@vrijvlinder said:
This plugin works really good. I had 27 attempts to sign in using admin and administrator as user name in one of my test forums. Unbelievable !!
thanks for the feedback V.
if the user trying to login as admin is using the same ip repetitively. it might be worth posting a list of the ips of people trying to hack into site could be compiled.
But it would require lots of users of the forum to participate (but we know how that is, unless someone has a problem it is rare they will share information except for a select few people - unfortunate but true).
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
Hhm, maybe they Vanilla core team is interested to integrate a "SEND to Vanilla" button and collect sent in information collectivly in a database to process further in a "clouded" security plugin? Admins could so send the information of your plugin and "Ban List" to process this further.
VanillaAPP | iOS & Android App for Vanilla - White label app for Vanilla Forums OS
VanillaSkins | Plugins, Themes, Graphics and Custom Development for Vanilla
Seems like something that would be implemented on the hosted version rather than the OS version. It would require a public facing API to transmit the data from the OS version. This could cause potential security issues and be a headache to maintain, imo.
I think if we create a new Category called Report-IP Here , and use it only to post IP from Bots or Spammers that would be a step in the right direction for building a database of these rogue IP.
what was that old database adage or coding adage about something going in and coming out.
well - this will probably fall to the wayside. what's so hard too just post ips of people who are definitely abusing the signin by entering admin and trying to brute force their way into the site.
all you gotta do is add the ips in a discussion -doesn't need to be an api or a category. but what it really takes is data. But waiting to develop some api would be a great way to make nothing happen as far as a list to help now.
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
@peregrine Here is a wiki page the community can add known bad IP addresses. Someone could even write up a little tutorial about what to do with the list.
@hgtonight said:
peregrine Here is a wiki page the community can add known bad IP addresses. Someone could even write up a little tutorial about what to do with the list.
It could be good bots based on title. perhaps a title of "know ip's of targeting Vanilla signin and trying to break in." or a better worded title than the one I suggested but with the same meaning. Then people could add the list
I see everyone who Logs in has a repeated, so i logged out and logged in with no problem but the the sign in Log says all have repeated. some i don't recognise as member but most are regular members.
Repeated Attempt 20140114, 9:50 am America/New_York DAFFY 183.89.167.169
Repeated Attempt 20140114, 9:54 am America/New_York doralynnjgs020@hotmail.com 66.248.194.200
Repeated Attempt 20140114, 11:54 am America/New_York jeffrey.sinyard.siam@gmail.com 67.5.223.154
Repeated Attempt 20140114, 12:09 pm America/New_York Dorenabcm528@hotmail.com 173.213.79.155
Repeated Attempt 20140114, 11:06 pm America/New_York denis 101.51.168.168
Repeated Attempt 20140114, 11:06 pm America/New_York deniss 101.51.168.168
Is this how it's supposed to be? I'm i missing something?
you might want to remove the above email addresses.
It is not a good idea to post valid non-spammer email addresses in these threads otherwise spammers will have a field day. maybe a moderator will remove them. It also kind of takes away some privacy that might be desired.
theoretically it only logs if you enter wrong password or name in upon sigin login and it asks you to sign in again.
If you login correctly, it should not log anything.
I'll wait till someone has problem to see if it is a common issue. anyone else seeing the same issues as DenisS
do you sign in the normal way or do you use some type of jsconnect or other type of signin.
as an aside:
also in your default.php - you could change around line 121
date_default_timezone_set('America/New_York');
to and it would reflect Bangkok time not New york time.
date_default_timezone_set('Asia/Bangkok');
The last post you see log-in names and the email addresses you see most probably spammers. As they never became members or i deleted them straight away.
I have just tried all my own ID's and with only one login attempt and it lists as Repeated Attempt. I'm using the VF log-in in the normal way. ver 2 0 18 08
Repeated Attempt 20140117, 5:24 am America/New_York admin 101.51.176.7
Repeated Attempt 20140117, 5:25 am America/New_York news 101.51.176.7
Repeated Attempt 20140117, 5:25 am America/New_York deniss 101.51.176.7
I'll alter PHP later I'm just on my way out. Thanks for coming back.
@DenisS said:
The last post you see log-in names and the email addresses you see most probably spammers. As they never became members or i deleted them straight away.
