Register Members List Search Today's Posts Mark Forums Read

Reply
 
Article Options
[HOW TO - vB4] Time based OTP for ACP
McGyver
Join Date: Mar 2012
Posts: 28

by McGyver McGyver is offline 15 Dec 2014
Rating: (1 vote - 5.00 average)

One of the recommended security precautions we all vBulletin administrators should have in place is a password protected, at the web server level, ACP.
This is easily done when Apache is in the picture by placing an .htaccess file in the admincp directory that points to the appropriate password file.
No reason to go further into this as it's something more or less we all know of.

How about extending the password protection so that the HTTP authentication passwords change every now and then?
We would need to login to our server, change the passwords, notify our fellow administrators.
Easy job, but just another thing we need to have on our admin task list.

How about making the HTTP passwords rotate automatically if we are not logged in to the vBulletin ACP?
I liked the idea since I use OTP all the time for Google, eBanking and other services.

So I compiled a short bash script that does the trick.
It runs every minute via cron, checks if there's an active admin session and if not rotates the HTTP password every 30 seconds.
I would then setup an account in the Google Authenticator (or other RFC6238 compatible) application on my smartphone and I'm good to go.

This is a recent update to the approach described here that we had running for a couple of years.

The attached script is commented so you can get the details by simply checking its contents.
In its current form works with Apache and vBulletin 4.x but one could easily adapt it to other web servers or software.

Of course, any comments and/or enhancement ideas are always welcomed and appreciated.

And the usual "use it at your own discretion and risk":
The script is provided "as is" without any implied or expressed warranty it will suit your needs or environment.


With fellow-admin greetings,

McGyver
Attached Files
File Type: txt passwords.sh.txt (3.7 KB, 22 views)
Views: 3542
Reply With Quote
Reply

Similar Article
Article Author Type Replies Last Post
Miscellaneous Hacks Time Based Greeting Dragonsys vBulletin 4.x Template Modifications 34 13 Feb 2013 02:40
Administrative and Maintenance Tools Notices: Time Range Criteria (based upon Server Time) Wired1 vBulletin 3.7 Add-ons 24 10 Aug 2009 03:48



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Article Options

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 15:45.

Layout Options | Width: Wide Color: