MyBB Community Forums
Admin CP Honeypot (Fake Admin CP) - Printable Version

+- MyBB Community Forums (https://community.mybb.com)
+-- Forum: Extensions (https://community.mybb.com/forum-201.html)
+--- Forum: Plugins (https://community.mybb.com/forum-73.html)
+---- Forum: Plugin Releases (https://community.mybb.com/forum-102.html)
+---- Thread: Admin CP Honeypot (Fake Admin CP) (/thread-94406.html)

Pages: 1 2 3 4 5

RE: Admin CP Honeypot (Fake Admin CP) - bitcoin - 2015-05-01

Got it working on MyBB 1.84 - great!

Though I noticed something strange... The IP addresses reported, are wrong. For example, this is my IP address according to the email received:
http://www.monitis.com/traceroute/index.jsp?url=141.101.104.226&testId=766880

I do *not* recognize this address... What could be going on? My forum is protected by CloudFlare, but that's about all I can imagine... Could it be CF? Or is something else going wrong? Smile

Devvie
twitter.com/devnullius
Oh, yes, it's CloudFlare Smile When I followed above link and went the Europe route (instead of USA), this is the last host found before reaching target...
cloudflare-ic-304618-adm-b4

So... Anything I can do to get the real IP addresses when CloudFlare is enabled...?

Peace!

Devvie

RE: Admin CP Honeypot (Fake Admin CP) - andrewjs18 - 2015-05-01

(2015-05-01, 09:27 AM)bitcoin Wrote: Got it working on MyBB 1.84 - great!

Though I noticed something strange... The IP addresses reported, are wrong. For example, this is my IP address according to the email received:
http://www.monitis.com/traceroute/index.jsp?url=141.101.104.226&testId=766880

I do *not* recognize this address... What could be going on? My forum is protected by CloudFlare, but that's about all I can imagine... Could it be CF? Or is something else going wrong? Smile

Devvie
twitter.com/devnullius

Oh, yes, it's CloudFlare Smile When I followed above link and went the Europe route (instead of USA), this is the last host found before reaching target...
cloudflare-ic-304618-adm-b4

So... Anything I can do to get the real IP addresses when CloudFlare is enabled...?

Peace!

Devvie

make sure you check YES for this option in the admin cp as well:


configuration>Board Settings>Server and Optimization Options>Scrutinize User's IP address?

RE: Admin CP Honeypot (Fake Admin CP) - bitcoin - 2015-05-01

Good tip, but it already was set to YES for Google SEO plugin... Though I had another CloudFlare problem (rewrite url to name of target page), so maybe something is going wrong there... Any ideas on how I can test the Scrutinize options...?
For testing, I just paused cloudflare and indeed, my real IP is shown... So something is failing there... :/

RE: Admin CP Honeypot (Fake Admin CP) - Destroy666 - 2015-05-01

This plugin doesn't consider the scrutinize setting and outputs the IP from one of the environment infos. You can open admin/index.php and change:
$ip = getenv("REMOTE_ADDR");
to:
$ip = get_ip();


RE: Admin CP Honeypot (Fake Admin CP) - bitcoin - 2015-05-01

Hello Destroy666 - good to see you once more Smile Hope you're well, gonna check your solution next! Thanks!!

Devvie
Spot on! Much gracias; "Rate" not working atm, but well deserved. All is working well now Smile

xx

RE: Admin CP Honeypot (Fake Admin CP) - Dyke - 2016-09-14

Is there anything similar that has the 1.8 design for the login, with the ACP?

RE: Admin CP Honeypot (Fake Admin CP) - numberek - 2016-12-11

shall work flawlessly on mybb 1.8 ??

RE: Admin CP Honeypot (Fake Admin CP) - laie_techie - 2016-12-13

(2016-12-11, 08:38 PM)numberek Wrote: shall work flawlessly on mybb 1.8 ??

You don't even really need to activate the plugin unless you want it to record login attempts. Of course, the login page looks like MyBB 1.6.

RE: Admin CP Honeypot (Fake Admin CP) - thelovelyone - 2016-12-13

(2016-12-11, 08:38 PM)numberek Wrote: shall work flawlessly on mybb 1.8 ??
It works flawless for me. Only thing, its still using the 1.6 admin login page style, so an attacker might recognize the fake admin cp if he is familiar with mybb.

But the plugin itself works, if you set the e-mail etc. on the plugin settings it'll send you a notification to the email you have given.


Updated styles to 1.8 style, download below


.zip   2806-1305501953-Admin CP Honeypot.zip (Size: 258 KB / Downloads: 179)

RE: Admin CP Honeypot (Fake Admin CP) - verspax - 2017-01-28

Admin directory updated and improved with the latest version 1.8.10 : admin directory can be now seen exactly as original by intruders.

What's changes?

- Missing files added (e.g. awaiting_activation.php)
- Obsolete files removed (e.g. version_check.php)
- 'jscripts' and 'styles' folders completely replaced by new
- root index.php updated (jQuery script link, date of Copyright...)

How to install? Just replace full admin directory by new. Replace index.php for french front-end mod (only front-end changes of login page).
If you've installed other mods, you will probably need to add files of them... Especially in modules/config and modules/tools directories (e.g. myalerts.php for the MyAlert mod).

Download updated 1.8.10 admin directory below


EDIT: Clear steps:
  1. Download and install normally the original mod Admin CP Honeypot (include outdated admin folder) following instructions on the first page.
  2. Once mod activated, delete the admin folder and copy the updated admin folder (for 1.8.10). It's not necessary to disable the mod before.
  3. Optional: install the french language pack (front-end mod), just replace admin/index.php file by new. You can easily modify index.php for other language... Wink