I have just tried all my own ID's and with only one login attempt and it lists as Repeated Attempt. I'm using the VF log-in in the normal way. ver 2 0 18 08
Repeated Attempt 20140117, 5:24 am America/New_York admin 101.51.176.7
Repeated Attempt 20140117, 5:25 am America/New_York news 101.51.176.7
Repeated Attempt 20140117, 5:25 am America/New_York deniss 101.51.176.7
I'll alter PHP later I'm just on my way out. Thanks for coming back.
I didn't notice this problem in my testing. so either it is some kind of edge effect on your setup. Or it happens to lots of folks. So, I am stumped why you experience this until other user can report whether they experience the same problem as you, and there may be a common issue, that I am not aware of.
So, in essence, I can't help until other users provide feedback (either it works correctly, or incorrectly logs repeated attempts when there is none). And you know how that is
However, the main use of this plugin is not for the one or two repeated attempts. But a series of lots of repeated attempts within a short time frame.
e.g. if you see 20 repeated attempts in an hour for admin or your screenname deniss and you know it wasn't you, it indicates someone is trying to break into your site.
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
it does indeed log all signin attempts even if successful, i thought I had solved that. if someone has a better idea how to change the program logic to restrict to only unsuccessful logins. please pm me.
what I can do until the problem is solved is change the plugin to only log attempts at admin, or root, and optional screen names in the next version update.
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
so here is a change to the plugin, which i think is better anyway.
in default.php around line 132
this will log only attempts successful and unsuccessful by usernames
admin, root or deniss
add the lines array('root', 'admin','deniss')
$keeptrack = array('root', 'admin','deniss');
if (!in_array($loginat, $keeptrack)) $loginat = "";
e.g.
change
if ($loginat) {
to
// enter all names in keeptrack array in lowercase
$keeptrack = array('root', 'admin','deniss');
if (!in_array(strtolower($loginat), $keeptrack)) $loginat = "";
if ($loginat) {
if you want to keeptrack of additional names
lets say you want to keep track of root admin joe bob and deniss
That is what is odd, they used the email as user name , some had no name ... makes me think it was bots
By the way I noticed something very odd, but it may be my problem not the plugin since it only does that in one other forum I tested. The views are rendering the custom.css instead of the admin.css or customadmin.css
I tried disabling the adminthemeswitcher to see if that fixed it but it did not. It is showing the page fine however the custom.css is what it looks like. Like the front end of my forum.
I also tried adding $Sender->MasterView = 'admin'; but it did not change anything.... very odd
Comments
that is a good idea. i'll go testing the coming week. thanx @peregrine for our ideas.
This plugin works really good. I had 27 attempts to sign in using admin and administrator as user name in one of my test forums. Unbelievable !!
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
thanks for the feedback V.
if the user trying to login as admin is using the same ip repetitively. it might be worth posting a list of the ips of people trying to hack into site could be compiled.
But it would require lots of users of the forum to participate (but we know how that is, unless someone has a problem it is rare they will share information except for a select few people - unfortunate but true).
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
Hhm, maybe they Vanilla core team is interested to integrate a "SEND to Vanilla" button and collect sent in information collectivly in a database to process further in a "clouded" security plugin? Admins could so send the information of your plugin and "Ban List" to process this further.
Seems like something that would be implemented on the hosted version rather than the OS version. It would require a public facing API to transmit the data from the OS version. This could cause potential security issues and be a headache to maintain, imo.
Not saying we can't do it of course
Search first
Check out the Documentation! We are always looking for new content and pull requests.
Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.
I think if we create a new Category called Report-IP Here , and use it only to post IP from Bots or Spammers that would be a step in the right direction for building a database of these rogue IP.
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
@hgtonight: There is already one public facing API in every OS installation. The statistics or?
Maybe we can also put together a "standard" ban list in your Vanilla Wiki from the spammers we have collected already.
what was that old database adage or coding adage about something going in and coming out.
well - this will probably fall to the wayside. what's so hard too just post ips of people who are definitely abusing the signin by entering admin and trying to brute force their way into the site.
all you gotta do is add the ips in a discussion -doesn't need to be an api or a category. but what it really takes is data. But waiting to develop some api would be a great way to make nothing happen as far as a list to help now.
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
Excellent work. I'll send you a donation when I get money.
@peregrine Here is a wiki page the community can add known bad IP addresses. Someone could even write up a little tutorial about what to do with the list.
Search first
Check out the Documentation! We are always looking for new content and pull requests.
Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.
It could be good bots based on title. perhaps a title of "know ip's of targeting Vanilla signin and trying to break in." or a better worded title than the one I suggested but with the same meaning. Then people could add the list
to the http://vanillaforums.org/addon/registrationrestrictlogger-plugin
http://vanillaforums.org/addon/1188/sign-logger
and probably some other plugins that I am not aware of.
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
I see everyone who Logs in has a repeated, so i logged out and logged in with no problem but the the sign in Log says all have repeated. some i don't recognise as member but most are regular members.
Repeated Attempt 20140114, 9:50 am America/New_York DAFFY 183.89.167.169
Repeated Attempt 20140114, 9:54 am America/New_York doralynnjgs020@hotmail.com 66.248.194.200
Repeated Attempt 20140114, 11:54 am America/New_York jeffrey.sinyard.siam@gmail.com 67.5.223.154
Repeated Attempt 20140114, 12:09 pm America/New_York Dorenabcm528@hotmail.com 173.213.79.155
Repeated Attempt 20140114, 11:06 pm America/New_York denis 101.51.168.168
Repeated Attempt 20140114, 11:06 pm America/New_York deniss 101.51.168.168
Is this how it's supposed to be? I'm i missing something?
@DenisS
you might want to remove the above email addresses.
It is not a good idea to post valid non-spammer email addresses in these threads otherwise spammers will have a field day. maybe a moderator will remove them. It also kind of takes away some privacy that might be desired.
theoretically it only logs if you enter wrong password or name in upon sigin login and it asks you to sign in again.
If you login correctly, it should not log anything.
I'll wait till someone has problem to see if it is a common issue. anyone else seeing the same issues as DenisS
do you sign in the normal way or do you use some type of jsconnect or other type of signin.
as an aside:
also in your default.php - you could change around line 121
for others: http://www.php.net/manual/en/timezones.asia.php
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
The last post you see log-in names and the email addresses you see most probably spammers. As they never became members or i deleted them straight away.
I have just tried all my own ID's and with only one login attempt and it lists as Repeated Attempt. I'm using the VF log-in in the normal way. ver 2 0 18 08
Repeated Attempt 20140117, 5:24 am America/New_York admin 101.51.176.7
Repeated Attempt 20140117, 5:25 am America/New_York news 101.51.176.7
Repeated Attempt 20140117, 5:25 am America/New_York deniss 101.51.176.7
I'll alter PHP later I'm just on my way out. Thanks for coming back.
I didn't notice this problem in my testing. so either it is some kind of edge effect on your setup. Or it happens to lots of folks. So, I am stumped why you experience this until other user can report whether they experience the same problem as you, and there may be a common issue, that I am not aware of.
So, in essence, I can't help until other users provide feedback (either it works correctly, or incorrectly logs repeated attempts when there is none). And you know how that is
However, the main use of this plugin is not for the one or two repeated attempts. But a series of lots of repeated attempts within a short time frame.
e.g. if you see 20 repeated attempts in an hour for admin or your screenname deniss and you know it wasn't you, it indicates someone is trying to break into your site.
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
Actually, now I see your issue. @DenisS
it does indeed log all signin attempts even if successful, i thought I had solved that. if someone has a better idea how to change the program logic to restrict to only unsuccessful logins. please pm me.
what I can do until the problem is solved is change the plugin to only log attempts at admin, or root, and optional screen names in the next version update.
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
@DenisS
so here is a change to the plugin, which i think is better anyway.
in default.php around line 132
this will log only attempts successful and unsuccessful by usernames
admin, root or deniss
add the lines array('root', 'admin','deniss')
$keeptrack = array('root', 'admin','deniss');
if (!in_array($loginat, $keeptrack)) $loginat = "";
e.g.
change
if you want to keeptrack of additional names
lets say you want to keep track of root admin joe bob and deniss
just add the names in lowercase to
$keeptrack = array('root', 'admin','deniss','joe','bob');
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
here I am adding some IP from repeated attempted break ins into my website.All from gmail accounts.
190.81.197.22
23.238.207.170
27.153.250.111
110.89.9.249
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
are they trying with admin username?
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
That is what is odd, they used the email as user name , some had no name ... makes me think it was bots
By the way I noticed something very odd, but it may be my problem not the plugin since it only does that in one other forum I tested. The views are rendering the custom.css instead of the admin.css or customadmin.css
I tried disabling the adminthemeswitcher to see if that fixed it but it did not. It is showing the page fine however the custom.css is what it looks like. Like the front end of my forum.
I also tried adding $Sender->MasterView = 'admin'; but it did not change anything.... very odd
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