Register Members List Search Today's Posts Mark Forums Read

Reply
 
Mod Options
Disable User Lockout Emails Details »
Disable User Lockout Emails
Mod Version: 0.9, by kh99 (Senior Member) kh99 is offline
Developer Last Online: Nov 2017 I like it Show Printable Version Email this Page

vB Version: 4.2.2 Rating: (4 votes - 5.00 average) Installs: 13
Released: 19 Mar 2015 Last Update: Never Downloads: 24
Not Supported Uses Plugins Re-usable Code Translations Is in Beta Stage  

What is it?
----------------------------
This mod adds the option to disable user 'lockout' emails, which are sent after 5 failed attempts to log in to a user's account.


Note: I'm currently working on another mod that will add other login attempt notifications for admins.


Installation:
----------------------------
1) Import the product XML file from the Product Manager.

2) Go to Settings > Options > General Options and set "Enable User Lockout Email Notifications" as desired. If you want to allow some usergroups (such as admins) to continue to receive notifications for their own accounts, you can list the usergroupids (separated by commas) in the "Force Usergroup Lockout Email Notifications" option.


History:
----------------------------
0.9 (Mar 19, 2015)
  • Initial Release

Download Now

Only licensed members can download files, Click Here for more information.

Screenshots

Click image for larger version

Name:	sg1.JPG
Views:	85
Size:	101.1 KB
ID:	152103  

Show Your Support

  • To receive notifications regarding updates -> Click to Mark as Installed.
  • If you like this modification support the author by donating.
  • This modification may not be copied, reproduced or published elsewhere without author's permission.
Comments
  #2  
Old 19 Mar 2015, 17:26
synseal's Avatar
synseal synseal is offline
 
Join Date: Apr 2009
Real name: Ben Dover.
I have been getting (especially just of late) numerous failed log in attempts on members accounts which seem to be all from crawlers ignoring our robot.txt

This will put an end to that and hopefully stop members thinking there account is being hacked.

Perfect Thanks!

Edit=Tested and working fine
__________________
Tech forum.

Last edited by synseal; 19 Mar 2015 at 17:36.
Reply With Quote
  #3  
Old 24 Mar 2015, 19:12
409industries 409industries is offline
 
Join Date: Jan 2008
So glad that this mod was released, thank you kh99!

In just the past 4 weeks our forum has been hammered by bots in China trying to brute force our login page on anyone and everyone's accounts. They don't appear to be getting in, but it causes a panic by our members who start emailing the admins thinking their account has been hacked when they get the notice.

Super easy install, i'll monitor how well it works.

One option that would be really nice is to keep the notifications disabled being sent to the forum member's email address but have the login attempts CC'd to an administrator. That way admins can keep an eye on any bot / hack activity trying to login unsuccessfully.

Marked as installed. 5 stars.
Reply With Quote
  #4  
Old 24 Mar 2015, 19:25
kh99 kh99 is offline
 
Join Date: Aug 2009
Real name: Kevin
I started to add that, then decided it would be better to write records to a db table and send a summary, like once an hour. But of course I got sidetracked. Maybe i'll just go back and add an alternate email address.
Reply With Quote
  #5  
Old 24 Mar 2015, 19:34
409industries 409industries is offline
 
Join Date: Jan 2008
Originally Posted by kh99 View Post
I started to add that, then decided it would be better to write records to a db table and send a summary, like once an hour. But of course I got sidetracked. Maybe i'll just go back and add an alternate email address.
The DB entries might be interesting for generating ban lists, etc.

Depending on how much invalid login attempts are going on, the email route could generate a lot of email traffic. However, if its pretty quiet an occasional email would be just fine.

Still, some mechanism should be in place to keep admins aware if bots are constantly trying to login, so that we can react accordingly (more IP bans, etc)

Thank you again!
Reply With Quote
  #6  
Old 24 Mar 2015, 20:40
kh99 kh99 is offline
 
Join Date: Aug 2009
Real name: Kevin
Originally Posted by 409industries View Post
The DB entries might be interesting for generating ban lists, etc.

Depending on how much invalid login attempts are going on, the email route could generate a lot of email traffic. However, if its pretty quiet an occasional email would be just fine.

Still, some mechanism should be in place to keep admins aware if bots are constantly trying to login, so that we can react accordingly (more IP bans, etc)

Thank you again!
Well, I just saw your post in the dbtech product thread. Doesn't that take care of notifications?
Reply With Quote
  #7  
Old 25 Mar 2015, 13:17
woodmj woodmj is offline
 
Join Date: Sep 2013
I found the IPs the attacks seemed to be coming from were member IPs so I was banning my members when I was blocking them. Is it possible the attacks just fake IPs?
Reply With Quote
  #8  
Old 25 Mar 2015, 13:23
kh99 kh99 is offline
 
Join Date: Aug 2009
Real name: Kevin
Originally Posted by woodmj View Post
I found the IPs the attacks seemed to be coming from were member IPs so I was banning my members when I was blocking them. Is it possible the attacks just fake IPs?
Yeah, we were talking about that on vbulletin.com I think. I guess it's possible but I don't know enough about it to know how it's done. I mean, I know an IP packet could contain a fake source ip, but then whoever sent it isn't going to get a response, so I don't see how that helps someone guess passwords. Could be something else is going on there. Have you been in contact with any of those users so that you know they had nothing to do with it?

Hmm, well, I guess maybe someone spoofing IPs could blindly send the right packets to try a login, then use a different ip to see if the user is online. In that case I think the "HV on login" mod should stop that, if the HV is something that can't be guessed.

Last edited by kh99; 25 Mar 2015 at 13:44.
Reply With Quote
  #9  
Old 25 Mar 2015, 18:45
409industries 409industries is offline
 
Join Date: Jan 2008
Originally Posted by kh99 View Post
Well, I just saw your post in the dbtech product thread. Doesn't that take care of notifications?
Yes! It actually does. I forgot to reconfigure the watchers option there. Thanks for the heads up.
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Mod Options

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 12:31.

Layout Options | Width: Wide Color: