Register Members List Search Today's Posts Mark Forums Read

Reply
 
Mod Options
[DBTech] vBSecurity v2 (vB4) Details »
[DBTech] vBSecurity v2 (vB4)
Mod Version: 3.3.0, by DragonByte Tech (Coder) DragonByte Tech is offline
Developer Last Online: Jun 2019 I like it Show Printable Version Email this Page

vB Version: 4.x.x Rating: (16 votes - 4.56 average) Installs: 130
Released: 30 Dec 2011 Last Update: 19 Jun 2018 Downloads: 842
Supported DB Changes Uses Plugins Additional Files Translations  

vBSecurity: What is it?
vBSecurity keeps a watchful eye over your forum even when you are not there, and has the capability to alert you of any suspicious activity.

Uses

vBSecurity is the ideal product for forums that are concerned about security, or wish to be alerted when something suspicious happens.
It keeps a watchful eye on your configuration file, ensuring that it does not get modified by mods or plugins.
Another important feature is the ability to add a secondary login, unique to each administrator, that is required before accessing the AdminCP. Ideal for forums where multiple administrators may share login information, or where administrators may log in from public computers.
Add in quick settings for the most vital vBulletin Options and Usergroup password settings, vBSecurity can easily be called one of the most comprehensive security suites for your vBulletin forum.

-------------------------------------------------------------------------------------------

If you like this mod please hit the button to the right ---->

Please remember to click the, button to the right if you installed the mod ---->

What does 'Marking As Installed' do ?

* It helps you to stay on top of updates - members who have installed modifications will be notified by us whenever new updates are available.

*
For security issues - vbulletin.org will contact all members who have installed a modification whenever a security issue is brought to their attention.

* Marking a modification as installed also helps us know how many people are using our work, giving us extra incentive to provide more features and new modifications.

We appreciate the support!
-------------------------------------------------------------------------------------------

Priority support & Product Demos available at: http://www.dragonbyte-tech.com

-------------------------------------------------------------------------------------------

Translations available @ our forum
Support for translations handled by the translator in its respective threads only.

-------------------------------------------------------------------------------------------

Major Features
Administrator Security: .htaccess-like logins for your administrators means that even if they use the same password on multiple sites, malicious users still need a fresh, unique password to log in.

Security Watchers: Keep an eye on the most important aspects of vBulletin: config.php tampering, AdminCP / User Account access attempts, vBulletin Options, User Data, Usergroup Settings and Usergroup Permissions.
Detailed changelogs available for each watcher dealing with changes.
IP Ban, User Ban, Email alerts and temporary forum closure options available for each watcher individually.

Lite
* Searchable list of all AdminCP access attempts
* Searchable list of all failed login attempts
* Searchable list of administrator changes for areas governed by the Security Watchers
* vBOption: IP Address whitelist for AdminCP access
* vBOption: Separate "Closed Reason" for closures that happened due to potential security breaches
* Quick setting page for the most important vBulletin Options security settings
* Quick setting page for the most important Usergroup security settings
* Security Watchers: General - config.php Variable Tampering, AdminCP Access Attempts
* Security Watchers: Logins - Failed Logons, Failed Mass Logons
* Security Watchers: vBOptions - vBulletin Active, Reason For Turning vBulletin Off, Banned Email Addresses, Banned IP Addresses, Use Login "Strikes" System, Whitelisted IP Addresses, Whitelisted IP Addresses - Exclude Super Administrators
* Security Watchers: User Data - User Name, Password, Email, Primary Usergroup, Additional Usergroups, Reputation Level, Warnings, Infractions, Infraction Points, Receive Admin Emails
* Security Watcher Actions: 2 thresholds with individual configuration options, IP Ban / User Ban / Email Webmaster / Close Forum options available for each Watcher option listed above. Some watcher options may not have all actions.

Pro
* Optional .htaccess-like login on a per-administrator basis
* Settings Snapshots - take a "snapshot" of how the vBulletin Options look at the time, instant restore by clicking Load on a previous snapshot
* Security Watchers: Usergroup - Password Expiry, Password History, every usergroup permission group, every "value" permission
* IP Guard: Administrator IP Address authorisation scheme (similar to Steam Guard) - Require email verification for new IP addresses to access the AdminCP, per-administrator disable

-------------------------------------------------------------------------------------------
This mod displays a copyright notification in the footer of all pages which includes:
  • 1 Link to DragonByte Technologies homepage
  • 1 Link to Product Description page of this modification

Download Now

Only licensed members can download files, Click Here for more information.

Screenshots

Click image for larger version

Name:	vbsec_adminpasswords.jpg
Views:	1240
Size:	78.0 KB
ID:	135371   Click image for larger version

Name:	vbsec_recommendations.jpg
Views:	890
Size:	75.9 KB
ID:	135372   Click image for larger version

Name:	vbsec_watchergeneral.jpg
Views:	787
Size:	76.9 KB
ID:	135373   Click image for larger version

Name:	vbsec_watcherlogin.jpg
Views:	994
Size:	77.5 KB
ID:	135374  

Show Your Support

  • To receive notifications regarding updates -> Click to Mark as Installed.
  • If you like this modification support the author by donating.
  • This modification may not be copied, reproduced or published elsewhere without author's permission.
Similar Mod
Mod Developer Type Replies Last Post
Major Additions [DBTech] vBShop v3 (vB4) DragonByte Tech vBulletin 4.x Add-ons 590 19 Dec 2018 19:05
Major Additions [DBTech] vBArcade v2 (vB4) DragonByte Tech vBulletin 4.x Add-ons 429 23 Oct 2018 10:49
Major Additions [DBTech] vBNotifications v1 (vB4) DragonByte Tech vBulletin 4.x Add-ons 189 16 Apr 2018 21:46
Administrative and Maintenance Tools [DBTech] vBMail v2 (vB4) DragonByte Tech vBulletin 4.x Add-ons 346 18 Jun 2017 12:26
Major Additions [DBTech] vBNavTabs - Navbar Tabs / Tab Management v1 (vB4) DragonByte Tech vBulletin 4.x Add-ons 420 11 Jun 2017 22:45

  #136  
Old 30 May 2016, 22:43
DragonByte Tech's Avatar
DragonByte Tech DragonByte Tech is offline
 
Join Date: Feb 2010
Real name: Fillip & Iain
vBSecurity v2.2.2

New Features:

"Failed Logons" Watcher
  • Option to send an alert to the user whose account has been triggered

Changed Features:
  • "Failed Mass Logons" now only triggers if the user tries unique usernames

Bug Fixes:
  • The "Failed Mass Non-Existent Logons" rule sets would not trigger correctly, instead the "Failed Mass Logons" ruleset was used


Fillip
__________________
www.Dragonbyte-tech.com
Please support our mods by nominating them to MOTM!
Please do NOT PM us for support. Private Messages are only for exchanging sensitive details (like FTP / AdminCP logins).
Reply With Quote
  #137  
Old 11 Jul 2016, 16:43
DragonByte Tech's Avatar
DragonByte Tech DragonByte Tech is offline
 
Join Date: Feb 2010
Real name: Fillip & Iain
vBSecurity v2.2.3

New Features:

CLI Maintenance Script
  • Ability to execute either of the two maintenance actions via the command line

Search IP Addresses: Find Potential Intruder IP Addresses
  • Displays a list of IP addresses who have failed to login to valid member accounts more than once
  • Also displays any successful logins from these IP addresses

Bug Fixes:
  • A few phrases were accidentally created with the wrong phrase key, leading to blank emails being sent in some scenarios
  • The "Password Rules" checkboxes would not update if the user pasted their password via the right click menu


vBSecurity v2.2.4

Changed Features:

Password Reset
  • The created password is now based on the user’s password rule requirements
  • The Mass Password Reset action now creates a random password based on the user’s password rule requirements



Fillip
__________________
www.Dragonbyte-tech.com
Please support our mods by nominating them to MOTM!
Please do NOT PM us for support. Private Messages are only for exchanging sensitive details (like FTP / AdminCP logins).
Reply With Quote
  #138  
Old 04 Aug 2016, 11:10
Darkside2012 Darkside2012 is offline
 
Join Date: Jul 2012
I canīt loging with my account on dragonbyte-tech.com
My password is. expired
I recive the email : New Account Access From xxx.xxx.xxx.xxx
If you recognise this IP address and would like to add it to the whitelist, please click here
but when i click the link nothing will be happen.
It is the same ......
i canīt edit my password
Reply With Quote
  #139  
Old 04 Aug 2016, 12:39
DragonByte Tech's Avatar
DragonByte Tech DragonByte Tech is offline
 
Join Date: Feb 2010
Real name: Fillip & Iain
Originally Posted by Darkside2012 View Post
I canīt loging with my account on dragonbyte-tech.com
Try it now, you should be able to confirm the IP before being asked for a new password now


Fillip
__________________
www.Dragonbyte-tech.com
Please support our mods by nominating them to MOTM!
Please do NOT PM us for support. Private Messages are only for exchanging sensitive details (like FTP / AdminCP logins).
Reply With Quote
  #140  
Old 16 Aug 2016, 13:49
rhody401's Avatar
rhody401 rhody401 is offline
 
Join Date: Feb 2012
I think I found a bug or conflict in version 2.2.4 lite

If a user tries to reset their lost password, they get the email from VB and click the link. But when clicked, it gives either a blank white page or sometimes an error 500.

If I disable this script, everything works well again. I can reproduce this reliably by enabling or disabling version 2.2.4

My info:
VB 4.2.3 pl2
Server Litespeed
PHP 5.5.38
MySQL 10.0.25-MariaDB-cll-lve

If you need anything else to help fix it, let me know.

Thanks
Mike
Reply With Quote
  #141  
Old 16 Aug 2016, 13:50
DragonByte Tech's Avatar
DragonByte Tech DragonByte Tech is offline
 
Join Date: Feb 2010
Real name: Fillip & Iain
You will need to check your error log for the real reason behind a 500 Internal Server Error.


Fillip
__________________
www.Dragonbyte-tech.com
Please support our mods by nominating them to MOTM!
Please do NOT PM us for support. Private Messages are only for exchanging sensitive details (like FTP / AdminCP logins).
Reply With Quote
  #142  
Old 07 Sep 2016, 15:21
civicf civicf is offline
 
Join Date: Nov 2012
I have similar problem. User can't reset password. Error message was displayed after clik on reset link.

PHP Warning: require(........dbtech....vbsecurity_pro....hooks....reset_password.php): failed to open stream: No such file or directory in ....login.php(329) : eval()'d code on line 1

Fatal error: require(): Failed opening required '//dbtech/vbsecurity_pro/hooks/reset_password.php' (include_path='.:/usr/local/php/pear5') in /login.php(329) : eval()'d code on line 1
When I downgraded to 2.2.0 everything is ok.

Last edited by civicf; 08 Sep 2016 at 05:48.
Reply With Quote
  #143  
Old 11 Sep 2016, 00:57
rhody401's Avatar
rhody401 rhody401 is offline
 
Join Date: Feb 2012
I had to disable it didnt have time to debug this time, but will re install next version.
Reply With Quote
  #144  
Old 12 Sep 2016, 17:18
DragonByte Tech's Avatar
DragonByte Tech DragonByte Tech is offline
 
Join Date: Feb 2010
Real name: Fillip & Iain
Originally Posted by civicf View Post
I have similar problem. User can't reset password. Error message was displayed after clik on reset link.



