 |
|
|
Mod Options |
Password Security Tools Details »»
|
|||||||||
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Password Security Tools For vBulletin 3.7.0 and above -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Description -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- A product designed to combat the recent increase in weak password attacks by spammers. For background information, read the following threads: http://www.vbulletin.com/forum/showthread.php?t=278975 http://www.vbulletin.com/forum/showthread.php?t=281371 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- The Problem -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- The problem stems from the fact that vBulletin doesn't check the quality of a user's password when registering or changing the password in the User CP. As a result, users are able to choose easily guessable passwords to protect their account. The most common passwords are things like "password", "12345", "qwerty", "letmein", as well as the user's own username. On a large forum, these poorly protected accounts can number hundreds or even thousands, and this has shown itself to be a prime opportunity for spammers to exploit. With a relatively simple script, spammers are able to scrape the member list from your forum and automatically validate which of the accounts have such passwords. A spammer with access to tens, hundreds or thousands of legitimate user accounts is a situation you don't want to be in. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- What This Does -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This product has two main functions. 1. It prevents users from using their own username as a password, or any other commonly used word. (An editable list of banned passwords is available in the Admin CP.) The same rules apply if a user tries to change their password after registration. 2. It provides you with a tool to identify existing user accounts that have bad passwords, and lets you reset those passwords. Emails will be automatically dispatched to affected users notifying them of the change, and providing instructions on how to gain access to their account. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Installation -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- To install: 1. Upload cpnav_passrepair.xml to includes/xml/ 2. Upload passsec.php to admincp/ 3. Upload product-passrepair.xml to your Admin CP as a product 4. Enable the product in vBulletin Options -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Password Scanner - Usage Notes -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- The password scanning portion of this product is a utility designed for use by administrators. There are a few things to be aware of. 1. BACK UP YOUR DATA BEFORE USING THIS SCRIPT. 2. It's not a tool designed for frequent usage, it's a quick and dirty way of getting the job done. If Jelsoft don't address this issue, I might return to it and optimize the password scanner to make it a little less server intensive. Use it sparingly, and close your forums before commencing a scan. 3. The password scanner has the potential to send out a lot of email. Use the "Users Per Page" setting to process accounts at whatever rate you deem your server capable of handling. 4. After you've installed this product it'll be impossible for users to register using a blacklisted or invalid password (or to change it to one afterwards). As a result, you should only need to use the password scanner once. Feel free to remove the passsec.php and cpnav_passrepair.xml files from your server once you're done with the scanner, the rest of the product will still function. 5. For unattended bulk processing of accounts, there's some javascript in passsec.php that's currently commented out. Use it at your own risk. Download Now Only licensed members can download files, Click Here for more information. Show Your Support
|
|||||||||
About Developer
Visit Web Site
Supported
Is in Beta Stage|
Similar Mod
|
||||
| Mod | Developer | Type | Replies | Last Post |
| Password Security | Andreas | vBulletin 3.5 Add-ons | 41 | 31 Dec 2009 15:37 |
| Security Password for Admincp Hacks | AnhTuanCool | vBulletin 3.0 Beta Releases | 47 | 14 May 2007 06:55 |
| Comments |
|
#3
13 Aug 2008, 05:24
|
||||
|
||||
|
wow sound kool, thanks let me try
|
|
#4
13 Aug 2008, 06:18
|
|||
|
|||
|
Hi,
thanks a lot for sharing this. Should have already been released by Jelsoft IMHO, but this has been discussed in the threads you mentioned. Great job anyway. all the best, Sacha
|
|
#5
13 Aug 2008, 08:25
|
||||
|
||||
|
I just got the following error after running the script to update bad passwords, it happened as soon as it tried to attend to the first member in the list:
|
|
#6
13 Aug 2008, 08:56
|
||||
|
||||
|
Installed Thankyou
|
|
#7
13 Aug 2008, 12:26
|
|||
|
|||
|
Thank you, thank you, thank you! Too bad you had to do Jelsoft's job for them. They'll probably be using this hack too, or they should be.
|
|
#8
13 Aug 2008, 14:02
|
||||
|
||||
|
Originally Posted by GamerGirl27
Ah, missed a table prefix. Download the zip again, and overwrite passsec.php.
|
|
#9
13 Aug 2008, 15:08
|
|||
|
|||
|
Is there any reason this won't work on 3.6.0? I haven't upgraded my forum in a while (haven't got the time to redo all the plugins I've done again)!
__________________
Regards Steve Childs. mg-rover.org & xpowerforums.com Yes, I have a bit of an MG & Rover obession.:cross-eyed:
|
|
#10
13 Aug 2008, 15:17
|
||||
|
||||
|
Originally Posted by MGSteve
Try it on a test installation first. (You might have to edit the product XML file to remove the 3.7.0 vBulletin version dependency.) There's a good chance it'll work, although I haven't tested.
|
|
#11
13 Aug 2008, 15:20
|
|||
|
|||
|
Thanks for the quick reply, I'll give it a try!
You've got my vote for Mod Of The Month too....
__________________
Regards Steve Childs. mg-rover.org & xpowerforums.com Yes, I have a bit of an MG & Rover obession.:cross-eyed:
|
|
#12
13 Aug 2008, 16:56
|
||||
|
||||
|
Let me know how it goes, if it doesn't work I'll upload a 3.6.x version for you.
|
|
#13
13 Aug 2008, 17:16
|
|||
|
|||
|
Thanks very much for this! Thankfully I only had one user with an insecure password, but I'm sure there are more where that came from.
|
|
#14
13 Aug 2008, 17:35
|
|||
|
|||
|
Is there anyway this can be integrated with the Ajax registration modification???
http://www.vbulletin.org/forum/showthread.php?t=182005 Would be a great merger of 2 modifications that complement each other 
|
|
#15
13 Aug 2008, 18:02
|
||||
|
||||
|
Originally Posted by Hostboard
i agree with you
|
|
«
Previous Mod
|
Next Mod
»
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) |
| Mod Options | |
|
|
| New To Site? | Need Help? |
All times are GMT. The time now is 17:35.
