Feature: "Bad Behavior" (http://bad-behavior.ioerror.us/) integration
Change: Improved performance by implementing phrase caching
Change: Back-end changes to make pages, error messages and redirects more compliant with XenForo standards
Fix: Setting password expiry to Unlimited could result in a password changing loop in certain circumstances
New Features:
Email Recovery Criteria: Paid Subscription Transaction ID
- Users who can provide a valid paid subscription / user upgade transaction ID will by default receive a very high score, letting their recovery pass through
- Score can be configured in the AdminCP
Email Recovery Criteria: Region
- If the user's current IP is in the same region (e.g. state within the USA), a positive score can be applied to their request
- Score can be configured in the AdminCP
New Features:
Email Recovery
- Users who have forgotten or lost access to their email accounts can recover access to their account and change their email address via a page similar to "Lost Password"
- Requires you to fill out an email address to receive these reports in the Options for this mod (receives separate emails for successful and unsuccessful email recovery attempts)
- Adds itself next to every "Lost Password" link
- Configurable scoring criteria to judge how likely it is that this person's request is legitimate
- Browsable logs of all email recovery attempts and their outcomes
Bug Fixes:
- Fixed a couple of cases where a "Invalid class" error could be displayed
- Attempting to log in with an incorrect username / email will no longer cause a server error
- Resolved multiple issues with the "Compromised Account Alert" feature
- Resolved an issue where using the "Admin Unlock" action would generate an email to administrators with incorrect language
Changed Features:
Password Reset
- The created password is now based on the user’s password rule requirements
- The Mass Password Reset action now creates a random password based on the user’s password rule requirements
New Features:
Search IP Addresses: Find Potential Intruder IP Addresses
- Displays a list of IP addresses who have failed to login to valid member accounts more than once
- Also displays any successful logins from these IP addresses
Country Blocking
- You can now block any country from your forum easily by selecting the country via the new AdminCP page
- Uses XenForo's IP Ban system to ban the IP ranges assigned to each country
Browser Fingerprinting
- You can enable browser fingerprinting and have this logged alongside a member's user ID and IP address
- Used in two new security watchers
- Defaults to off
Security Watcher: New Device Fingerprints (Member Accounts)
- Triggers when a member's account is accessed from a new fingerprint
- Allows locking the member's account asking them to unlock it
- Has the same options as "Failed Logins" security watcher
Security Watcher: New Device Fingerprints (Staff Accounts)
- Triggers when a staff member's account is accessed from a new fingerprint
- Allows locking the staff member's account asking them to unlock it
- Allows locking the staff member's account asking admins to unlock it
- Has the same options as "Failed Staff Logins" security watcher
Security Watcher: New Device Fingerprints (Staff Accounts)
- Triggers when a staff member's account is accessed from a new fingerprint
- Allows locking the staff member's account asking them to unlock it
- Allows locking the staff member's account asking admins to unlock it
- Has the same options as "Failed Staff Logins" security watcher
Fingerprint Log Viewer
- Browsable log of all fingerprints
- Filtering / Sorting options
Changed Features:
- When a user is deleted, all relevant data is now also deleted to prevent broken displays and errors
- "Failed Logins" watcher can now ban the user in question
- "Failed Staff Logins" watcher can now email the user in question
Bug Fixes:
- Two event listeners for DragonByte Credits were inadvertently left in this product
- The Config Tamper action could cause a PHP error when triggered
- The email sent when a potentially compromised account is detected would not have the correct contents
- The Password Change action would not respect the "last active threshold" choice
- The "Password Rules" checkboxes would not update if the user pasted their password via the right click menu
- Browsing to the second page of any log view that was limited by date would disregard the date limitations
New Features:
Compromised Account Lock
- Ability to lock an account if it's detected as compromised
- Prevents any action on the forum
- The user whose account was logged in to will need to click a link in their email inbox to unlock their account
Compromised Account Alert
- Alert staff when an account has potentially been compromised
Security Watcher: Failed Staff Logins
- Identical to "Failed Logins" watcher, except only for staff accounts
- Allows you to set stricter rules for staff accounts, or optionally only alert the webmaster if a staff account is broken into
- Failed Staff Logins can lock the account in one of two ways; User Unlock or Admin Unlock. Admin Unlock requires an administrator (other than the affected user) to unlock the account.
Suspect IP Range Search
- Collates IPs from various DB Security logs and matches partial IPs to detect suspicious IP ranges
- Shows the suspected range(s) along with the number of "hits" this range has generated
- Located on the "Search IP Addresses" screen
Password Generator
- Generate a random password or use your own
- Fill out username and password to encrypt it for use in Basic Authentication auth files
Mass Password Reset
- Can be limited to only reset passwords for users without 2FA enabled
- Can be limited to only reset passwords for users who have been inactive for X days
Force Password Change
- Can be limited to only force password change for users without 2FA enabled
- Can be limited to only force password change for users who have been inactive for X days
Changed Features:
- The "Maintenance" page (Mass Password Reset and Force Password Change) has been split into separate pages to make it easier to find these features
- The "Failed Logins" watcher no longer triggers for staff accounts
Bug Fixes:
- The Mass Password Reset maintenance action would not check if the "confirm action" was set to Yes
- The "Find Multi-Account IPs" tool would not work as intended
- The "Close Forum" action would not set the correct close message
- The "Alert Webmaster" action would not work as intended
We use essential cookies to make this site work, and optional cookies to enhance your experience.