2023-08-11, 02:29 PM
2023-08-13, 09:09 PM
Are you talking about the MyBB software administrator panel? Because 2FA is not built into MyBB by default.
2023-08-14, 10:43 AM
(2023-08-13, 09:09 PM)Taylor M Wrote: [ -> ]Are you talking about the MyBB software administrator panel? Because 2FA is not built into MyBB by default.
Yes Admin Panel but now I have enabled the 2FA. But seems like I still got the same email yesterday email.
2023-08-14, 11:24 AM
Does this record an IP address of whoever is trying to get in? If so block the IP.
2023-08-14, 12:04 PM
(2023-08-14, 11:24 AM)Taylor M Wrote: [ -> ]Does this record an IP address of whoever is trying to get in? If so block the IP.
Not sure because I only receive the email.
2023-08-15, 04:17 PM
You could try a plugin like Security Log to log the IP address of the person trying to make their way in if you want to track down the IP and see if its a member trying to do this.
Alternatively you could try out the Admin CP Honeyspot plugin.
Quote:Logs all failed attempts to log into an account.
Alternatively you could try out the Admin CP Honeyspot plugin.
Quote:The MyBB Admin CP Honeypot is a fake /admin/ directory that looks and acts just like the real thing. The difference? It doesn't actually "work".
Attackers will be faced with an eternal "Wrong username/password" error and will hopefully get discouraged. In addition, the login details that they use in addition to their IP address will be emailed to you, so you can take appropriate action against them.
2023-08-15, 04:20 PM
Another way is to simply change the admin/ directory to a random name
2023-08-15, 04:51 PM
(2023-08-15, 04:20 PM)Crazycat Wrote: [ -> ]Another way is to simply change the admin/ directory to a random name
Also a good option. Details can be found here from the MyBB Security Guide.
2023-08-16, 03:37 PM
(2023-08-15, 04:17 PM)Taylor M Wrote: [ -> ]You could try a plugin like Security Log to log the IP address of the person trying to make their way in if you want to track down the IP and see if its a member trying to do this.
Quote:Logs all failed attempts to log into an account.
Alternatively you could try out the Admin CP Honeyspot plugin.
Quote:The MyBB Admin CP Honeypot is a fake /admin/ directory that looks and acts just like the real thing. The difference? It doesn't actually "work".
Attackers will be faced with an eternal "Wrong username/password" error and will hopefully get discouraged. In addition, the login details that they use in addition to their IP address will be emailed to you, so you can take appropriate action against them.
I will use the Security Log plugin as it looks good.