[DBTech] DragonByte Security [Paid] 4.0.1

[DragonByte Tech]

I would just like to say that the vbulletin version of this addon has been a life saver for my big board. With 4 million monthly users we are regularly targeted by hackers. This addon provides a large scope of tools to not only enhance security but also to quickly detect a number of suspect events that normally stay under the radar.

@DragonByte Tech has been very responsive to feature requests. I am certain that this addon will get many updates.
Fillip, thank you for fulfilling my request to port this addon to XenForo.

Thank you very much for your kind words, much appreciated

I'll surely go through all options and post a list of feature requests.

We've gone through and planned the next batch of updates based on feature requests already posted over @ TAZ

Do you have an arrangement for vbsecurity users?

I'll talk with Iain and send you a PC


Fillip

 

[Fred.]

I'd love to see YubiKey's be leveraged in some fashion for XF.

https://developers.yubico.com/OTP/

I also use Yubikey's so another vote from me.

 

[DragonByte Tech]

I also use Yubikey's so another vote from me.

(also @ManagerJosh ) I'm looking at this, but it seems like you can't get an API key from Yubico without having a YubiKey device. Is this true? That's a bit of a barrier to entry, as I have no need for Yubikey outside of this project


Fillip

 

[ManagerJosh]

(also @ManagerJosh ) I'm looking at this, but it seems like you can't get an API key from Yubico without having a YubiKey device. Is this true? That's a bit of a barrier to entry, as I have no need for Yubikey outside of this project


Fillip

As far as I am aware, yes you do need a YubiKey to get an API Key otherwise it's difficult to develop and test. If you need one, PM me for one. I'll send one over.

 

[DragonByte Tech]

As far as I am aware, yes you do need a YubiKey to get an API Key otherwise it's difficult to develop and test. If you need one, PM me for one. I'll send one over.

PM sent, thank you


Fillip

 

[DragonByte Tech]

DragonByte Tech updated DragonByte Security with a new update entry:

3.0.0b2

New Features:

Compromised Account Lock

• Ability to lock an account if it's detected as compromised
• Prevents any action on the forum
• The user whose account was logged in to will need to click a link in their email inbox to unlock their account

Compromised Account Alert

• Alert staff when an account has potentially been compromised

Security Watcher: Failed Staff Logins

• Identical to "Failed Logins" watcher,...

Read the rest of this update entry...

 

[The Sandman]

Error
Callback DBTech_Credits_XenForo_EventListener_LoadClass::load is invalid (Invalid Class).

 

[DragonByte Tech]

Error
Callback DBTech_Credits_XenForo_EventListener_LoadClass::load is invalid (Invalid Class).

Sorry about that, I hotfixed it ~30 minutes ago


Fillip

 

[The Sandman]

That fixed it! Thanks!

 

[CoZmicShReddeR]

I too must say I had vBulletin site and was hacked and wiped several times but ever since I had the
DragonByte Security Addon it literally stopped it all or it at least helped me feel safer when I seen a log of someone trying numerous times with different IP's to tamper with my vBulletin website and could trace the same attempt by an intruder in my Apache logs. If I remember correctly I loved how I could see that it blocked the IPs right away. Lets face it not many people are fond of going through all the log files picking through them everyday looking for IP's to ban.

 

[MattW]

Just purchased (lifetime licence), but I'm not seeing the product available to download.

 

[DragonByte Tech]

Just purchased (lifetime licence), but I'm not seeing the product available to download.

Hi Matt,

The transaction didn't validate our eCommerce system due to the fact that your currency setting on our site was set to USD, but your PayPal account paid us in GBP.

I've changed your currency setting @ DBTech and manually added the license for you

Sorry about that!


Fillip

 

[MattW]

Thanks Fillip,

Started the install, and now site is totally offline with the following error

An exception occurred: Using $this when not in object context in /home/nginx/domains/mattwservices.co.uk/public/library/XenForo/Application.php on line 588

XenForo_Application::getConfigDir() in config.php at line 37
require() in DBTech/Security/XenForo/EventListener/FrontControllerPostView.php at line 22
DBTech_Security_XenForo_EventListener_FrontControllerPostView::listen() in XenForo/CodeEvent.php at line 90
XenForo_CodeEvent::fire() in XenForo/FrontController.php at line 183
XenForo_FrontController->run() in /home/nginx/domains/mattwservices.co.uk/public/index.php at line 13

 

[MattW]

Looks like it's not compatible with the Redis Cache addon from @Xon

 

[MattW]

Missing phrase from the ACP

dbtech_security_no_results_matched_your_query

 

[MattW]

another one

 

[DragonByte Tech]

Thanks Fillip,

Started the install, and now site is totally offline with the following error

An exception occurred: Using $this when not in object context in /home/nginx/domains/mattwservices.co.uk/public/library/XenForo/Application.php on line 588

XenForo_Application::getConfigDir() in config.php at line 37
require() in DBTech/Security/XenForo/EventListener/FrontControllerPostView.php at line 22
DBTech_Security_XenForo_EventListener_FrontControllerPostView::listen() in XenForo/CodeEvent.php at line 90
XenForo_CodeEvent::fire() in XenForo/FrontController.php at line 183
XenForo_FrontController->run() in /home/nginx/domains/mattwservices.co.uk/public/index.php at line 13

I've hotfixed that in the Beta 2 download, I patched the /library/DBTech/Security/XenForo/EventListener/FrontControllerPostView.php file

Looks like it's not compatible with the Redis Cache addon from @Xon

It's not incompatible, it's just detecting that new settings have been added to the config.php file.

You can turn off the config.php file checking via the Options for this mod as well.

Missing phrase from the ACP

dbtech_security_no_results_matched_your_query

another one
View attachment 135974

I'll get those fixed for Beta 3


Fillip

 

[MattW]

I've hotfixed that in the Beta 2 download, I patched the /library/DBTech/Security/XenForo/EventListener/FrontControllerPostView.php file

It's not incompatible, it's just detecting that new settings have been added to the config.php file.

Still getting the same error when using the new patched file

An exception occurred: Using $this when not in object context in /home/nginx/domains/mattwservices.co.uk/public/library/XenForo/Application.php on line 588

XenForo_Application::getConfigDir() in config.php at line 37
require() in DBTech/Security/XenForo/EventListener/FrontControllerPostView.php at line 22
DBTech_Security_XenForo_EventListener_FrontControllerPostView::listen() in XenForo/CodeEvent.php at line 90
XenForo_CodeEvent::fire() in XenForo/FrontController.php at line 183
XenForo_FrontController->run() in /home/nginx/domains/mattwservices.co.uk/public/index.php at line 13

These are the additional settings added by the redis cache addon

$config['cache']['enabled'] = true;
$config['cache']['cacheSessions'] = true;
$config['cache']['frontend'] = 'Core';
$config['cache']['frontendOptions'] = array(
'caching' => true,
'cache_id_prefix' => 'mws_',
'automatic_serialization' => false,
'lifetime' => 0
);

$config['cache']['backend'] = 'Redis';

$config['cache']['backendOptions'] = array(
'server' => '127.0.0.1',
'port' => 6379,
'use_lua' => true,
);
require(XenForo_Application::getConfigDir().'/SV/RedisCache/Installer.php');

 

[MattW]

Full error from the ACP

Error: Using $this when not in object context - library/XenForo/Application.php:588
Generated By: Unknown Account, 2 minutes ago
Stack Trace
#0 /home/nginx/domains/mattwservices.co.uk/public/library/config.php(37): XenForo_Application::getConfigDir()
#1 /home/nginx/domains/mattwservices.co.uk/public/library/DBTech/Security/XenForo/EventListener/FrontControllerPostView.php(22): require('/home/nginx/dom...')
#2 /home/nginx/domains/mattwservices.co.uk/public/library/XenForo/CodeEvent.php(90): DBTech_Security_XenForo_EventListener_FrontControllerPostView::listen(Object(XenForo_FrontController), '<!DOCTYPE html>...')
#3 /home/nginx/domains/mattwservices.co.uk/public/library/XenForo/FrontController.php(183): XenForo_CodeEvent::fire('front_controlle...', Array)
#4 /home/nginx/domains/mattwservices.co.uk/public/index.php(13): XenForo_FrontController->run()
#5 {main}
Request State
array(3) {
  ["url"] => string(28) "https://mattwservices.co.uk/"
  ["_GET"] => array(0) {
  }
  ["_POST"] => array(0) {
  }
}

 

[DragonByte Tech]

Can you open up
/home/nginx/domains/mattwservices.co.uk/public/library/DBTech/Security/XenForo/EventListener/FrontControllerPostView.php on line 22 and change $this->app to $app and see if that resolves it for you?


Fillip