When I downgraded to 2.2.0 everything is ok.
Sorry about that, I've updated the zip file with a fixed XML file


Fillip
__________________
www.Dragonbyte-tech.com
Please support our mods by nominating them to MOTM!
Please do NOT PM us for support. Private Messages are only for exchanging sensitive details (like FTP / AdminCP logins).
Reply With Quote
  #145  
Old 16 Feb 2017, 10:02
DragonByte Tech's Avatar
DragonByte Tech DragonByte Tech is offline
 
Join Date: Feb 2010
Real name: Fillip & Iain
vBSecurity v3.3.0:
Feature: New option: Enable Account Breach Check
Feature: New option: Account Breach Check: Check Username

This mod has been updated to be brought in line with the XenForo version.


Fillip
__________________
www.Dragonbyte-tech.com
Please support our mods by nominating them to MOTM!
Please do NOT PM us for support. Private Messages are only for exchanging sensitive details (like FTP / AdminCP logins).
Reply With Quote
  #146  
Old 01 May 2017, 00:32
SteveG63 SteveG63 is offline
 
Join Date: Mar 2014
I updated this today (overwriting the old install) without realizing that I needed PHP Ver 5.6. I have PHP 5.3.29. Can I get the latest version that works with 5.3.29 please?



Thanks.

Last edited by SteveG63; 01 May 2017 at 00:47.
Reply With Quote
  #147  
Old 23 Jun 2017, 00:13
highlander29 highlander29 is offline
 
Join Date: Mar 2011
I'm really impressed with some of the features in the new version of this modification. Thanks for all the good work.

I notice you included instructions for using bcrypt for passwords. Do those instructions re-encrypt the entire password database? This is a huge issue that I've been concerned about for some time. I also would like to ask the impact of forum upgrades - so if you deploy it in 4.2.5 and then upgrade to 4.2.6, do you need to make those changes again?
Reply With Quote
  #148  
Old 27 Jun 2017, 16:21
DragonByte Tech's Avatar
DragonByte Tech DragonByte Tech is offline
 
Join Date: Feb 2010
Real name: Fillip & Iain
Originally Posted by highlander29 View Post
I'm really impressed with some of the features in the new version of this modification. Thanks for all the good work.

I notice you included instructions for using bcrypt for passwords. Do those instructions re-encrypt the entire password database? This is a huge issue that I've been concerned about for some time. I also would like to ask the impact of forum upgrades - so if you deploy it in 4.2.5 and then upgrade to 4.2.6, do you need to make those changes again?
Any file modifications will need to be reapplied in the event of a forum upgrade. Running the BCrypt action in the AdminCP does add additional BCrypt hashing to passwords in the database, yes.


Fillip
__________________
www.Dragonbyte-tech.com
Please support our mods by nominating them to MOTM!
Please do NOT PM us for support. Private Messages are only for exchanging sensitive details (like FTP / AdminCP logins).
Reply With Quote
  #149  
Old 19 Jun 2018, 14:05
DragonByte Tech's Avatar
DragonByte Tech DragonByte Tech is offline
 
Join Date: Feb 2010
Real name: Fillip & Iain
The download package has been updated to address a minor security vulnerability that could allow an attacker to inject code for their own user only (not other users) when viewing their currently active login sessions.

This vulnerability cannot be used to exploit your forum, this is not a critical vulnerability.


Fillip
__________________
www.Dragonbyte-tech.com
Please support our mods by nominating them to MOTM!
Please do NOT PM us for support. Private Messages are only for exchanging sensitive details (like FTP / AdminCP logins).
Reply With Quote
  #150  
Old 25 Oct 2018, 19:02
brandon515 brandon515 is offline
 
Join Date: Nov 2006
Mass Password Reset Question

If I do a mass password reset for all of my users, will they get an email saying that their password was reset? If so, can I customize that email?

Thanks
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Mod Options

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 10:02.

Layout Options | Width: Wide Color: