2013-02-12, 06:26 PM
I need if someone access to my admin panel to receive an email notification....
how can I do?
how can I do?
2013-02-12, 06:36 PM
Have a look at Admin CP Honeypot, this plugin adds a fake Admin CP which emails you with login attempts. Read the install instructions carefully.
Note that you will need to rename your Admin CP Directory before uploading.
Note that you will need to rename your Admin CP Directory before uploading.
2013-02-12, 06:58 PM
(2013-02-12, 06:36 PM)JordanMussi Wrote: [ -> ]Have a look at Admin CP Honeypot, this plugin adds a fake Admin CP which emails you with login attempts. Read the install instructions carefully.
Note that you will need to rename your Admin CP Directory before uploading.
Thanks sir.
I'm already using this mod.
But I need to be notified if someone could come into my TRUE admin panel, how is it possible?
2013-02-12, 08:13 PM
+1 to Jordan's suggestion.
Honeypot works through obscurity security, it's a fun plugin.
Just use htaccess to block access to your admin folder from everyone but YOUR IP address... if you're on dynamic ip and it changes simply update the .htaccess file via ftp before logging in.
If there were a plugin like Better WP security (a Wordpress plugin) for MyBB that would solve all your concerns as it also allows time ranges for access to admin in conjunction to an IP whitelist.
Honeypot works through obscurity security, it's a fun plugin.
Just use htaccess to block access to your admin folder from everyone but YOUR IP address... if you're on dynamic ip and it changes simply update the .htaccess file via ftp before logging in.
If there were a plugin like Better WP security (a Wordpress plugin) for MyBB that would solve all your concerns as it also allows time ranges for access to admin in conjunction to an IP whitelist.
2013-02-12, 08:20 PM
If you leave me with that I might get time to see if I can make a plugin that will notify of access to the Admin CP.
Please let me know if you want the plugin.
But I believe it is best to use .htaccess (mentioned above).
You can juts look at your mybb_adminsessions table and see the uid of the admin Logging in.
Or do you want to be notified of only failed login attempts? If so there is the system in place of max login attempts.
Please let me know if you want the plugin.
But I believe it is best to use .htaccess (mentioned above).
You can juts look at your mybb_adminsessions table and see the uid of the admin Logging in.
Or do you want to be notified of only failed login attempts? If so there is the system in place of max login attempts.
2013-02-14, 12:21 PM
Just put this in your .htaccess file in your admin directory if it's not already there:
ErrorDocument 403 /"put your denied page here eg down.html without quotes"
<Limit GET POST PUT>
order allow,deny
allow from "Your IP here without quotes"
deny from all
</Limit>
2013-02-14, 09:34 PM
(2013-02-14, 12:21 PM)WebDevandPhoto Wrote: [ -> ]Just put this in your .htaccess file in your admin directory if it's not already there:
ErrorDocument 403 /"put your denied page here eg down.html without quotes" <Limit GET POST PUT> order allow,deny allow from "Your IP here without quotes" deny from all </Limit>
what happens if another admin logs trys to login from a different IP as the OP said he wants to log valid logins to the admincp and not disable all logins bar one from a specific IP address. (in my case your suggestion would be a real pain as my router reboots most nights and returns with a different IP)
I would guess writing a plugin that uses the
run_hooks("admin_load")2013-02-15, 10:44 AM
If your ISP gives you a new IP every time you reboot your router that's a problem with you ISP... but I can see how my solution wouldn't be practical for your situation.
However for other admins you just add their IPs to the white list... you can add a near unlimited amount of IPS to it like such:
OR you can enable a range of IPs
But if your admins always gets a fresh ip every day or week then.. damn.. imo that ISP sucks unless you're the type of person that wants to have a sense of anonymity while online and thinks getting a fresh IP from your ISP every week or day will do the trick.. well it doesn't because ISPs usually log everything so for real "anonymity" you should be using multiple proxies or VPS servers scattered around the globe. And no admin should be doing that to login to your site. Hence... .htaccess is quick, easy, and effective if you have a semi-stable IP or IP range from your ISP.
At least this provides an working option right now... instead of a plugin that doesn't publicly (seem to) exist yet right? if it exists please link it... cuz that would be helpful.
However for other admins you just add their IPs to the white list... you can add a near unlimited amount of IPS to it like such:
ErrorDocument 403 /"put your denied page here eg down.html without quotes"
<Limit GET POST PUT>
order allow,deny
allow from "Your IP here without quotes"
allow from "Your 2nd IP here without quotes"
allow from "Your 3rd IP here without quotes"
allow from "Your 4th IP here without quotes"
allow from "etc etc etc"
deny from all
</Limit>
OR you can enable a range of IPs
ErrorDocument 403 /"put your denied page here eg down.html without quotes"
<Limit GET POST PUT>
order allow,deny
allow from 10.5.3.3-10.5.3.40
deny from all
</Limit>
But if your admins always gets a fresh ip every day or week then.. damn.. imo that ISP sucks unless you're the type of person that wants to have a sense of anonymity while online and thinks getting a fresh IP from your ISP every week or day will do the trick.. well it doesn't because ISPs usually log everything so for real "anonymity" you should be using multiple proxies or VPS servers scattered around the globe. And no admin should be doing that to login to your site. Hence... .htaccess is quick, easy, and effective if you have a semi-stable IP or IP range from your ISP.
At least this provides an working option right now... instead of a plugin that doesn't publicly (seem to) exist yet right? if it exists please link it... cuz that would be helpful.