[DBTech] DragonByte Security

[DBTech] DragonByte Security 4.0.1

No permission to buy ($24.95)
Change: Improved performance by implementing phrase caching
Change: Back-end changes to make pages, error messages and redirects more compliant with XenForo standards
Fix: Setting password expiry to Unlimited could result in a password changing loop in certain circumstances
Change: Added caching for templates that are loaded via template hooks
  • Like
Reactions: Dadparvar
New Features:

Email Recovery Criteria: Paid Subscription Transaction ID
  • Users who can provide a valid paid subscription / user upgade transaction ID will by default receive a very high score, letting their recovery pass through
  • Score can be configured in the AdminCP

Email Recovery Criteria: Region
  • If the user's current IP is in the same region (e.g. state within the USA), a positive score can be applied to their request
  • Score can be configured in the AdminCP
  • Like
Reactions: Alpha1
New Features:

Email Recovery
  • Users who have forgotten or lost access to their email accounts can recover access to their account and change their email address via a page similar to "Lost Password"
  • Requires you to fill out an email address to receive these reports in the Options for this mod (receives separate emails for successful and unsuccessful email recovery attempts)
  • Adds itself next to every "Lost Password" link
  • Configurable scoring criteria to judge how likely it is that this person's request is legitimate
  • Browsable logs of all email recovery attempts and their outcomes
  • Like
Reactions: HappyWorld
Bug Fixes:
  • Fixed a couple of cases where a "Invalid class" error could be displayed
  • Attempting to log in with an incorrect username / email will no longer cause a server error
  • Resolved multiple issues with the "Compromised Account Alert" feature
  • Resolved an issue where using the "Admin Unlock" action would generate an email to administrators with incorrect language
Changed Features:

Password Reset
  • The created password is now based on the user’s password rule requirements
  • The Mass Password Reset action now creates a random password based on the user’s password rule requirements
  • Like
Reactions: HappyWorld
New Features:

Search IP Addresses: Find Potential Intruder IP Addresses
  • Displays a list of IP addresses who have failed to login to valid member accounts more than once
  • Also displays any successful logins from these IP addresses

Country Blocking
  • You can now block any country from your forum easily by selecting the country via the new AdminCP page
  • Uses XenForo's IP Ban system to ban the IP ranges assigned to each country

Browser Fingerprinting
  • You can enable browser fingerprinting and have this logged alongside a member's user ID and IP address
  • Used in two new security watchers
  • Defaults to off

Security Watcher: New Device Fingerprints (Member Accounts)
  • Triggers when a member's account is accessed from a new fingerprint
  • Allows locking the member's account asking them to unlock it
  • Has the same options as "Failed Logins" security watcher

Security Watcher: New Device Fingerprints (Staff Accounts)
  • Triggers when a staff member's account is accessed from a new fingerprint
  • Allows locking the staff member's account asking them to unlock it
  • Allows locking the staff member's account asking admins to unlock it
  • Has the same options as "Failed Staff Logins" security watcher

Security Watcher: New Device Fingerprints (Staff Accounts)
  • Triggers when a staff member's account is accessed from a new fingerprint
  • Allows locking the staff member's account asking them to unlock it
  • Allows locking the staff member's account asking admins to unlock it
  • Has the same options as "Failed Staff Logins" security watcher

Fingerprint Log Viewer
  • Browsable log of all fingerprints
  • Filtering / Sorting options

Changed Features:
  • When a user is deleted, all relevant data is now also deleted to prevent broken displays and errors
  • "Failed Logins" watcher can now ban the user in question
  • "Failed Staff Logins" watcher can now email the user in question

Bug Fixes:
  • Two event listeners for DragonByte Credits were inadvertently left in this product
  • The Config Tamper action could cause a PHP error when triggered
  • The email sent when a potentially compromised account is detected would not have the correct contents
  • The Password Change action would not respect the "last active threshold" choice
  • The "Password Rules" checkboxes would not update if the user pasted their password via the right click menu
  • Browsing to the second page of any log view that was limited by date would disregard the date limitations
  • Like
Reactions: HappyWorld
New Features:

Compromised Account Lock
  • Ability to lock an account if it's detected as compromised
  • Prevents any action on the forum
  • The user whose account was logged in to will need to click a link in their email inbox to unlock their account

Compromised Account Alert
  • Alert staff when an account has potentially been compromised

Security Watcher: Failed Staff Logins
  • Identical to "Failed Logins" watcher, except only for staff accounts
  • Allows you to set stricter rules for staff accounts, or optionally only alert the webmaster if a staff account is broken into
  • Failed Staff Logins can lock the account in one of two ways; User Unlock or Admin Unlock. Admin Unlock requires an administrator (other than the affected user) to unlock the account.

Suspect IP Range Search
  • Collates IPs from various DB Security logs and matches partial IPs to detect suspicious IP ranges
  • Shows the suspected range(s) along with the number of "hits" this range has generated
  • Located on the "Search IP Addresses" screen

Password Generator
  • Generate a random password or use your own
  • Fill out username and password to encrypt it for use in Basic Authentication auth files

Mass Password Reset
  • Can be limited to only reset passwords for users without 2FA enabled
  • Can be limited to only reset passwords for users who have been inactive for X days

Force Password Change
  • Can be limited to only force password change for users without 2FA enabled
  • Can be limited to only force password change for users who have been inactive for X days

Changed Features:
  • The "Maintenance" page (Mass Password Reset and Force Password Change) has been split into separate pages to make it easier to find these features
  • The "Failed Logins" watcher no longer triggers for staff accounts

Bug Fixes:
  • The Mass Password Reset maintenance action would not check if the "confirm action" was set to Yes
  • The "Find Multi-Account IPs" tool would not work as intended
  • The "Close Forum" action would not set the correct close message
  • The "Alert Webmaster" action would not work as intended
  • Like
Reactions: HappyWorld
Top