Nirjonadda
Well-known member
That will be fixed in a future Beta release, thanks.
When happen this release? Lot of error log happening.
That will be fixed in a future Beta release, thanks.
Fix: Bugfix roll-up from the previous Beta
Country blocking works on an IP address level, and work by adding the filtered countries' IP address ranges to XF's IP ban list. There's no VPN detection, but if they do use VPNs hosted in a blocked country that VPN will still be blocked.Does your add-on offer a country-lock feature? As in, allowing the user to lock their account access to a specific region. This is a pretty light but effective security measure as the vast majority of account hijacks are done via VPN's, and it's much harder to find and then spoof their location to the actual users. I see it offers country-blocking which is a useful feature but much different and isn't designed for the same purpose.
Not yet, I've been busy with the new eCommerce mod for the past 3 months. I need to finish up the tools needed for DBTech to move to XF2, then actually complete the move, before I can go back to work on things like that feature.Also, any estimates on the Session Management feature-set? These two questions are the only thing holding me back from buying.
That's understandable. Just to clarify my first question, country-locking is not the same as country-blocking. Country-blocking would be blocking account access from a specific region. Country-locking would block all access to the account unless it's from a specific region. For example, if I was a user and I set a country-lock to France, I would only be able to log into my account from within France. This is not an uncommon feature, and very useful for the reasons I mentioned in my previous reply. I don't see this listed anywhere after a deeper search, but would heavily recommend it as a feature suggestion given your prioritization for security.Because things always change in terms of when we receive contract work and such, I do not provide ETAs for anything, ever
Ah I see, my bad sorry!Just to clarify my first question, country-locking is not the same as country-blocking. Country-blocking would be blocking account access from a specific region.
Personally, I have never seen this feature on any website I have visited, ever. I do know that certain sites like Gmail will block a login attempt if you use no 2FA and your account is logged in to from a region you've never logged in from before, but I have never seen this user-configurable.This is not an uncommon feature, and very useful for the reasons I mentioned in my previous reply.
Thanks for the quick and friendly responses, and the misconception is completely understandable. I don’t believe this country-lock feature has been created for XenForo, but it exists in add-ons for other forum softwares such as the single largest MyBB forum (not referenced for obvious reasons).I do know that certain sites like Gmail will block a login attempt if you use no 2FA and your account is logged in to from a region you've never logged in from before, but I have never seen this user-configurable.
Sort of, but I don't know of any 2FA method in XF that requires entering your phone number. I do know Twilio is a thing, but I don't know if any 3rd party add-ons on XF have integrated with it and it's probably not as popular because you have to pay monthly and per SMS your forum sends out as a result.Personally I disagree with your 2FA point: I would argue that the majority of users won’t use 2FA, as while it offers the best security options, is also very tedious when compared to typing in a password. I believe only very active users who care about their security will enter their phone number and spend time with this, and that your add-on can strive in protecting the non-2FA users as a default. If that makes sense.
AgreedThat aside, your mention of the gmail-style watcher seems like a better idea than a region-lock. This wouldn’t require the users to opt-in or configure anything, which means it will help those users who don’t care as much about security. It would prevent users from getting locked out of their own accounts by the lock, and incoincidentally notify them that they are facing a security issue. The feature you mentioned here is also far more common, and likely desirable to other potential customers.
Nope, all you have to do is renew and the XF2 version is includedI’ll likely need to purchase them again since I’ve switched to XF2 and they expired, but I may pick up this and one other thing on the way out.
Have you tried this on a default (unmodified) skin? Also try disabling all other modifications.
Fillip
TypeError: Argument 1 passed to DBTech\Security\Model\Watcher::execBreachCheck() must be of the type array, object given, called in /home/nadda/public_html/src/addons/DBTech/Security/XF/Service/User/Login.php on line 53 src/addons/DBTech/Security/Model/Watcher.php:1174
Generated by: Unknown account Mar 3, 2018 at 10:36 AM
Stack trace
#0 src/addons/DBTech/Security/XF/Service/User/Login.php(53): DBTech\Security\Model\Watcher->execBreachCheck(Object(DBTech\Shop\XF\Entity\User))
#1 src/XF/Service/User/Login.php(124): DBTech\Security\XF\Service\User\Login->recordFailedAttempt()
#2 src/XF/Pub/Controller/Login.php(79): XF\Service\User\Login->validate('nirjonmela2018', NULL)
#3 src/XF/Mvc/Dispatcher.php(249): XF\Pub\Controller\Login->actionLogin(Object(XF\Mvc\ParameterBag))
#4 src/XF/Mvc/Dispatcher.php(88): XF\Mvc\Dispatcher->dispatchClass('XF:Login', 'Login', 'html', Object(XF\Mvc\ParameterBag), '', Object(XF\Pub\Controller\Login), NULL)
#5 src/XF/Mvc/Dispatcher.php(41): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#6 src/XF/App.php(1889): XF\Mvc\Dispatcher->run()
#7 src/XF.php(328): XF\App->run()
#8 index.php(13): XF::runApp('XF\\Pub\\App')
#9 {main}
Request state
array(4) {
["url"] => string(12) "/login/login"
["referrer"] => string(23) "/"
["_GET"] => array(0) {
}
["_POST"] => array(4) {
["login"] => string(10) "nirjonmela"
["password"] => string(8) "********"
["remember"] => string(1) "1"
["_xfToken"] => string(8) "********"
}
}
I've applied a hot fix to Beta 4 that should resolve this.
