[DBTech] DragonByte Security [Paid] 4.0.1

[DragonByte Tech]

DragonByte Tech updated [DBTech] DragonByte Security with a new update entry:

3.0.4

Change: Added caching for templates that are loaded via template hooks

Read the rest of this update entry...

 

[Jacksta211]

This plugin is awesome and has caught out a few people already. Though I have a suggestion; Would it ever be possible to add a manual unlock through the admin cp? If a users account is locked and they're being too silly to unlock it themselves it'd be great if we could have some sort of override. As it stands once an account is locked I as a forum admin kinda feel like I'm not in control of the situation if I have no control over the compromised/locked account.
Aside from this, wicked plugin and will keep using regardless.

 

[DragonByte Tech]

This plugin is awesome and has caught out a few people already. Though I have a suggestion; Would it ever be possible to add a manual unlock through the admin cp? If a users account is locked and they're being too silly to unlock it themselves it'd be great if we could have some sort of override. As it stands once an account is locked I as a forum admin kinda feel like I'm not in control of the situation if I have no control over the compromised/locked account.
Aside from this, wicked plugin and will keep using regardless.

I'll add that to the list I'll probably make it require Super Admin though, to make it less likely any attackers can access this functionality.


Fillip

 

[Jacksta211]

I'll add that to the list I'll probably make it require Super Admin though, to make it less likely any attackers can access this functionality.


Fillip

This sounds perfect. Look forward to potentially seeing it implemented, keep up the good work man.

 

[Robust]

DragonByte Security has detected that your account has been the subject of a breach on another site. We recommend you change your password and enable two-factor authentication to stop your account from being a target of further breaches.

What does that mean, exactly?

 

[DragonByte Tech]

DragonByte Security has detected that your account has been the subject of a breach on another site. We recommend you change your password and enable two-factor authentication to stop your account from being a target of further breaches.

What does that mean, exactly?

That means that your username or email has been found in this database: https://haveibeenpwned.com


Fillip

 

[md_5]

What does the branding look like, and is it possible to upgrade to lifetime for a discount with an active subscription?

 

[Russ]

That means that your username or email has been found in this database: https://haveibeenpwned.com


Fillip

What is the point of showing if your username has been compromised for the majority of people? I got an email since the username "Russ" has been compromised. I think it should be limited to emails only, or possibly an option? Your plugin is recommending I change my password and enable two-factor author (when it's already enabled mind you) because a generic username has been breached on another site. Just doesn't make a lot of sense.

I don't have an account on any of the sites listed under the username Russ

 

[DragonByte Tech]

What does the branding look like, and is it possible to upgrade to lifetime for a discount with an active subscription?

The branding compresses to a single line regardless of how many mods you have installed: https://i.imgur.com/aq25pgm.png

You are able to upgrade from a 3 Months or 1 Year license to a Lifetime license for a discount, no subscription is needed (we don't offer any subscription services)

I think it should be limited to emails only, or possibly an option?

I can look into adding an option, sure


Fillip

 

[cmsamuel]

Does this add-on block Tor registrations only, or guests viewing the forum as well ? In other words, does it block ALL activity over Tor ?

 

[DragonByte Tech]

Does this add-on block Tor registrations only, or guests viewing the forum as well ? In other words, does it block ALL activity over Tor ?

If you enable Tor blocking, it blocks ALL activity. It'll redirect users to a page stating their IP address has been banned.


Fillip

 

[Onlyme]

Could you consider adding an option so it can create threads in a selected section of the forum when the watchers are triggered?

 

[DragonByte Tech]

Could you consider adding an option so it can create threads in a selected section of the forum when the watchers are triggered?

It's certainly something we can look into for future versions


Fillip

 

[Alpha1]

That sounds like an outdated method. Having alerts or reports seems more logical.

 

[Onlyme]

It's certainly something we can look into for future versions


Fillip

Redirect banned ip would be nice also. Atm our forum doesn't display your IP has been banned until the page is refreshed is that normal?

That sounds like an outdated method. Having alerts or reports seems more logical.

Any method would do, just want all staff to be alerted of login watchers in the forum not just by email. I still use create a new thread for many things like dupe acc, reports etc. Any staff member that has permission to view can handle it, can be discussed in the thread if needed and if we need it in the future it's always avalibe.

Anyways I think it's effective

 

[DragonByte Tech]

Redirect banned ip would be nice also. Atm our forum doesn't display your IP has been banned until the page is refreshed is that normal?

It is, yeah. Any AJAX requests should, in theory, fail, prompting the user to refresh the page since they'll most likely be receiving some form of error message stating the AJAX request returned unexpected content, or something to that effect.

In either case, they won't be able to perform any form of action on the forum after being banned, at which point they'll have a forced redirect


Fillip

 

[MattW]

I've just re-installed the bdcache addon (https://xfrocks.com/resources/bd-cache.8/update?update=151), and my site is now generating the following errors for guests

Server Error
Undefined index: dbtech_secpermissions

[LIST=1]
[*]XenForo_Application::handlePhpError() in DBTech/Security/XenForo/Model/Security.php at line 57
[*]DBTech_Security_XenForo_Model_Security->getPasswordRules() in DBTech/Security/XenForo/EventListener/ControllerDispatch.php at line 136
[*]DBTech_Security_XenForo_EventListener_ControllerDispatch::postDispatch() in XenForo/CodeEvent.php at line 58
[*]XenForo_CodeEvent::fire() in XenForo/Controller.php at line 363
[*]XenForo_Controller->postDispatch() in XenForo/FrontController.php at line 358
[*]XenForo_FrontController->dispatch() in XenForo/FrontController.php at line 134
[*]XenForo_FrontController->run() in /home/nginx/domains/mattwservices.co.uk/public/index.php at line 13
[/LIST]

 

[MattW]

Hmm, think I've been able to figure it out



I also had password expiration set, but setting that to Unlimited makes the error go away. Error only occurs though with the bdcache addon enabled.

 

[DragonByte Tech]

Hmm, think I've been able to figure it out

View attachment 141344

I also had password expiration set, but setting that to Unlimited makes the error go away. Error only occurs though with the bdcache addon enabled.

I've added a hotfix to work around that issue, seems like the cache needs a flush though


Fillip

 

[Dadparvar]

it would be useful if you add "AdminCP Logins" to Security Center, security watchers. Now we can get email for Failed AdminCP Logins, but we also want to get email when anyone login to acp (even successful logins). (and be able to set white listed admins)

(also please make all the texts as phrases so that we be able to translate them. I'm referring to words and texts in front end and emails that are being sent accordingly. from title of emails to content of emails and ...)

Thanks