[DBTech] DragonByte Security [Paid] 4.0.1

[Alpha1]

If an IP address fails to login to any account, then successfully logs into any account, the account they successfully logged into gets recorded as being potentially compromised.

Could you please add a setting for this? On my big board there are thousands of members logging in every day. I don't care if a member tries 4 times to log in, because it will give me many reports. I only care if there are more serious problems. Like one computer accessing multiple accounts or trying a large number of times.

Feature request:
Integration with WMTech sticky multiple accounts detection.

Combining the cookie data will give much more information about breached accounts.

 

[DragonByte Tech]

I only care if there are more serious problems. Like one computer accessing multiple accounts or trying a large number of times.

If someone is targeting one of your members and tries to guess their password, there's no real way to distinguish whether it's the member forgetting their password or someone trying to break in. That's why DB Security takes the pro-active approach of reporting more than less.

In either case, I can certainly raise a discussion internally about whether it's poignant to change this, in the future when our existing XF1 portfolio has been made compatible with XF2

For the time being, it's my priority to be ready for XF2, so it's difficult for me to find the time to create new functionality at the moment.


Fillip

 

[Alpha1]

If someone is targeting one of your members and tries to guess their password, there's no real way to distinguish whether it's the member forgetting their password or someone trying to break in.

The difference between useful and useless is the threshold. If a website has a mass of users, then the admin does not need to get an email every time a user has more than 3 tries. However, when a user has a lot of tries or when multiple accounts are tried then it would be useful to get alerted. It would be nice to be able to set a threshold somewhere. I dont want to be spammed with useless mails.

Also: is there a way to configure template change alerts? I get emails for every template every time I update an addon. I update addons almost every day.

Third question:
Is there a way to get the 820.000 breached vbulletin accounts in the breached accounts alerts?
http://news.softpedia.com/news/vbulletin-hack-exposes-820-000-accounts-from-126-forums-513416.shtml
I really like how you have made the breached accounts email more useful. btw.

 

[Alpha1]

For the time being, it's my priority to be ready for XF2, so it's difficult for me to find the time to create new functionality at the moment.

We dont care much about XF2. XF2.1 will be the first release with new functionality. I think very few customized boards will upgrade quickly.

 

[DragonByte Tech]

Also: is there a way to configure template change alerts? I get emails for every template every time I update an addon. I update addons almost every day.

There's no configuration beyond an on/off switch at this time, as far as I can remember, sorry

Is there a way to get the 820.000 breached vbulletin accounts in the breached accounts alerts?

If you want the breached database updated, please contact http://haveibeenpwned.com as they are the ones providing the API we use to detect breached accounts.

We dont care much about XF2. XF2.1 will be the first release with new functionality. I think very few customized boards will upgrade quickly.

I'd posit that customised boards will consider upgrading if all their most used scripts are available for XF2, so it's probably safe to say that a lot of communities, and by extension our customers, do care about XF2


Fillip

 

[Alpha1]

There's no configuration beyond an on/off switch at this time, as far as I can remember, sorry

Could you please point me to the off switch?

If you want the breached database updated, please contact http://haveibeenpwned.com as they are the ones providing the API we use to detect breached accounts.

done.

 

[DragonByte Tech]

Could you please point me to the off switch?

DB Security options -> Cron options -> Enable Template Modification Check


Fillip

 

[Alpha1]

Does the site have a downloadable database? I can't find one on their site.

How do you need a list formatted? What data do you need? Will an excel file work for you?

 

[DragonByte Tech]

How do you need a list formatted? What data do you need? Will an excel file work for you?

No, I'm not writing an Excel parser for this - ideally it would be in the same format as the vBulletin's spider XML file. I need the same information that file contains; title, user agent string and info URL.