Fillip
TypeError: Argument 1 passed to DBTech\Security\Model\Watcher::execBreachCheck() must be of the type array, object given, called in /home/nadda/public_html/src/addons/DBTech/Security/XF/Service/User/Login.php on line 53 src/addons/DBTech/Security/Model/Watcher.php:1174
Generated by: Unknown account Mar 4, 2018 at 5:18 PM
Stack trace
#0 src/addons/DBTech/Security/XF/Service/User/Login.php(53): DBTech\Security\Model\Watcher->execBreachCheck(Object(Datio\AllowedEmails\XF\Entity\User))
#1 src/XF/Service/User/Login.php(124): DBTech\Security\XF\Service\User\Login->recordFailedAttempt()
#2 src/XF/Pub/Controller/Login.php(79): XF\Service\User\Login->validate('kinglara#500', NULL)
#3 src/XF/Mvc/Dispatcher.php(249): XF\Pub\Controller\Login->actionLogin(Object(XF\Mvc\ParameterBag))
#4 src/XF/Mvc/Dispatcher.php(88): XF\Mvc\Dispatcher->dispatchClass('XF:Login', 'Login', 'html', Object(XF\Mvc\ParameterBag), '', Object(XF\Pub\Controller\Login), NULL)
#5 src/XF/Mvc/Dispatcher.php(41): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#6 src/XF/App.php(1889): XF\Mvc\Dispatcher->run()
#7 src/XF.php(328): XF\App->run()
#8 index.php(13): XF::runApp('XF\\Pub\\App')
#9 {main}
Request state
array(4) {
["url"] => string(12) "/login/login"
["referrer"] => string(23) "/"
["_GET"] => array(0) {
}
["_POST"] => array(3) {
["login"] => string(6) "mofijj"
["password"] => string(8) "********"
["_xfToken"] => string(8) "********"
}
}
Server issue with the code deployment, has been taken care of now and the files should have updated correctly.
Fillip
ErrorException: [E_NOTICE] Undefined index: userid src/addons/DBTech/Security/XF/Service/User/Login.php:53
Generated by: Unknown account Mar 4, 2018 at 7:11 PM
Stack trace
#0 src/addons/DBTech/Security/XF/Service/User/Login.php(53): XF::handlePhpError(8, '[E_NOTICE] Unde...', '/home/nadda/pub...', 53, Array)
#1 src/XF/Service/User/Login.php(124): DBTech\Security\XF\Service\User\Login->recordFailedAttempt()
#2 src/XF/Pub/Controller/Login.php(79): XF\Service\User\Login->validate('02021984', NULL)
#3 src/XF/Mvc/Dispatcher.php(249): XF\Pub\Controller\Login->actionLogin(Object(XF\Mvc\ParameterBag))
#4 src/XF/Mvc/Dispatcher.php(88): XF\Mvc\Dispatcher->dispatchClass('XF:Login', 'Login', 'html', Object(XF\Mvc\ParameterBag), '', Object(XF\Pub\Controller\Login), NULL)
#5 src/XF/Mvc/Dispatcher.php(41): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#6 src/XF/App.php(1889): XF\Mvc\Dispatcher->run()
#7 src/XF.php(328): XF\App->run()
#8 index.php(13): XF::runApp('XF\\Pub\\App')
#9 {main}
Request state
array(4) {
["url"] => string(12) "/login/login"
["referrer"] => string(23) "/"
["_GET"] => array(0) {
}
["_POST"] => array(3) {
["login"] => string(4) "Amio"
["password"] => string(8) "********"
["_xfToken"] => string(8) "********"
}
}
ErrorException: [E_NOTICE] Undefined index: dbtech_security_is_user_locked src/addons/DBTech/Security/Action/Lock.php:202
Generated by: Porichito59 Mar 16, 2018 at 5:29 AM
Stack trace
#0 src/addons/DBTech/Security/Action/Lock.php(202): XF::handlePhpError(8, '[E_NOTICE] Unde...', '/home/nadda/pub...', 202, Array)
#1 src/addons/DBTech/Security/Action/Lock.php(31): DBTech\Security\Action\Lock->_assertIsLocked()
#2 src/addons/DBTech/Security/ActionAbstract.php(87): DBTech\Security\Action\Lock->_preDispatch('Unlock')
#3 src/addons/DBTech/Security/Application/Core.php(172): DBTech\Security\ActionAbstract->preDispatch('Unlock', 'DBTech\\Security...')
