[DBTech] DragonByte Security [Paid] 4.7.0

[DragonByte Tech]

@DragonByte Tech I'm thinking of buying this but one thing I want to protect my forum from is scraping. People being able to use bots to scrape my content contents/posts, etc.

Does this add-on come with something that implements protection against this? An add-on existed for XF1.

[TAC] Bot Arrestor

If you like this add-on, please >>rate it

xenforo.com

but seems dead now, wondering if this is something you can make possible @DragonByte Tech

No there's no such feature in the add-on at this time. New feature requests would need to be posted @ the site as they will get lost in this thread before they can be implemented

 

[Deleted member 91401]

No there's no such feature in the add-on at this time. New feature requests would need to be posted @ the site as they will get lost in this thread before they can be implemented

Could I pay you to make something like that for me?

 

[DragonByte Tech]

Could I pay you to make something like that for me?

If you send me a PM with the complete list of feature requirements as well as your budget, I can look into it once I'm done with the current project I'm working on

 

[Nirjonadda]

@DragonByte Tech MySQL Upgrade Checker from MySQL 5.7 to 8 show this error. Should we Upgrade to 8?

nadda_XXXX.xf_dbtech_security_bad_behavior.date - column has zero
default value: 0000-00-00 00:00:00

 

[DragonByte Tech]

@DragonByte Tech MySQL Upgrade Checker from MySQL 5.7 to 8 show this error. Should we Upgrade to 8?

nadda_XXXX.xf_dbtech_security_bad_behavior.date - column has zero
default value: 0000-00-00 00:00:00

That table was added by Bad Behavior, but I see no reason why not.

 

[wakon5544]

2 sessions on the same account? catch it? some share their accounts. @DragonByte Tech

 

[DragonByte Tech]

2 sessions on the same account? catch it? some share their accounts. @DragonByte Tech

Account sharing detection is not a feature of this add-on.

 

[wakon5544]

Account sharing detection is not a feature of this add-on.

Is there a way to check this?

 

[DragonByte Tech]

DragonByte Tech updated [DBTech] DragonByte Security with a new update entry:

4.3.2

Update highlights

This version updates the "Account locked" function to log its state changes in the user change log, similar to other flags in the core XenForo product.

It also resolves a potential server error on install, if the API that fetches the country list is inaccessible.


Complete Change Log

Feature: Log "account locked" status in the User Change Log
Fix: Fix a potential server during install

Read the rest of this update entry...

 

[jul]

Well I unfortunately didn't update it on a demo version but on the live server. This resulted in the forums going into a http 500 error page and I cannot access anything anymore. Any advice dealing with this?

 

[DragonByte Tech]

Well I unfortunately didn't update it on a demo version but on the live server. This resulted in the forums going into a http 500 error page and I cannot access anything anymore. Any advice dealing with this?

Disable event listeners via config.php and check the server error log.

 

[DragonByte Tech]

DragonByte Tech updated [DBTech] DragonByte Security with a new update entry:

4.3.3

Update highlights

This version fixes a few bugs related to the "account lock" feature reported by the community.


Complete Change Log

Fix: Corrected the log phrase for locked accounts (not retroactive)
Fix: Ensure the "resend" and "unlock" actions are also excluded from force redirects
Fix: Ensure all redirects use the public route (prevents race condition where admin accounts are redirected)

Read the rest of this update entry...

 

[DragonByte Tech]

DragonByte Tech updated [DBTech] DragonByte Security with a new update entry:

4.3.4

Update highlights

This version fixes a few bugs reported by the community.


Complete Change Log

Fix: "The following sub-option(s) are unknown: includeWebGL" when saving settings
Fix: Fix regression from 4.3.3 affecting fingerprints

Read the rest of this update entry...

 

[Feanor]

For mass password reset, can you reset passwords for a specific usergroup only? (Or perhaps other parameters?)

