Advertisement:

Author Topic: Login Security  (Read 51071 times)

Offline SMFHacks.com Team

  • Full Member
  • ***
  • Posts: 433
    • smfhacks on Facebook
    • @smfhacks on Twitter
    • SMFHacks.com
Login Security
« on: October 14, 2009, 02:20:27 PM »
Link to Mod

Login Security

Major features receive email on failed login attempt, account login protection by ip address, and locking of an account after too many failed attempts.


Features:
-Email alerts on failed login attempts plus using the failed login attempt ip address finds any members on the forum using that ip address and lets the account owner know who it could be.
-Account lock protection after a certain number of tries the account can be locked for certain amount of time.
-Account lock protection. You are able to bind an account to an ip address or multiple ip addressed preventing people from logging into the account if they are not in the user's allowed ip addresses. Set via the user's profile.


« Last Edit: June 11, 2011, 09:29:14 PM by vbgamer45 »
Disclaimer: SMFHacks.com Team is not affiliated with the SMF Team or the SimpleMachines NPO.

http://ForumRankings.net - Get Forum Ranked!
SMFHacks.com -  Paid Modifications for SMF
Latest Mods:
Community Suite
Newsletter Pro SMF Gallery Pro SMF Classifieds SMF Store

Offline edi67

  • SMF Hero
  • ******
  • Posts: 1,532
  • Gender: Male
  • Italian Supporter
    • CrazyZone
Re: Login Security
« Reply #1 on: October 15, 2009, 06:52:32 PM »
very very nice
CrazyZone - My SMF Forum


From the difficult the hardening of the man you can see

Offline Sabre™

  • SMF Hero
  • ******
  • Posts: 2,527
  • Gender: Male
  • IF IT AINT BROKE, I CAN FIX IT TILL IT IS!!
Re: Login Security
« Reply #2 on: October 15, 2009, 07:05:28 PM »
Indeed this is a very very nice mod!
Good job Mate :)

How can you change the "Send email on failed login attempt" to every 2 or 3?
Do NOT give admin and/or ftp details to just anybody, see if they are trust worthy first!!  Do your homework ;)


Offline vbgamer45

  • Customizer
  • SMF Super Hero
  • *
  • Posts: 22,837
    • smfhacks on Facebook
    • VBGAMER45 on GitHub
    • @createaforum on Twitter
    • SMF For Free
Re: Login Security
« Reply #3 on: October 15, 2009, 07:33:54 PM »
Maybe  I can add that option.
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

Offline Sabre™

  • SMF Hero
  • ******
  • Posts: 2,527
  • Gender: Male
  • IF IT AINT BROKE, I CAN FIX IT TILL IT IS!!
Re: Login Security
« Reply #4 on: October 15, 2009, 09:22:16 PM »
Cheers mate, That'd be great :)
Do NOT give admin and/or ftp details to just anybody, see if they are trust worthy first!!  Do your homework ;)


Offline Cal O'Shaw

  • Full Member
  • ***
  • Posts: 444
  • SMF 1.1.14 & 2.0 Sites
Re: Login Security
« Reply #5 on: October 15, 2009, 09:25:02 PM »
Could a little more explanation of the various fields be provided?

Offline vbgamer45

  • Customizer
  • SMF Super Hero
  • *
  • Posts: 22,837
    • smfhacks on Facebook
    • VBGAMER45 on GitHub
    • @createaforum on Twitter
    • SMF For Free
Re: Login Security
« Reply #6 on: October 15, 2009, 09:45:30 PM »
Which fields do you want to know more about?
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

Offline Cal O'Shaw

  • Full Member
  • ***
  • Posts: 444
  • SMF 1.1.14 & 2.0 Sites
Re: Login Security
« Reply #7 on: October 15, 2009, 09:55:55 PM »
On the Login Security Panel:

- Login attempt check time range in minutes
Is this the period in which if the number of login attempts exceeds the number in the field above (3 in this screenshot) they get locked out?

- Account locked retry minutes
Is this how long the account is locked?  Is anything displayed on the login screen informing the person they are locked out?

- Send email on failed login attempt
Is this a yes (1) or no (0) switch?  Or how many times before the email is sent?  Sent to whom?  The account owner or an Admin?

- Allow users to protect their account by ip address
Is this a yes (1) / no (0) field?

- Secure Login Link Expire time in minutes
What does that mean?


Sorry for all the questions.

