Register Members List Search Today's Posts Mark Forums Read

Reply
 
Mod Options
[DBTech] vBSecurity v2 (vB4) Details »
[DBTech] vBSecurity v2 (vB4)
Mod Version: 3.3.0, by DragonByte Tech (Coder) DragonByte Tech is offline
Developer Last Online: May 2020 I like it Show Printable Version Email this Page

vB Version: 4.x.x Rating: (16 votes - 4.56 average) Installs: 131
Released: 30 Dec 2011 Last Update: 19 Jun 2018 Downloads: 855
Supported DB Changes Uses Plugins Additional Files Translations  

vBSecurity: What is it?
vBSecurity keeps a watchful eye over your forum even when you are not there, and has the capability to alert you of any suspicious activity.

Uses

vBSecurity is the ideal product for forums that are concerned about security, or wish to be alerted when something suspicious happens.
It keeps a watchful eye on your configuration file, ensuring that it does not get modified by mods or plugins.
Another important feature is the ability to add a secondary login, unique to each administrator, that is required before accessing the AdminCP. Ideal for forums where multiple administrators may share login information, or where administrators may log in from public computers.
Add in quick settings for the most vital vBulletin Options and Usergroup password settings, vBSecurity can easily be called one of the most comprehensive security suites for your vBulletin forum.

-------------------------------------------------------------------------------------------

If you like this mod please hit the button to the right ---->

Please remember to click the, button to the right if you installed the mod ---->

What does 'Marking As Installed' do ?

* It helps you to stay on top of updates - members who have installed modifications will be notified by us whenever new updates are available.

*
For security issues - vbulletin.org will contact all members who have installed a modification whenever a security issue is brought to their attention.

* Marking a modification as installed also helps us know how many people are using our work, giving us extra incentive to provide more features and new modifications.

We appreciate the support!
-------------------------------------------------------------------------------------------

Priority support & Product Demos available at: http://www.dragonbyte-tech.com

-------------------------------------------------------------------------------------------

Translations available @ our forum
Support for translations handled by the translator in its respective threads only.

-------------------------------------------------------------------------------------------

Major Features
Administrator Security: .htaccess-like logins for your administrators means that even if they use the same password on multiple sites, malicious users still need a fresh, unique password to log in.

Security Watchers: Keep an eye on the most important aspects of vBulletin: config.php tampering, AdminCP / User Account access attempts, vBulletin Options, User Data, Usergroup Settings and Usergroup Permissions.
Detailed changelogs available for each watcher dealing with changes.
IP Ban, User Ban, Email alerts and temporary forum closure options available for each watcher individually.

Lite
* Searchable list of all AdminCP access attempts
* Searchable list of all failed login attempts
* Searchable list of administrator changes for areas governed by the Security Watchers
* vBOption: IP Address whitelist for AdminCP access
* vBOption: Separate "Closed Reason" for closures that happened due to potential security breaches
* Quick setting page for the most important vBulletin Options security settings
* Quick setting page for the most important Usergroup security settings
* Security Watchers: General - config.php Variable Tampering, AdminCP Access Attempts
* Security Watchers: Logins - Failed Logons, Failed Mass Logons
* Security Watchers: vBOptions - vBulletin Active, Reason For Turning vBulletin Off, Banned Email Addresses, Banned IP Addresses, Use Login "Strikes" System, Whitelisted IP Addresses, Whitelisted IP Addresses - Exclude Super Administrators
* Security Watchers: User Data - User Name, Password, Email, Primary Usergroup, Additional Usergroups, Reputation Level, Warnings, Infractions, Infraction Points, Receive Admin Emails
* Security Watcher Actions: 2 thresholds with individual configuration options, IP Ban / User Ban / Email Webmaster / Close Forum options available for each Watcher option listed above. Some watcher options may not have all actions.

Pro
* Optional .htaccess-like login on a per-administrator basis
* Settings Snapshots - take a "snapshot" of how the vBulletin Options look at the time, instant restore by clicking Load on a previous snapshot
* Security Watchers: Usergroup - Password Expiry, Password History, every usergroup permission group, every "value" permission
* IP Guard: Administrator IP Address authorisation scheme (similar to Steam Guard) - Require email verification for new IP addresses to access the AdminCP, per-administrator disable

-------------------------------------------------------------------------------------------
This mod displays a copyright notification in the footer of all pages which includes:
  • 1 Link to DragonByte Technologies homepage
  • 1 Link to Product Description page of this modification

Download Now

Only licensed members can download files, Click Here for more information.