 

[DragonByte Tech]

For mass password reset, can you reset passwords for a specific usergroup only? (Or perhaps other parameters?)

Yes, it uses the full user search form (same as if you go to the Search users page)

 

[DragonByte Tech]

DragonByte Tech updated [DBTech] DragonByte Security with a new update entry:

4.4.0

Update highlights

This version brings the return of the login session management feature from the XenForo 1.5 version. The previous session management version had some issues, namely in that deleted sessions would be re-generated if the other browser instance wasn't already being logged out.

With v4.4.0, deleting a login session will force the other session to end, as was always intended.


Complete Change Log

Feature: Login session management - Log...

Read the rest of this update entry...

 

[Nirjonadda]

@DragonByte Tech Getting Server error log.

Assert\InvalidArgumentException: Invalid data src/addons/DBTech/Security/vendor/beberlei/assert/lib/Assert/Assertion.php:2752

Generated by: Unknown account Jul 29, 2020 at 11:36 PM

Stack trace

#0 src/addons/DBTech/Security/vendor/beberlei/assert/lib/Assert/Assertion.php(319): Assert\Assertion::createException(0, 'Invalid data', 33, NULL, Array)
#1 src/addons/DBTech/Security/vendor/web-auth/webauthn-lib/src/PublicKeyCredentialLoader.php(78): Assert\Assertion::eq(0, 4, 'Invalid data')
#2 src/addons/DBTech/Security/vendor/web-auth/webauthn-lib/src/Server.php(221): Webauthn\PublicKeyCredentialLoader->load('')
#3 src/addons/DBTech/Security/Tfa/WebAuthn.php(265): Webauthn\Server->loadAndCheckAssertionResponse('', Object(Webauthn\PublicKeyCredentialRequestOptions), Object(Webauthn\PublicKeyCredentialUserEntity), Object(Nyholm\Psr7\ServerRequest))
#4 src/XF/Service/User/Tfa.php(129): DBTech\Security\Tfa\WebAuthn->verify('login', Object(Datio\AllowedEmails\XF\Entity\User), Array, Object(XF\Http\Request))
#5 src/XF/ControllerPlugin/Login.php(121): XF\Service\User\Tfa->verify(Object(XF\Http\Request), 'dbtech_security...')
#6 src/XF/Pub/Controller/Login.php(135): XF\ControllerPlugin\Login->runTfaCheck('https://nirjonm...')
#7 src/XF/Mvc/Dispatcher.php(350): XF\Pub\Controller\Login->actionTwoStep(Object(XF\Mvc\ParameterBag))
#8 src/XF/Mvc/Dispatcher.php(257): XF\Mvc\Dispatcher->dispatchClass('XF:Login', 'TwoStep', Object(XF\Mvc\RouteMatch), Object(xenMade\SEO\XF\Pub\Controller\Login), NULL)
#9 src/XF/Mvc/Dispatcher.php(113): XF\Mvc\Dispatcher->dispatchFromMatch(Object(XF\Mvc\RouteMatch), Object(xenMade\SEO\XF\Pub\Controller\Login), NULL)
#10 src/XF/Mvc/Dispatcher.php(55): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#11 src/XF/App.php(2190): XF\Mvc\Dispatcher->run()
#12 src/XF.php(391): XF\App->run()
#13 index.php(20): XF::runApp('XF\\Pub\\App')
#14 {main}

Request state

array(4) {
  ["url"] => string(15) "/login/two-step"
  ["referrer"] => string(92) "/login/two-step?_xfRedirect=https%3A%2F%2Fmysite.com%2F&remember=1"
  ["_GET"] => array(0) {
  }
  ["_POST"] => array(11) {
    ["publicKeyCredential"] => string(0) ""
    ["trust"] => string(1) "1"
    ["trust_permanent"] => string(1) "1"
    ["confirm"] => string(1) "1"
    ["provider"] => string(21) "dbtech_security_authn"
    ["remember"] => string(1) "1"
    ["_xfRedirect"] => string(23) "/"
    ["_xfToken"] => string(8) "********"
    ["_xfRequestUri"] => string(70) "/login/two-step?_xfRedirect=https%3A%2F%2Fmysite.com%2F&remember=1"
    ["_xfWithData"] => string(1) "1"
    ["_xfResponseType"] => string(4) "json"
  }
}

 

[DragonByte Tech]

@DragonByte Tech Getting Server error log.

Assert\InvalidArgumentException: Invalid data src/addons/DBTech/Security/vendor/beberlei/assert/lib/Assert/Assertion.php:2752

Generated by: Unknown account Jul 29, 2020 at 11:36 PM

Stack trace

#0 src/addons/DBTech/Security/vendor/beberlei/assert/lib/Assert/Assertion.php(319): Assert\Assertion::createException(0, 'Invalid data', 33, NULL, Array)
#1 src/addons/DBTech/Security/vendor/web-auth/webauthn-lib/src/PublicKeyCredentialLoader.php(78): Assert\Assertion::eq(0, 4, 'Invalid data')
#2 src/addons/DBTech/Security/vendor/web-auth/webauthn-lib/src/Server.php(221): Webauthn\PublicKeyCredentialLoader->load('')
#3 src/addons/DBTech/Security/Tfa/WebAuthn.php(265): Webauthn\Server->loadAndCheckAssertionResponse('', Object(Webauthn\PublicKeyCredentialRequestOptions), Object(Webauthn\PublicKeyCredentialUserEntity), Object(Nyholm\Psr7\ServerRequest))
#4 src/XF/Service/User/Tfa.php(129): DBTech\Security\Tfa\WebAuthn->verify('login', Object(Datio\AllowedEmails\XF\Entity\User), Array, Object(XF\Http\Request))
#5 src/XF/ControllerPlugin/Login.php(121): XF\Service\User\Tfa->verify(Object(XF\Http\Request), 'dbtech_security...')
#6 src/XF/Pub/Controller/Login.php(135): XF\ControllerPlugin\Login->runTfaCheck('https://nirjonm...')
#7 src/XF/Mvc/Dispatcher.php(350): XF\Pub\Controller\Login->actionTwoStep(Object(XF\Mvc\ParameterBag))
#8 src/XF/Mvc/Dispatcher.php(257): XF\Mvc\Dispatcher->dispatchClass('XF:Login', 'TwoStep', Object(XF\Mvc\RouteMatch), Object(xenMade\SEO\XF\Pub\Controller\Login), NULL)
#9 src/XF/Mvc/Dispatcher.php(113): XF\Mvc\Dispatcher->dispatchFromMatch(Object(XF\Mvc\RouteMatch), Object(xenMade\SEO\XF\Pub\Controller\Login), NULL)
#10 src/XF/Mvc/Dispatcher.php(55): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#11 src/XF/App.php(2190): XF\Mvc\Dispatcher->run()
#12 src/XF.php(391): XF\App->run()
#13 index.php(20): XF::runApp('XF\\Pub\\App')
#14 {main}

Request state

array(4) {
  ["url"] => string(15) "/login/two-step"
  ["referrer"] => string(92) "/login/two-step?_xfRedirect=https%3A%2F%2Fmysite.com%2F&remember=1"
  ["_GET"] => array(0) {
  }
  ["_POST"] => array(11) {
    ["publicKeyCredential"] => string(0) ""
    ["trust"] => string(1) "1"
    ["trust_permanent"] => string(1) "1"
    ["confirm"] => string(1) "1"
    ["provider"] => string(21) "dbtech_security_authn"
    ["remember"] => string(1) "1"
    ["_xfRedirect"] => string(23) "/"
    ["_xfToken"] => string(8) "********"
    ["_xfRequestUri"] => string(70) "/login/two-step?_xfRedirect=https%3A%2F%2Fmysite.com%2F&remember=1"
    ["_xfWithData"] => string(1) "1"
    ["_xfResponseType"] => string(4) "json"
  }
}

This is likely an unsupported hardware key, or the wrong hardware key used for that account.

 

[DragonByte Tech]

DragonByte Tech updated [DBTech] DragonByte Security with a new update entry:

4.4.0.1

Update highlights

This is a quick update to fix a logged error stemming from incorrect handling of a 404 error when calling the Have I Been Pwned? API.

Did you know that there are actual email accounts out there that have never been a victim of a data breach? Neither did I. How long ago was this feature implemented, 1-2 years ago? Crazy.

PS: For those waiting for a XenForo 2.2 version, it's still in testing @ DBTech.


Complete Change Log...

Read the rest of this update entry...

 

[Nirjonadda]

@DragonByte Tech Getting Server error log:

XF\Db\DuplicateKeyException: MySQL query error [1062]: Duplicate entry '5e032b2e1351f7fb7926ddab90c59f91-8' for key 'xf_dbtech_security_fingerprint_log.fingerprint_user_id' src/XF/Db/AbstractStatement.php:228

Generated by: arn43 Aug 29, 2020 at 12:10 PM

Stack trace

INSERT  INTO `xf_dbtech_security_fingerprint_log` (`user_id`, `fingerprint`, `ipaddress`, `components`, `fingerprint_log_id`, `dateline`) VALUES (?, ?, ?, ?, ?, ?)
------------

#0 src/XF/Db/Mysqli/Statement.php(196): XF\Db\AbstractStatement->getException('MySQL query err...', 1062, '23000')
#1 src/XF/Db/Mysqli/Statement.php(77): XF\Db\Mysqli\Statement->getException('MySQL query err...', 1062, '23000')
#2 src/XF/Db/AbstractAdapter.php(94): XF\Db\Mysqli\Statement->execute()
#3 src/XF/Db/AbstractAdapter.php(218): XF\Db\AbstractAdapter->query('INSERT  INTO `x...', Array)
#4 src/XF/Mvc/Entity/Entity.php(1463): XF\Db\AbstractAdapter->insert('xf_dbtech_secur...', Array, false)
#5 src/XF/Mvc/Entity/Entity.php(1195): XF\Mvc\Entity\Entity->_saveToSource()
#6 src/addons/DBTech/Security/Watcher/NewStaffFingerprint.php(70): XF\Mvc\Entity\Entity->save()
#7 src/addons/DBTech/Security/Watcher/AbstractHandler.php(172): DBTech\Security\Watcher\NewStaffFingerprint->preCheck(Array, Object(Datio\AllowedEmails\XF\Entity\User))
#8 src/addons/DBTech/Security/Pub/Controller/Fingerprint.php(37): DBTech\Security\Watcher\AbstractHandler->trigger(Array, Object(Datio\AllowedEmails\XF\Entity\User))
#9 src/XF/Mvc/Dispatcher.php(350): DBTech\Security\Pub\Controller\Fingerprint->actionIndex(Object(XF\Mvc\ParameterBag))
#10 src/XF/Mvc/Dispatcher.php(257): XF\Mvc\Dispatcher->dispatchClass('DBTech\\Security...', 'Index', Object(XF\Mvc\RouteMatch), Object(DBTech\Security\Pub\Controller\Fingerprint), NULL)
#11 src/XF/Mvc/Dispatcher.php(113): XF\Mvc\Dispatcher->dispatchFromMatch(Object(XF\Mvc\RouteMatch), Object(DBTech\Security\Pub\Controller\Fingerprint), NULL)
#12 src/XF/Mvc/Dispatcher.php(55): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#13 src/XF/App.php(2190): XF\Mvc\Dispatcher->run()
#14 src/XF.php(391): XF\App->run()
#15 index.php(20): XF::runApp('XF\\Pub\\App')
#16 {main}