[DBTech] DragonByte Security 5.0.0

Update highlights

This version improves compatibility with core XenForo features by supporting the "HTTP Proxy" feature in XenForo. This feature is used by certain sites that may be the target of harassment / DDoS attacks, to mask the true IP of the server.

When making calls to 3rd party websites, such as MaxMind to download the latest GeoIP database, those HTTP calls would expose the true IP of the server.

For this reason, the HTTP calls in this product have been updated to support the HTTP proxy. Going forward, all DBTech products that make calls to 3rd party APIs will support the HTTP Proxy feature where possible.

Furthermore, the old low-resolution images used in the password rules display have been replaced with FontAwesome icons.

Lastly, a server error when doing a mass password reset has been resolved.


Complete Change Log

Change: Changed the way API calls are made, in order to support the HTTP Proxy feature in XenForo
Change: Use FontAwesome for the password rule indicators instead of images
Fix: Fix a server error when doing mass password reset

Update highlights

This update fixes bugs reported by the community.


Complete Change Log

Fix: The link to IP address info in the IP Address Search results now works as intended
Fix: Fix a bug in the Bad Behavior script
Fix: Fix for a possible duplicate entry in the fingerprint log

Update highlights

This update changes the way the "Country Blocks" feature works internally.

Prior to this update, IP addresses were updated and saved to the ban log when you made changes to the "Country Blocks" page without any kind of background processing. This meant that if you were trying to block either a large number of countries, or a country with a large IP block such as China or the United States, the page could time out.

In this update, the IP addresses are updated and blocked in the background when you save the page, reducing the risk of timeout errors.


Complete Change Log

Change: Country blocks are now saved / updated in the background

Update highlights

This is a minor bug fix release that fixes an issue where the password rules would break the layout of the password box in the user control panel as well as on the registration page.


Complete Change Log

Fix: Fixed an issue where the password rules would break the password box layout

Update highlights

This release features back-end only changes, making required changes to support XenForo 2.1.

In addition, an issue with a template modification being incorrectly applied in the Admin panel, causing a server error during an upgrade of this product, has been fixed. It is safe to ignore that error, this upgrade is the last time it'll appear (hopefully!)


Complete Change Log

Change: Updated various HTTP requests to match the changes in XF 2.1
Fix: Fixed an issue where a template modification would display a server error during an upgrade of this addon. It is safe to ignore that error.

Update highlights

After a lengthy Beta period, this product has gone Gold

This version contains no changes from the previous version. Future updates will require XenForo 2.1.

This version does not work on XenForo 2.1. Please do not upgrade to XenForo 2.1 until a 2.1 compatible version has been released.

To see the full details on the v4.1.0 release, click here: https://www.dragonbyte-tech.com/store/dragonbyte-security.345/release/1751/


Complete Change Log

No changes.

Because of a backwards breaking change in XenForo 2.1, and because I plan to take advantage of new features only available in XenForo 2.1, the next version will require XenForo 2.1.

The current version will NOT work with XenForo 2.1. A blocking issue has been identified with XenForo 2.1:

• Certain Cron jobs will not work due to a change in the back-end code that powers XenForo (A.K.A. "The Guzzle Change")

The issue has been fixed in an internal build that will be released A.S.A.P., once I am confident enough there are no other blocking issues.

In the meantime, I will release a "Gold" version of the current beta or RC version. This "Gold" version should work fine with XenForo 2.1. There are no known blocking issues with the planned "Gold" version of this mod preventing it from running on XenForo 2.1.

Update highlights

This update improves the "Account Lock" and "Password Change" features by allowing you to set redirect whitelists, just like XF2's "Terms of Service whitelist".

Lastly, it fixes a race condition where it was possible for a user to get stuck in a redirect loop if they were forced to accept the ToS / Privacy Policy and change their password at the same time.

To see the full details on the v4.1.0 release, click here: https://www.dragonbyte-tech.com/store/dragonbyte-security.345/release/1751/


Complete Change Log

Feature: Route whitelist feature for the "Account Lock" redirect
Feature: Route whitelist for the "Password Change" redirect
Fix: Fixed an infinite redirect loop when a user was forced to change their password AND accept privacy policy / terms

Update highlights

This update fixes an issue with the Bad Behavior integration where it would generate a server error after inserting new data.

To see the full details on the v4.1.0 release, click here: https://www.dragonbyte-tech.com/store/dragonbyte-security.345/release/1751/


Complete Change Log

Fix: Fixed an issue where Bad Behavior would cause a server error

Update highlights

We're happy to bring you the first Beta version of our fourth major rewritten XenForo 2 only mod: DragonByte Security!

Before we delve into the changes:

• This is a Beta version, with sweeping database changes. Do not install this on a production forum without a backup that you can revert to in case something goes wrong. But please help us test it!
• This version will not run on XenForo 1. Going forward, the focus of development will be on the XF2 version.
• It is recommended that you disable the modification before updating, if you're upgrading from v4.0.x.

Without further ado, onto the changes!


Security Watchers UI changes
The UI for managing Security Watchers has received a complete overhaul in order to ensure it works better on mobile devices. Each individual rule set is now inserted as a separate entry, rather than managing all rule sets from a single page.
The main security watchers list now also displays information about the configured rule, making it easier to see at a glance which watchers you have configured.


"Force password change" and "Mass password reset" changes
These two pages now use the user search form, allowing you to more specifically target the users you want to force change or reset passwords for. Super admins are now also excluded from these tools, as it's imperative they can always access their accounts.


Change Log overhaul
The "Change log" within this mod previously rolled its own solution to store changes. In this update, this has been removed. Instead, changes that were previously logged in our own solution now uses XF2's change log, which has a vastly superior data storage system, and a vastly improved display UI.


Improved log UIs
Every log has a vastly improved UI, making them better able to be viewed on mobile devices, and less likely to produce warped displays in the event a large amount of data was logged.


Complete Change Log

Feature: IP address search now uses XF2's IP log
Feature: The "Force Password Change" page now uses the "user search form" to give greater control over whose passwords need changing
Feature: The "Mass password reset" page now uses the "user search form" to give greater control over whose passwords are reset
Feature: The ".htaccess password generator" has an improved password generator, with more advanced rule options
Feature: The "Change log" now uses XF2's change log rather than a custom solution
Change: Country Blocking now stores its data in XF2's IP Match table
Change: The breach checker now uses XF2's "Rebuild" feature to make it a rebuild job
Change: Overhauled the UI for Security Watchers
Change: Every log page has a vastly improved UI that works better on mobile devices