Grazie,

Cal

Offline vbgamer45

  • Customizer
  • SMF Super Hero
  • *
  • Posts: 22,837
    • smfhacks on Facebook
    • VBGAMER45 on GitHub
    • @createaforum on Twitter
    • SMF For Free
Re: Login Security
« Reply #8 on: October 15, 2009, 10:17:42 PM »
Login attempt check time range in minutes
1. Yes it is.

Account locked retry minutes
2. Yes it is. Yes they are alerted when they try to login that the account is locked.

- Send email on failed login attempt
3. This is yes or no if an email is sent. It is sent every time a login failed and is sent to the account owner.

4. Yes it is a checkbox.

5. Is if the account was locked/ or locked out by ip address they can request a secure login link that will allow them to override the lockouts and it is sent to the user's email address on file
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

Offline Cal O'Shaw

  • Full Member
  • ***
  • Posts: 444
  • SMF 1.1.14 & 2.0 Sites
Re: Login Security
« Reply #9 on: October 16, 2009, 01:06:01 AM »
Thank you.  Greatly appreciated.

Would you consider putting some of this info into the MOD description, and at least on the Yes/no questions indicating that they are yes/no, or make them checkboxes?  I thought the send email on failed login attempt was a counter as to how many times one could get it wrong before the email was sent, and would wait until the set number of failed login attempts occurred before sending.

Please excuse my inpertenance, as I don't know php as well as I should, but I was reading the parse and noticed in the update to LogInOut.php you have a '3' hard-coded:
Code: (in first edit) [Select]
   // Been guessing a lot, haven't we?
   if (isset($_SESSION['failed_login']) && $_SESSION['failed_login'] >= $modSettings['failed_login_threshold'] * 3)




I think it's a very good MOD that adds some needed extra protection.  And I know that anything written these days for 1.1.x is really generous of you SMF experts, so I hope my questions are not taken as being a nuisance.

Grazie,

Cal

Offline vbgamer45

  • Customizer
  • SMF Super Hero
  • *
  • Posts: 22,837
    • smfhacks on Facebook
    • VBGAMER45 on GitHub
    • @createaforum on Twitter
    • SMF For Free
Re: Login Security now with SMF 2.0 support!
« Reply #10 on: October 17, 2009, 11:15:32 AM »
Quote
if (isset($_SESSION['failed_login']) && $_SESSION['failed_login'] >= $modSettings['failed_login_threshold'] * 3)
That is part of SMF I just moved that code to make it better work with this mod


Updated the mod to support SMF 2.0
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

Offline Smog

  • Jr. Member
  • **
  • Posts: 149
  • veritas odium parit
    • Smokey's Security Forums
Re: Login Security now with SMF 2.0 support!
« Reply #11 on: October 17, 2009, 03:12:16 PM »
I welcome all security related mods, and this mod definitive belong to the category 'security'.
Txs for this useful mod!  :)

Offline vbgamer45

  • Customizer
  • SMF Super Hero
  • *
  • Posts: 22,837
    • smfhacks on Facebook
    • VBGAMER45 on GitHub
    • @createaforum on Twitter
    • SMF For Free
Re: Login Security now with SMF 2.0 support!
« Reply #12 on: October 17, 2009, 03:56:34 PM »
No problem glad you enjoy it.
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

Offline Antes

  • Evil Black Cat
  • SMF Friend
  • SMF Hero
  • *
  • Posts: 9,111
  • Gender: Male
  • Black cat rulz!
    • XinYenFon on GitHub
    • merta on LinkedIn
    • @XinYenFon on Twitter
    • wowsnips
Re: Login Security now with SMF 2.0 support!
« Reply #13 on: October 17, 2009, 04:21:57 PM »
Very very good protection :D +200 Armour to Forum ( Like an Epic Item :P )

This is Turkish translation ;)

Code: [Select]
// Begin Login Security Text Strings
$txt['ls_login_security'] = 'Giriş Güvenliği';
$txt['ls_invalid_ip'] = 'Giriş başarısız. Bu hesap IP adresi ile korunmaktadır. Eğer bu hesabın sahibi siz iseniz, hesabınıza gönderilecek olan <a href="%link">güvenli giriş linkini</a> oluşturun.';
$txt['ls_account_locked'] = 'Başarısız girişler sonucu hesap kilitlenmiştir. Bu hesap %min daha kilitli kalıcaktır. Eğer bu hesabın sahibi siz iseniz, durumu düzeltmek için hesabınıza gönderilecek olan <a href="%link">güvenli giriş linkini</a> oluşturun.';
$txt['ls_secure_email_subject'] = 'Güvenli Giriş Linki';
$txt['ls_secure_email_body'] = 'Merhaba, %name,
Hesabınız için güvenli giriş linki talep edildi.
Eğer bu linki siz talep ettiyseniz lütfen aşağıdaki linke tıklayarak hesabınıza giriş yapınız.

