XenLoginSecurity [Paid] [Deleted]

tenants

tenants

Well-known member
tenants submitted a new resource:

XenLoginSecurity (version 1.0.0) - IP Address Account Login Protection

XenLoginSecurity - IP Address Account Login Protection

  • Protect your account from access / brute force attempts by only allowing specified IP ranges to Login for that account
  • XenLoginSecuity is permissions based, so any account can be granted this option (Admins / Moderators / Usergroups / Individuals)
  • Once granted the permissions, users can turn this on / off from their account >> Personal Details >> Login Security
  • User can define a list...
Click to expand...

Read more about this resource...
 
To Do List

1) Expose the logging information in the ACP (currently attempts are logged in the database, this just needs to be exposed)
 
another great add-on the only cons I see from this is that you may want to access your forum from someone else computer or maybe from a library :unsure:
 
and then it will automatic send you an email with a link to log in from, it will also send you the IP address... you can then choose to add this IP address to your secure locations
 
For some, it could be a bit irritating if you have a variable IP address.. but you only need to check your email to login from a "safe" link

The thing I use it for is to just protect my important accounts (the admin accounts), these are accounts I do not use that often anyway, but it does give me a piece of mind knowing they are a lot safer.
 
tenants said:
For some, it could be a bit irritating if you have a variable IP address.. but you only need to check your email to login from a "safe" link

The thing I use it for is to just protect my important accounts (the admin accounts), these are accounts I do not use that often anyway, but it does give me a piece of mind knowing they are a lot safer.
Click to expand...
100% Right :)
 
Probably an obvious question, but could a MAC address be used for a similar thing? Since I tend to always have my laptop with me, this might be preferable to IP.
 
Hmm.. not easily.

The MAC address isn't sent in the header (I belive this is overwitten by the client router before it gets to the server), so we can't obtain it directly with the server side PHP

If it was to be obtained from the computer, it would need some sort of trust authenitcation / client side language
In a sense, the MAC address is only avaiable to the client machine

I've seen some scripts that obtain this with ActiveX (but thats an old techniqute and limits your self to only work with one browser... we never want to go down that route)
It's also possible to do this with an applet (but once again, we start going down a messy route)

So no, at least I can't currently see a way, MAC addresses can't really be used here

(If I could find a way, I could add it as an option for those that really wanted it)
 
Tenants, I do have a question about this add on. Most of my members are traveling the globe, including me. So this would mean that people would not be able to login from their travels, which would be a huge deal killer because that is in big part what our forum is about (being free to live anywhere we want while being about purpose).

So ranges of IPs is not going to fix this because one day I may be in San Francisco and the next week in Switzerland.

What do you think?
 
You only need to apply it the the accounts you want thoroughly protect

For instance, I use it on my super admin (I too have a variable IP address)

That user is the user I login to the ACP with (I rarely use it on the forum)

If my IP changes, and I try to login with that user I cant. However, if I try to log in to the form with that user (I still cant), but it then sends me an email with a "safe" link that I can login with.
I can then login and add my new IP address to the list of allowed IP address, I'll then be able to log in/log out of the forum and ACP
 
HWS said:
You can allow to install a secure cookie at an authorized machine and allow bypass for a machine with that cookie.
Click to expand...

Then we have a possibility that cookie theft could bypass this... as it stands, only knowing and using the correct IP address will allow you to log in (and you would still need to know the correct password)

... I see your trail of thought and I like it, but I don't want to give any alternative pathways of abuse
 
Mike, I'm having trouble at the step where I'm supposed to install the file from server in the admin panel. I extracted the files and uploaded that folder into the library folder in the public_html folder (using Filezilla). But when I try to install library/XenLoginSecurity/addon-XenLoginSecurity.xml it gives me an error message (invalid file name). I have this problem frequently because I can't quite figure out what the exact url is. When I click on the filezilla directory to see where the file is, it gives me this url, /public_html/library/LoginUserLocks_v1_0_1. I tried entering that in the 'install from server' area but that gives me an error message too. Then I tried with this http://corefreedom.com/public_html/library/LoginUserLocks_v1_0_1 but it still gives me an error message. Can you help?
 
it's okay, this sounds like a location or a file name issue,

If you look at my front page, I always add steps to install

Make sure you have the file strucutre
http:// www. yourforum.com/library/XenLoginSecurity/addon-XenLoginSecurity.xml

This is what my folder structure looks like:
myftp.webp



Then you can use
  • Go to ACP -> Add-ons -> Install Add-on -> Install from file on server
  • Install from file on server: " library/XenLoginSecurity/addon-XenLoginSecurity.xml"
Make sure there are no spaces, also make sure that the path looks the same and the file name is correct "addon-XenLoginSecurity.xml"
There is an addon that makes installing easier (Chris Deeming's Addon Installer), I will have to make sure all my future are compatible with it.
 
My structure looks totally different. I seem to be missing this folder: XenLoginSecurity

Is t his a folder I have to create within the library folder?
 
That's my fault ...grrrr to myself

Create the folder "XenLoginSecurity" inside the library folder, then add the content of the zip to the folder (so it has the same structure as the image above).
I'm going to make sure plugins are always compatible with the Chiss's plugin in future
 
Okay, I thought I was going nuts. :-)

I created a folder and then dragged your folder into that and it shows this link:

/public_html/library/XenLoginSecurity/LoginUserLocks_v1_0_1

When I go to the "install through server' area and enter either /public_html/library/XenLoginSecurity/LoginUserLocks_v1_0_1 or with the http in front of it, it still gives me an error message. :-(
 
You must log in or register to reply here.

Similar threads

Jkay
Add-on [paid] deleted users implementation of schema.org meta data
Replies
1
Views
561
Thibeault
T
Back
Top Bottom