#4 src/addons/DBTech/Security/Pub/Controller/Route.php(36): DBTech\Security\Application\Core->runAction('DBTech\\Security...')
#5 src/XF/Mvc/Dispatcher.php(249): DBTech\Security\Pub\Controller\Route->actionIndex(Object(XF\Mvc\ParameterBag))
#6 src/XF/Mvc/Dispatcher.php(88): XF\Mvc\Dispatcher->dispatchClass('DBTech\\Security...', 'Index', 'html', Object(XF\Mvc\ParameterBag), 'forums', Object(DBTech\Security\Pub\Controller\Route), NULL)
#7 src/XF/Mvc/Dispatcher.php(41): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#8 src/XF/App.php(1891): XF\Mvc\Dispatcher->run()
#9 src/XF.php(328): XF\App->run()
#10 index.php(13): XF::runApp('XF\\Pub\\App')
#11 {main}
Request state
array(4) {
["url"] => string(73) "/dbtech-security/lock?action=unlock&hash=3e84c5591ff2fc498bb803ae828abe83"
["referrer"] => string(95) "/dbtech-security/lock?action=unlock&hash=3e84c5591ff2fc498bb803ae828abe83"
["_GET"] => array(2) {
["action"] => string(6) "unlock"
["hash"] => string(32) "3e84c5591ff2fc498bb803ae828abe83"
}
["_POST"] => array(0) {
}
}
ErrorException: [E_NOTICE] Undefined index: dbtech_security_is_admin_locked src/addons/DBTech/Security/Action/Lock.php:203
Generated by: Porichito59 Mar 16, 2018 at 5:29 AM
Stack trace
#0 src/addons/DBTech/Security/Action/Lock.php(203): XF::handlePhpError(8, '[E_NOTICE] Unde...', '/home/nadda/pub...', 203, Array)
#1 src/addons/DBTech/Security/Action/Lock.php(31): DBTech\Security\Action\Lock->_assertIsLocked()
#2 src/addons/DBTech/Security/ActionAbstract.php(87): DBTech\Security\Action\Lock->_preDispatch('Unlock')
#3 src/addons/DBTech/Security/Application/Core.php(172): DBTech\Security\ActionAbstract->preDispatch('Unlock', 'DBTech\\Security...')
#4 src/addons/DBTech/Security/Pub/Controller/Route.php(36): DBTech\Security\Application\Core->runAction('DBTech\\Security...')
#5 src/XF/Mvc/Dispatcher.php(249): DBTech\Security\Pub\Controller\Route->actionIndex(Object(XF\Mvc\ParameterBag))
#6 src/XF/Mvc/Dispatcher.php(88): XF\Mvc\Dispatcher->dispatchClass('DBTech\\Security...', 'Index', 'html', Object(XF\Mvc\ParameterBag), 'forums', Object(DBTech\Security\Pub\Controller\Route), NULL)
#7 src/XF/Mvc/Dispatcher.php(41): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#8 src/XF/App.php(1891): XF\Mvc\Dispatcher->run()
#9 src/XF.php(328): XF\App->run()
#10 index.php(13): XF::runApp('XF\\Pub\\App')
#11 {main}
Request state
array(4) {
["url"] => string(73) "/dbtech-security/lock?action=unlock&hash=3e84c5591ff2fc498bb803ae828abe83"
["referrer"] => string(95) "/dbtech-security/lock?action=unlock&hash=3e84c5591ff2fc498bb803ae828abe83"
["_GET"] => array(2) {
["action"] => string(6) "unlock"
["hash"] => string(32) "3e84c5591ff2fc498bb803ae828abe83"
}
["_POST"] => array(0) {
}
}
We use essential cookies to make this site work, and optional cookies to enhance your experience.