%link

Bu link %min dakika içinde geçersiz kalıcaktır.

İstekçi(lerin) IP adresi(leri): %ip';

$txt['ls_matched_members'] = 'Aynı IPde çakışan forum üyeleri:';

$txt['ls_failed_email_subject'] = 'Başarısız giriş teşebbüsü';
$txt['ls_failed_email_body'] = 'Merhaba, %name,

Hesabınıza yönelik başarısız giriş teşebbüsleri tespit ettik.

%membermatches

Hesabınıza yanlış giriş yapmaya çalışmış IPler: %ip';

// Settings
$txt['ls_securehash_expire_minutes'] = 'Güvenli Giriş Linklerinin bitiş süresi ( dakika )';
$txt['ls_allowed_login_attempts'] = 'İzin verilen giriş deneme sayısı';
$txt['ls_allowed_login_attempts_mins'] = 'Giriş teşebbüslerinin kontrol edileceği zaman aralığı ( dakika )';
$txt['ls_login_retry_minutes'] = 'Kilitlenmiş hesaplar için tekrar deneme süresi';
$txt['ls_allow_ip_security'] = 'Kullanıcıların hesaplarını IP adresleri ile korumalarına izin ver';
$txt['ls_send_mail_failed_login'] = 'Başarısız giriş teşebbüslerinde email yolla';

$txt['ls_current_ip_address'] = 'Şu anki IP Adresi: ';
$txt['ls_ip_address_protection'] = 'IP Adresi ile Hesap Koruma';
$txt['ls_ip_address_protection_note'] = 'Birden fazla IPye izin verebilirsiniz ( virgül ile ayırın )';

// END  Login Security Text Strings
You can support me via Twitch Prime* or Patreon.

SMF Coding & Talks

* Twitch prime is an extra perk of your amazon prime subscription -no extra payment required-.

Offline vbgamer45

  • Customizer
  • SMF Super Hero
  • *
  • Posts: 22,837
    • smfhacks on Facebook
    • VBGAMER45 on GitHub
    • @createaforum on Twitter
    • SMF For Free
Re: Login Security now with SMF 2.0 support!
« Reply #14 on: October 17, 2009, 04:31:24 PM »
Thanks for the translation!
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

Offline Smog

  • Jr. Member
  • **
  • Posts: 149
  • veritas odium parit
    • Smokey's Security Forums
Re: Login Security now with SMF 2.0 support!
« Reply #15 on: October 17, 2009, 06:10:27 PM »
Odd.. I can alter values into whatever I want, after saving the new values I always return to the ones as visible in attached image..

Offline vbgamer45

  • Customizer
  • SMF Super Hero
  • *
  • Posts: 22,837
    • smfhacks on Facebook
    • VBGAMER45 on GitHub
    • @createaforum on Twitter
    • SMF For Free
Re: Login Security now with SMF 2.0 support!
« Reply #16 on: October 17, 2009, 07:12:27 PM »
Is that for SMF 2.0?
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro


Offline vbgamer45

  • Customizer
  • SMF Super Hero
  • *
  • Posts: 22,837
    • smfhacks on Facebook
    • VBGAMER45 on GitHub
    • @createaforum on Twitter
    • SMF For Free
Re: Login Security now with SMF 2.0 support!
« Reply #18 on: October 17, 2009, 07:51:44 PM »
Yep, SMF 2.0 RC1.2
Fixed redownload the latest version uninstall the old version first.
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

Offline Smog

  • Jr. Member
  • **
  • Posts: 149
  • veritas odium parit
    • Smokey's Security Forums
Re: Login Security now with SMF 2.0 support!
« Reply #19 on: October 17, 2009, 08:01:32 PM »
Installed v1.02 and the prob is now solved, txs.  :)
BTW, value of SMF Failed login threshold is 5, what value do you suggest for Number of allowed login attempts?