Screenshots

Click image for larger version

Name:	vbsec_adminpasswords.jpg
Views:	1255
Size:	78.0 KB
ID:	135371   Click image for larger version

Name:	vbsec_recommendations.jpg
Views:	903
Size:	75.9 KB
ID:	135372   Click image for larger version

Name:	vbsec_watchergeneral.jpg
Views:	797
Size:	76.9 KB
ID:	135373   Click image for larger version

Name:	vbsec_watcherlogin.jpg
Views:	1002
Size:	77.5 KB
ID:	135374  

Show Your Support

  • To receive notifications regarding updates -> Click to Mark as Installed.
  • If you like this modification support the author by donating.
  • This modification may not be copied, reproduced or published elsewhere without author's permission.
Similar Mod
Mod Developer Type Replies Last Post
Major Additions [DBTech] vBShop v3 (vB4) DragonByte Tech vBulletin 4.x Add-ons 590 19 Dec 2018 19:05
Major Additions [DBTech] vBArcade v2 (vB4) DragonByte Tech vBulletin 4.x Add-ons 429 23 Oct 2018 10:49
Major Additions [DBTech] vBNotifications v1 (vB4) DragonByte Tech vBulletin 4.x Add-ons 189 16 Apr 2018 21:46
Administrative and Maintenance Tools [DBTech] vBMail v2 (vB4) DragonByte Tech vBulletin 4.x Add-ons 346 18 Jun 2017 12:26
Major Additions [DBTech] vBNavTabs - Navbar Tabs / Tab Management v1 (vB4) DragonByte Tech vBulletin 4.x Add-ons 420 11 Jun 2017 22:45

  #76  
Old 18 Nov 2013, 15:54
rhody401's Avatar
rhody401 rhody401 is offline
 
Join Date: Feb 2012
I upgraded to 1.1.1 today and now see this on the top left, every time I sign into ADMIN CP:

IP Address Verifier
Current IP Address
1.2.3.4
Stored IP Address
N/A
Mismatch
[Admin Access Log]
(my real ip is the current, not 1.2.3.4 - changed for security reasons)

I'm not sure how to fix this, to make the notice go away. When I disable this mod temporarily, it goes away. My user id IS set up as a super administrator in config.php and I have even whitelisted the ip in the settings for this add-on.

Any suggestions appreciated

Rhody
Reply With Quote
  #77  
Old 20 Nov 2013, 11:34
rhody401's Avatar
rhody401 rhody401 is offline
 
Join Date: Feb 2012
Ah disregard. The next day it had my real ip in both sections. I guess the first time it hasnt saved/logged your IP yet. (resulting in the mismatch error)
Reply With Quote
  #78  
Old 25 Nov 2013, 22:05
sharcker sharcker is offline
 
Join Date: Jan 2008
Hi, This Works for vB 5.0.5?
Reply With Quote
  #79  
Old 26 Nov 2013, 23:04
ForceHSS's Avatar
ForceHSS ForceHSS is offline
 
Join Date: Apr 2008
Is this option only in the pro
Reply With Quote
  #80  
Old 09 Dec 2013, 18:43
rhody401's Avatar
rhody401 rhody401 is offline
 
Join Date: Feb 2012
I think I found a bug in version 1.1.1

On my 4.2.1 patched system, this has happened twice in the past month.

I have multiple admins and if an admin enters the wrong password just ONCE, it treats it like 25+ brute force attempts. It takes action with one attempt, ignoring the settings for # of attempts.

Under SECURITY WATCHERS: GENERAL - I have:

12 AdminCP access attempts from SAME IP ADDRESS attempts in 1 hour: Email Webmaster

25 AdminCP access attempts from ANY IP ADDRESS attempts in 1 hour: Email Webmaster, Close Forum, Ban IP
Twice it has set off both of the above (two emails, closed forum, etc) for a single wrong password attempt.

I have temporarily taken away its ability to close the forum, because I was out yesterday and it shut down the forum for almost 5 hours.

If I can help in any way to help duplicate/identify this behavior - don't hesitate to email me.

Thanks
Rhody
Reply With Quote
  #81  
Old 10 Dec 2013, 11:40
madness85 madness85 is offline
 
Join Date: Jun 2012
Originally Posted by rhody401 View Post
I think I found a bug in version 1.1.1

On my 4.2.1 patched system, this has happened twice in the past month.

I have multiple admins and if an admin enters the wrong password just ONCE, it treats it like 25+ brute force attempts. It takes action with one attempt, ignoring the settings for # of attempts.

Under SECURITY WATCHERS: GENERAL - I have:



Twice it has set off both of the above (two emails, closed forum, etc) for a single wrong password attempt.

I have temporarily taken away its ability to close the forum, because I was out yesterday and it shut down the forum for almost 5 hours.

