News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

Login Security

Started by SMFHacks.com Team, October 14, 2009, 02:20:27 PM

Previous topic - Next topic

SMFHacks.com Team

Link to the mod

Login Security

Major features receive email on failed login attempt, account login protection by ip address, and locking of an account after too many failed attempts.


Features:
-Email alerts on failed login attempts plus using the failed login attempt ip address finds any members on the forum using that ip address and lets the account owner know who it could be.
-Account lock protection after a certain number of tries the account can be locked for certain amount of time.
-Account lock protection. You are able to bind an account to an ip address or multiple ip addressed preventing people from logging into the account if they are not in the user's allowed ip addresses. Set via the user's profile.


Disclaimer: SMFHacks.com Team is not affiliated with the SMF Team or the SimpleMachines NPO.
SMFHacks.com -  Paid Modifications for SMF
Latest Mods:
Community Suite
Newsletter Pro SMF Gallery Pro SMF Classifieds SMF Store

edi67

CrazyZone - My SMF Forum


From the difficult the hardening of the man you can see

Sabre™

Indeed this is a very very nice mod!
Good job Mate :)

How can you change the "Send email on failed login attempt" to every 2 or 3?
Do NOT give admin and/or ftp details to just anybody, see if they are trust worthy first!!  Do your homework ;)


vbgamer45

Maybe  I can add that option.
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

Sabre™

Cheers mate, That'd be great :)
Do NOT give admin and/or ftp details to just anybody, see if they are trust worthy first!!  Do your homework ;)


Cal O'Shaw

Could a little more explanation of the various fields be provided?

vbgamer45

Which fields do you want to know more about?
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

Cal O'Shaw

On the Login Security Panel:

- Login attempt check time range in minutes
Is this the period in which if the number of login attempts exceeds the number in the field above (3 in this screenshot) they get locked out?

- Account locked retry minutes
Is this how long the account is locked?  Is anything displayed on the login screen informing the person they are locked out?

- Send email on failed login attempt
Is this a yes (1) or no (0) switch?  Or how many times before the email is sent?  Sent to whom?  The account owner or an Admin?

- Allow users to protect their account by ip address
Is this a yes (1) / no (0) field?

- Secure Login Link Expire time in minutes
What does that mean?


Sorry for all the questions.

Grazie,

Cal

vbgamer45

Login attempt check time range in minutes
1. Yes it is.

Account locked retry minutes
2. Yes it is. Yes they are alerted when they try to login that the account is locked.

- Send email on failed login attempt
3. This is yes or no if an email is sent. It is sent every time a login failed and is sent to the account owner.

4. Yes it is a checkbox.

5. Is if the account was locked/ or locked out by ip address they can request a secure login link that will allow them to override the lockouts and it is sent to the user's email address on file
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

Cal O'Shaw

Thank you.  Greatly appreciated.

Would you consider putting some of this info into the MOD description, and at least on the Yes/no questions indicating that they are yes/no, or make them checkboxes?  I thought the send email on failed login attempt was a counter as to how many times one could get it wrong before the email was sent, and would wait until the set number of failed login attempts occurred before sending.

Please excuse my inpertenance, as I don't know php as well as I should, but I was reading the parse and noticed in the update to LogInOut.php you have a '3' hard-coded:
Code (in first edit) Select
   // Been guessing a lot, haven't we?
   if (isset($_SESSION['failed_login']) && $_SESSION['failed_login'] >= $modSettings['failed_login_threshold'] * 3)





I think it's a very good MOD that adds some needed extra protection.  And I know that anything written these days for 1.1.x is really generous of you SMF experts, so I hope my questions are not taken as being a nuisance.

Grazie,

Cal

vbgamer45

Quote
if (isset($_SESSION['failed_login']) && $_SESSION['failed_login'] >= $modSettings['failed_login_threshold'] * 3)
That is part of SMF I just moved that code to make it better work with this mod


Updated the mod to support SMF 2.0
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

Smog

#11
I welcome all security related mods, and this mod definitive belong to the category 'security'.
Txs for this useful mod!  :)

vbgamer45

Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

Antes

Very very good protection :D +200 Armour to Forum ( Like an Epic Item :P )

This is Turkish translation ;)

// Begin Login Security Text Strings
$txt['ls_login_security'] = 'Giriş Güvenliği';
$txt['ls_invalid_ip'] = 'Giriş başarısız. Bu hesap IP adresi ile korunmaktadır. Eğer bu hesabın sahibi siz iseniz, hesabınıza gönderilecek olan <a href="%link">güvenli giriş linkini</a> oluşturun.';
$txt['ls_account_locked'] = 'Başarısız girişler sonucu hesap kilitlenmiştir. Bu hesap %min daha kilitli kalıcaktır. Eğer bu hesabın sahibi siz iseniz, durumu düzeltmek için hesabınıza gönderilecek olan <a href="%link">güvenli giriş linkini</a> oluşturun.';
$txt['ls_secure_email_subject'] = 'Güvenli Giriş Linki';
$txt['ls_secure_email_body'] = 'Merhaba, %name,
Hesabınız için güvenli giriş linki talep edildi.
Eğer bu linki siz talep ettiyseniz lütfen aşağıdaki linke tıklayarak hesabınıza giriş yapınız.

%link

Bu link %min dakika içinde geçersiz kalıcaktır.

İstekçi(lerin) IP adresi(leri): %ip';

$txt['ls_matched_members'] = 'Aynı IPde çakışan forum üyeleri:';

$txt['ls_failed_email_subject'] = 'Başarısız giriş teşebbüsü';
$txt['ls_failed_email_body'] = 'Merhaba, %name,

Hesabınıza yönelik başarısız giriş teşebbüsleri tespit ettik.

%membermatches

Hesabınıza yanlış giriş yapmaya çalışmış IPler: %ip';

// Settings
$txt['ls_securehash_expire_minutes'] = 'Güvenli Giriş Linklerinin bitiş süresi ( dakika )';
$txt['ls_allowed_login_attempts'] = 'İzin verilen giriş deneme sayısı';
$txt['ls_allowed_login_attempts_mins'] = 'Giriş teşebbüslerinin kontrol edileceği zaman aralığı ( dakika )';
$txt['ls_login_retry_minutes'] = 'Kilitlenmiş hesaplar için tekrar deneme süresi';
$txt['ls_allow_ip_security'] = 'Kullanıcıların hesaplarını IP adresleri ile korumalarına izin ver';
$txt['ls_send_mail_failed_login'] = 'Başarısız giriş teşebbüslerinde email yolla';

$txt['ls_current_ip_address'] = 'Şu anki IP Adresi: ';
$txt['ls_ip_address_protection'] = 'IP Adresi ile Hesap Koruma';
$txt['ls_ip_address_protection_note'] = 'Birden fazla IPye izin verebilirsiniz ( virgül ile ayırın )';

// END  Login Security Text Strings

vbgamer45

Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

Smog

Odd.. I can alter values into whatever I want, after saving the new values I always return to the ones as visible in attached image..

vbgamer45

Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro


vbgamer45

Quote from: Smog on October 17, 2009, 07:14:58 PM
Yep, SMF 2.0 RC1.2
Fixed redownload the latest version uninstall the old version first.
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

Smog

Installed v1.02 and the prob is now solved, txs.  :)
BTW, value of SMF Failed login threshold is 5, what value do you suggest for Number of allowed login attempts?


Advertisement: