  • IP Checking for Admins
  • E-Mail if the IP isn't whitelisted
  • Block user access to the AdminCP if the IP isn't whitelisted
  • E-Mail if someone fails an AdminCP login
Those features will allow you to secure your AdminCP - and the only upload required is the product file!

So, what are you waiting for? Install now

Update History
Version 1.3.3:
PHP error should be fixed

Version 1.3.2:
Fixed - PHP error message when logging into AdminCP
Branding Removed

Version 1.3.1:
Fixed - text would be displayed on login failure page if failure email turned off or not from admincp

Version 1.3:
Added - Ability to have an email sent when someone fails an admincp login.
Added - Branding. Sorry! Any donation of ?2.50 or more will allow you to remove it

Version 1.2:
Added - Ability to specify IP's as CIDR ranges
Added - Ability to set both IP email and IP deny
Added - IP email will now tell you if any forum members registered using the unauthorized IP
Changed - Updated Admin Help Pages

Version 1.1:
Added - Ability to specify multiple email addresses
Added - Help entries for the admin options
Changed - IP's are separated with a line break now, not a comma.

Mark as Installed if Installed and Nominate for MOTM if you think this mod deserves it!

-----------

Donating

I kindly accept donations for my work. Donating will allow you to remove the branding. You can donate via paypal using the link on the right, or using bitcoin. Please PM me if you wish to donate using bitcoin.

This modification is free to modify and distribute with attribution. I no longer own a vBulletin license.

Download Now

File Type: xml product-liam_cpfirewall_1.3.3.xml (26.5 KB, 575 views)

Screenshots

File Type: jpg cpfirewall_settings.jpg (92.8 KB, 0 views)

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.
6 благодарности(ей) от:
Eposig2, GreyGhost, obglobal.net, RichieBoy67, synseal, tanzeelniazi

Comments
  #62  
Old 04-19-2013, 10:56 AM
djbaxter djbaxter is offline
 
Join Date: Aug 2006
Location: Ottawa, Canada
Posts: 2,601
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by djbaxter View Post
Using email notification only at the moment:
  • requires me to enter an IP address even though I've not enabled Ip monitoring or filtering
  • works as expected if the admincp folder is not renamed
  • does not trigger an email on one forum where the admincp forum IS renamed to something else (e.g., new_admin)
Quote:
Originally Posted by liamwli View Post
Did you change the field marked admincp directory, found in the options?
Quote:
Originally Posted by djbaxter View Post
Yes, of course. It has the correct folder name there, no leading or trailing slashes, just like with the other forums. And the new folder is in the root of the forum directory, just as the admincp folders are.
I checked the setting in the vBulletin Email Options and found an incorrect setting in the one that wasn't working (the one with the renamed admincp). Specifically the "Enable '-f' Parameter" was set to YES on that one forum. I turned it off and the email notifications of admincp logins are now working correctly.
Reply With Quote
  #63  
Old 04-19-2013, 11:31 AM
MahdyE23 MahdyE23 is offline
 
Join Date: Apr 2013
Posts: 106
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

This is actually a very amazing mod, thank you for this!
Reply With Quote
  #64  
Old 04-19-2013, 12:48 PM
djbaxter djbaxter is offline
 
Join Date: Aug 2006
Location: Ottawa, Canada
Posts: 2,601
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by MahdyE23 View Post
This is actually a very amazing mod, thank you for this!
It's certainly timely. See

http://www.vbseo.com/f255/summary-fi...t-issue-55099/

http://www.vbseo.com/f255/filestore-...r-forum-55368/

http://club.myce.com/f20/vbulletin-m...e-them-332219/

http://www.vbseo.com/f255/url123-red...its-end-54125/

The best guess at the moment is that malware is being used to harvest admincp passwords giving the malware network access to your admincp, which is then used to alter certain plugins to redirect your traffic (or do whatever else they want to do to your site for that matter).