If I can help in any way to help duplicate/identify this behavior - don't hesitate to email me.

Thanks
Rhody
Same here buddy 1 failed login ip banned mostly from my mobile
Reply With Quote
  #82  
Old 10 Dec 2013, 19:24
rhody401's Avatar
rhody401 rhody401 is offline
 
Join Date: Feb 2012
Ya i was able to duplicate it again last night, with a single wrong password attempt. For now, I disabled all but EMAIL ADMINISTRATOR - so it wont shut down the forum again.

Thanks for the reply to let me know I'm not imagining things

Rhody
Reply With Quote
  #83  
Old 15 Dec 2013, 02:07
DragonByte Tech's Avatar
DragonByte Tech DragonByte Tech is offline
 
Join Date: Feb 2010
I'll attempt to replicate this myself as soon as I have time, if I can't I'll reach out to one of you for FTP/AdminCP information.


Fillip
__________________
www.Dragonbyte-tech.com
Support is ONLY available @ our website, not via modification threads, Private Message or email.
Reply With Quote
  #84  
Old 15 Dec 2013, 18:39
final kaoss final kaoss is offline
 
Join Date: Apr 2006
There is a bit of a change I would make to this mod. Add an option to add IP to a blacklist (for 30 days or increments in months) for failed logins within x amount of time would be great.

Reply With Quote
  #85  
Old 23 Feb 2014, 01:50
Mukashi's Avatar
Mukashi Mukashi is offline
 
Join Date: Jan 2004
Real name: Liam Pomfret
Finally got around to upgrading to 1.1.1 today on vB4.2.1, and I'm having a very strange error. My users and staff (including moderators but not including admins) cannot access their notifications or profile pages. I had updated several other addons in the same session (all DB Tech addons: Advanced User Tagging, vB Arcade, Username Change and AJAX Threads), but we've confirmed the error did not crop up until after this addon was installed.
The error only happened after this addon was updated, but did not seem to vanish when the addon was disabled/uninstalled.

EDIT: Hmmmm. Looks like it may be an addon conflict with Tournaments, Ladders & Leagues Manager v4.x. Disabled that addon, and now it's working again. Don't know how the heck that error could stay there even when I'd disabled/uninstalled vBSecurity, but since it only cropped up after updating this...*shrugs*
__________________
Webmaster, Bulbagarden.net / Bulbapedia

Last edited by Mukashi; 23 Feb 2014 at 02:19.
Reply With Quote
  #86  
Old 23 Feb 2014, 05:27
ZUCCO's Avatar
ZUCCO ZUCCO is offline
 
Join Date: Feb 2009
Thank you ! I will try it
__________________
Take a look at my rank images

http://www.vbulletin.org/forum/showthread.php?t=305574
Reply With Quote
  #87  
Old 29 Jun 2014, 16:34
DragonByte Tech's Avatar
DragonByte Tech DragonByte Tech is offline
 
Join Date: Feb 2010
vBSecurity v1.1.2

ACP Access Log / Verifier
  • Triggers an email alert if the IP addresses no longer match
  • Sends email to the Webmaster Email listed in the vBulletin Options


Fillip
__________________
www.Dragonbyte-tech.com
Support is ONLY available @ our website, not via modification threads, Private Message or email.
Reply With Quote
  #88  
Old 23 Feb 2015, 09:44
woodmj woodmj is offline
 
Join Date: Sep 2013
Please could I check something with this mod?

There's 2 kinds of rules you can set up for failed login attempts. 1 is for any IP address in eg. 5 mins and the other is for 1 IP address in eg. 5 mins. I think I understand the alerts produced for 1 IP address in eg. 5 mins in that 1 IP address has made multiple attempts to access accounts and has failed? but was does the alert for any IP address in eg. 5 mins mean? It will mention a handful of usernames but only one IP so I'm not sure what the IP relates to in that situation?
Reply With Quote
  #89  
Old 24 Feb 2015, 15:11
neptunesys neptunesys is offline
 
Join Date: Jan 2013
So far, this has been a great mod to have. I wish I'd installed in sooner

I would like to see two improvements in the Login Strikes Viewer to make this even more useful.

1. Differentiate between bogus (non-existent) usernames and existing usernames
2. Indicate if the displayed IP address has been banned
Reply With Quote
  #90  
Old 24 Mar 2015, 17:43
409industries 409industries is offline
 
Join Date: Jan 2008
Awesome mod. Purchased the pro version.

Wish i had found this a long time ago to enforce password complexity requirements during registration / password changes.

Support is awesome too, they listened to some of my suggestions regarding the mass password reset feature and got the changes implemented very quickly. :-)
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Mod Options

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 13:03.

Layout Options | Width: Wide Color: