The Arcive of Official vBulletin Modifications Site.

Human Verification on Login · **Released**: 03-18-2015

What is it?
----------------------------
This mod adds human verification to login, after a selectable number of failures (strikes).

Why would I want this? Users will hate it.
----------------------------
The idea is that attempts at account hacking by guessing passwords will fail if they are automated and not expecting the HV input. This will reduce the number of guesses per lockout period, and also since an incorrect or missing HV response does not count as a strike, your users will not get "lockout" emails. You can configure the mod so that HV input isn't required until a certain number of failures, so most of the time users won't even notice. Also, many users probably use "Remember Me" and so will never notice.

Note: This hasn't been tested with Forum Runner, Tapatalk, or anything similar. The mod attempts to disable itself for Forum Runner and Tapatalk, but this hasn't been tested. If you install this mod and you use one those on your forum, you should test it (for example, try logging in with incorrect password 4 times and make sure it works if you enter the correct password the 5th time). Also, I will appreciate any reports of problems or success.

Thanks to woodmj for ideas and testing.

Installation:
----------------------------
1) Import the product XML file from the Product Manager.

2) Go to Settings > Human Verification Options (in the options, not the human verification manager) to enable and configure.

You can select a different type of HV than you are using for other actions. For example, you might use some type of captcha for registration, but use Q&A for login. Note that you still have to use the Human Verification Manager to configure each type. So if you want to use Q&A for login, you would have to temporarily select it in the HV Manager to configure your questions. You can then re-select a different HV type for other actions if desired.

3) Test the mod in each of your styles. There is a field in the options for an ip address, and if this is filled in, the HV will only be active for that ip address, allowing testing without affecting other users. You can then clear the field when you are done testing.

Testing each style is important because the mod attempts to insert the HV template automatically, but if it can't (if you have custom styles for example) the mod will still be expecting the HV answer to be submitted, which will result in login failures. If this happens, the mod can still be used by manually editing the STANDARD_ERROR and mobile_login templates and inserting {vb:raw kh99_login_hv} after the password field.

History:
----------------------------
0.9 (Mar 19, 2015)

Initial Release

Alibass · #2 03-19-2015, 08:42 PM

Thanks Kevin very sweet mod. Not running customized skins, but works great with vB styles generated skins.

:up:

kh99 · #3 03-19-2015, 10:12 PM

Quote:

Originally Posted by Alibass

Thanks Kevin very sweet mod. Not running customized skins, but works great with vB styles generated skins.

:up:

Thanks, that's good to know. So if you have a number of styles that are just different colors schemes, there's probably no reason to test them all.

woodmj · #4 03-20-2015, 06:39 AM

Thanks once again for this Kevin. It's working very nicely for me :-)

bridge2heyday · #5 03-20-2015, 07:03 AM

Very Good Work , thanks for the mod

tanzeelniazi · #6 03-20-2015, 08:51 PM

Very great and awesome thank you KH99

socialteenz · #7 03-21-2015, 05:27 PM

Really Brilliant, this should be a core feature of vBulletin. I have seen this on a mybb site which i frequent, this should reduce the brute forcing attack to an extent.

This + Your New reCAPTCHA Mod = Spam Assassin

madness85 · #8 03-22-2015, 04:41 PM

my forum is closed to public so when they visit my site its displayed like this with no human verification

if you try login it will ask you to login again but with the human verification can i add it the the first login displayed?

Also it effects the admincp if you try login it will redirect to the the login with human verification then you need to login to admincp again kinda annoying lol

great mod hopefully you can help me

kh99 · #9 03-22-2015, 04:45 PM

OK, I'll look in to it. It's probably something I didn't consider. So when you say it's closed to the public, what do you mean exactly? That all forums are set so that they're not visible to guests?

What do you have the stirkes set to? I guess 0 if you want to see it the first time?

Also, what do you mean about the admincp, is it when you go directly to the admincp and you're not logged in at all yet?

madness85 · #10 03-22-2015, 04:47 PM

Quote:

Originally Posted by kh99

OK, I'll look in to it. It's probably something I didn't consider. So when you say it's closed to the public, what do you mean exactly? That all forums are set so that they're not visible to guests?

What do you have the stirkes set to? I guess 0 if you want to see it the first time?

Also, what do you mean about the admincp, is it when you go directly to the admincp and you're not logged in at all yet?

All above yes buddy

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.04705 seconds Memory Usage 2,339KB Queries Executed 24 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (2)bbcode_quote (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)modsystem_post (1)navbar (4)navbar_link (120)option (1)pagenav (1)pagenav_curpage (2)pagenav_pagelink (10)post_thanks_box (10)post_thanks_box_bit (10)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (6)post_thanks_postbit (10)post_thanks_postbit_info (9)postbit (3)postbit_attachment (10)postbit_onlinestatus (10)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start fetch_musername post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end post_thanks_function_fetch_thanks_bit_start post_thanks_function_show_thanks_date_start post_thanks_function_show_thanks_date_end post_thanks_function_fetch_thanks_bit_end post_thanks_function_fetch_post_thanks_template_start post_thanks_function_fetch_post_thanks_template_end postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_attachment postbit_display_complete post_thanks_function_can_thank_this_post_start pagenav_page pagenav_complete tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

5 благодарности(ей) от:
KGodel, madness85, puertoblack2003, tanzeelniazi, woodmj

Благодарность от:
kh99

Благодарность от:
kh99

Благодарность от:
kh99

Благодарность от:
kh99

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!