Fillip

 

[Alpha1]

ErrorException: Undefined variable: results - library/DBTech/Security/3rdParty/functions_badbehavior.php:70
Generated By: Unknown Account, Today at 5:33 PM
Stack Trace
#0 /public_html/library/DBTech/Security/3rdParty/functions_badbehavior.php(70): XenForo_Application::handlePhpError(8, 'Undefined varia...', '/home/...', 70, Array)
#1 /public_html/library/DBTech/Security/3rdParty/bad-behavior/banned.inc.php(65): bb2_db_query('INSERT INTO `xf...')
#2 /public_html/library/DBTech/Security/3rdParty/bad-behavior/core.inc.php(21): bb2_log_denial(Array, Array, '17566707', false)
#3 /public_html/library/DBTech/Security/3rdParty/bad-behavior/core.inc.php(124): bb2_banned(Array, Array, '17566707')
#4 /public_html/library/DBTech/Security/XenForo/EventListener/FrontControllerPostView.php(66): bb2_start(Array)
#5 /public_html/library/XenForo/CodeEvent.php(90): DBTech_Security_XenForo_EventListener_FrontControllerPostView::listen(Object(XenForo_FrontController), '<!DOCTYPE html>...')
#6 /public_html/library/XenForo/FrontController.php(183): XenForo_CodeEvent::fire('front_controlle...', Array)
#7 /public_html/index.php(13): XenForo_FrontController->run()
#8 {main}
Request State
array(3) {
  ["url"] => string(23) "http://forum.com/"
  ["_GET"] => array(0) {
  }
  ["_POST"] => array(0) {
  }
}

 

[DragonByte Tech]

A hotfix for that was added 8 days ago, can you please re-download and re-upload the mod?


Fillip

 

[Alpha1]

OK. I updated it. But there was no way I could have known. My system automatically checks for new version.
Doesn't the hotfix have a new version number? I was running 3.3.0
Your system states that I had the same version as is available. I bought this addon 8 days ago.

 

[DragonByte Tech]

OK. I updated it. But there was no way I could have known.

I specified the date the hotfix was applied in case you came back and told me you had downloaded the latest version, say 4 days ago. That would have meant the hotfix didn't work for whatever reason


Fillip

 

[Alpha1]

Instead of adding them to the browsers list I decided it is a better idea to directly add these to the bad Behaviour blacklist: http://www.botreports.com/badbots/
I also added the user agents of many other bad bots to the blacklist. If anyone wants the code then just let me know.

If you want the breached database updated, please contact http://haveibeenpwned.com as they are the ones providing the API we use to detect breached accounts.

I have contacted Troy Hunt and was able to help get the hacked databases with just under 1 million hacked vbulletin accounts to him. He added the breaches to HIBP. Please read this:
https://www.troyhunt.com/i-just-added-another-140-data-breaches-to-have-i-been-pwned/
This poses some challenge for you to display the correct breach to the user because the format is different.

 

[DragonByte Tech]

I have contacted Troy Hunt and was able to help get the hacked databases with just under 1 million hacked vbulletin accounts to him. He added the breaches to HIBP. Please read this:
https://www.troyhunt.com/i-just-added-another-140-data-breaches-to-have-i-been-pwned/
This poses some challenge for you to display the correct breach to the user because the format is different.

No, it doesn't. We use their API for checking for breaches, and we use the data returned (which, as with all good APIs, the structure does not change) to build the display string.

There is no challenge because nothing changes on our end.


Fillip

 

[Alpha1]

It seems to me that this means that nothing meaningful is displayed in this case. Because it is treated as a batch. I dont know if there is anything you can do to improve it.

The logic in this case is that the member somehow needs to go to the list of breached websites and then see which of the 140!! websites they are a member on.

 

[Alpha1]

After uploading XF 1.5.13 files, this addon took down my site. This error is on my site:

 Parse error: syntax error, unexpected '[' in /library/DBTech/Security/XenForo/Session.php on line 38

When I disable listeners I can get the site to load again, but when I try to deactivate the addon I get this error in the console:

PHP <br />
<b>Parse error</b>:  syntax error, unexpected '[' in <b>/library/DBTech/Security/XenForo/Install/Uninstall.php</b> on line <b>61</b><br />

The addon cannot be disabled.
Please advise.

 

[DragonByte Tech]

After uploading XF 1.5.13 files, this addon took down my site.

Please make sure you are running PHP 5.6 or newer.


Fillip

 

[Alpha1]

PHP 7.1.3

 

[DragonByte Tech]

There is no syntax error in that file, the only way this could happen is if the site was running PHP 5.4. Can you please double-check admin.php?tools/phpinfo to make sure that site isn't running an old version?


Fillip