2009-08-09, 01:19 AM
I just made one undetectable and it will has a setting to allow automatic banning the IP. I was thinking of doing this before anyways. I won't release it though.
2009-08-09, 01:19 AM
2009-08-09, 04:03 AM
nice idea for security reason.
this script will collect IP Address form someone who try to login.
But, if possible Zash. It's Better to include with email notification, The "username" (if exist) read from MyBB session. So, Administrator can see (easily) that "damn" user want to try (or curious) login into admin panel
Nice idea..
THis screenshot for email send.
this script will collect IP Address form someone who try to login.
But, if possible Zash. It's Better to include with email notification, The "username" (if exist) read from MyBB session. So, Administrator can see (easily) that "damn" user want to try (or curious) login into admin panel
Nice idea..
THis screenshot for email send.
Quote:####################################################
THIS IS AN AUTOMATED EMAIL - DO NOT RESPOND
####################################################
Somebody just attempted to login to your fake MyBB Admin CP. The person's login details and IP address were recorded:
Username: admin
Password: admin
IP Address: xxx.xxx.xxx.xxx
If this is not the first login attempt from the above IP address, it is recommend that you ban it from accessing your forums.
2009-08-09, 12:16 PM
(2009-08-09, 01:19 AM)labrocca Wrote: [ -> ]I just made one undetectable and it will has a setting to allow automatic banning the IP. I was thinking of doing this before anyways. I won't release it though.
Hey bro am ready to pay if its custom
2009-08-09, 08:38 PM
(2009-08-09, 04:03 AM)FBI Wrote: [ -> ]But, if possible Zash. It's Better to include with email notification, The "username" (if exist) read from MyBB session. So, Administrator can see (easily) that "damn" user want to try (or curious) login into admin panelThat's not a bad idea. For now, just do a simple IP search on your forums
2009-08-10, 09:26 AM
Right Zash, thats not a bad idea
But, in my country. mostly visitor connect internet using Dynamic IP address.
We have many ISP (Internet Service Provider) which provide dynamic IP for personal (home) user and static IP for corporate (big company user). And sometimes (many) different user using same IP address (even in 1 of 100 IP listed)
So, without username attached to email. It's difficult to find the original (first) person who try to login from fake admin. Do you understand what I mean?
But, in my country. mostly visitor connect internet using Dynamic IP address.
We have many ISP (Internet Service Provider) which provide dynamic IP for personal (home) user and static IP for corporate (big company user). And sometimes (many) different user using same IP address (even in 1 of 100 IP listed)
So, without username attached to email. It's difficult to find the original (first) person who try to login from fake admin. Do you understand what I mean?
2009-08-10, 12:53 PM
2009-08-20, 06:56 PM
2009-08-23, 03:37 AM
(2009-08-09, 12:16 PM)kan3 Wrote: [ -> ](2009-08-09, 01:19 AM)labrocca Wrote: [ -> ]I just made one undetectable and it will has a setting to allow automatic banning the IP. I was thinking of doing this before anyways. I won't release it though.
Hey bro am ready to pay if its custom
You do know it would take a few lines of basic PHP to ban them, right? Unless labrocca has some super sexy solution, it would be a waste of money (no offense).
It should be noted that your method of sanitizing the username and password only works with PHP 5.2+. Any decent host will have this version, but just in case your still running PHP 4, you'll get errors.
2009-08-23, 02:49 PM
2009-09-13, 04:48 PM