There are several things noted in the first two threads that forum owners should be doing to secure their forums and their servers. This add-on provides an extra layer of protection or at least notification if someone does gain access.
Reply With Quote
  #65  
Old 04-23-2013, 03:50 PM
djbaxter djbaxter is offline
 
Join Date: Aug 2006
Location: Ottawa, Canada
Posts: 2,601
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Suggestion regarding awkward wording in notifications:

Change line 502 to read:

Code:
{1} logged into the AdminCP from IP address {2}.
Reply With Quote
  #66  
Old 04-28-2013, 08:28 PM
elitecarders elitecarders is offline
 
Join Date: Nov 2012
Posts: 23
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Code:
Sorry, you don't have permission to access the administrative controls on this page.

If you need to access this page, ask your lead administrator to enable your permissions for this page using the Administrator Permissions section of the control panel.
i got this error after installing my ip nothing changed everything was fine
Reply With Quote
  #67  
Old 07-15-2013, 12:57 AM
djbaxter djbaxter is offline
 
Join Date: Aug 2006
Location: Ottawa, Canada
Posts: 2,601
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Email this evening from this mod:

Quote:
Hi,

northernangel logged into the AdminCP from IP address 209.105.205.53.

AdminCP Firewall
northernangel is a valid membername from a member who had not logged in for a long time. The member was not ad admin or moderator. The records show that member did log in to her account about the time the email was generated but it was from a different IP address and a different country than the one on record. There is no indication in the logs of any entry into the admincp from that member or indeed any member other than the two admins.

How is this possible? Is this a false positive?

I have changed the password for that member, banned the member at the forum level, and banned the IP at the server level to be safe. But should there not be a log entry if there indeed was a breach?

By the way, in order to gain access to the AdminCP, two passwords are required.
Reply With Quote
  #68  
Old 07-15-2013, 10:23 AM
DemOnstar's Avatar
DemOnstar DemOnstar is offline
 
Join Date: Dec 2012
Posts: 859
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Installed on Localhost so can't test just yet but security may well be a concern so thank you for your work...
Reply With Quote
  #69  
Old 07-16-2013, 01:45 PM
djbaxter djbaxter is offline
 
Join Date: Aug 2006
Location: Ottawa, Canada
Posts: 2,601
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by djbaxter View Post
Email this evening from this mod:



northernangel is a valid membername from a member who had not logged in for a long time. The member was not ad admin or moderator. The records show that member did log in to her account about the time the email was generated but it was from a different IP address and a different country than the one on record. There is no indication in the logs of any entry into the admincp from that member or indeed any member other than the two admins.

How is this possible? Is this a false positive?

I have changed the password for that member, banned the member at the forum level, and banned the IP at the server level to be safe. But should there not be a log entry if there indeed was a breach?

By the way, in order to gain access to the AdminCP, two passwords are required.
I figured part of this out because it happened with another forum member today while I was actually online. That member in who's online was shown as viewing a "no permissions" error message, meaning they didn't actually get access to the admincp and that's why there was no log entry.

However, you might want to look more closely at what tirggers the email notification of a breach.
Reply With Quote
  #70  
Old 07-29-2013, 09:21 PM
MahdyE23 MahdyE23 is offline
 
Join Date: Apr 2013
Posts: 106
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

My IP changed and now I cannot access my ACP. I tried adding that code at the end of the config.php, but it did nothing. Please help me?
Reply With Quote
  #71  
Old 07-30-2013, 02:22 AM
Disco_Stu Disco_Stu is offline
 
Join Date: Apr 2012
Posts: 305
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I would be careful installing a mod that could potentially lock you out of your own ACP. I would think your htaccess security should be sufficient in keeping someone from accessing your ACP.

I experimented with another mod (not this mod) that did not install completely. The result was that I could not access my ACP and I had to completely restore my entire site.

I see that the author no longer has a vBulletin license.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 04:25 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05063 seconds
  • Memory Usage 2,353KB
  • Queries Executed 26 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (2)bbcode_code
  • (6)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (4)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (11)post_thanks_box
  • (6)post_thanks_box_bit
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (2)postbit_attachment
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_attachment
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete