Hey all,
DragonByte Technologies is proud to present our fifth modern xenForo modification; DragonByte Security v3.0.0 Beta 1! This is a re-write of our existing vBSecurity product, focusing on feature parity with our existing vB3/vB4 version, as well as adding new features.
You can find the product information here: DragonByte Security!
DragonByte keeps a watchful eye over your forum even when you are not there, and has the capability to alert you of any suspicious activity.
Uses
DragonByte is the ideal product for forums that are concerned about security, or wish to be alerted when something suspicious happens. Featuring multiple "Security Watchers" such as Failed Logins and Failed AdminCP Logins, you can set up different "tiers" of actions to be taken when certain thresholds are met. For example, if someone tries to log in to 5 different accounts from the same IP address in 1 hour, you can alert the webmaster. If they try 15 accounts in 1 hour, ban the IP address from your forum entirely.
It keeps a watchful eye on your configuration file, ensuring that it does not get modified by mods or plugins. You can also optionally receive email alerts when any template is modified, including a colourised change log, so you can easily see if someone has added malicious code to your templates.
Add in the ability to permanently trust devices in your XenForo's Two-Factor Authentication module, as well as managing trusted devices and login sessions via your Account page, DragonByte can easily be called one of the most comprehensive security suites for your XenForo forum.
Major Features
Security Watchers: Keep an eye on the most important aspects of XenForo: config.php tampering, AdminCP / User Account access attempts, XenForo Options, User Data, Usergroup Settings and Usergroup Permissions.
Detailed changelogs available for each watcher dealing with changes.
IP Ban, User Ban, Email alerts and temporary forum closure options available for each watcher individually.
Password Expiry: Passwords can be set to expire on a per-usergroup basis after X days. Users will be redirected to the password management screen with a notice saying why they need to change their password.
Password Rules: Set rules for new passwords per-usergroup; minimum length, must contain lower-case, must contain upper-case, must contain numbers, must contain symbols. Can even be applied to new registrations by setting the usergroup permissions for the "Unregistered" group.
Device Trust: Permanently trust a device / IP address combination (optional; on top of XenForo's native 30-day trust) as well as the ability to revoke trust at any time via the Two-Factor Authentication page in your Account page.
Session Management: Easily see all devices your account is currently signed in at (since installing this mod), with the ability to one-click log out any devices you do not recognise.
Complete Feature List
Options
Usergroup Permissions
Browsable Logs
Security Watchers
Search IP Addresses
Manage Settings Backups
Mass Forced Password Change
Mass Password Reset
Password Rules
Trusted Devices Management
Session Management
Login Failure Response
Core File Alterations
Template Alterations
Tor Exit Node Blocking
Screenshots:
Discuss this news here.
DragonByte Technologies is proud to present our fifth modern xenForo modification; DragonByte Security v3.0.0 Beta 1! This is a re-write of our existing vBSecurity product, focusing on feature parity with our existing vB3/vB4 version, as well as adding new features.
You can find the product information here: DragonByte Security!
DragonByte keeps a watchful eye over your forum even when you are not there, and has the capability to alert you of any suspicious activity.
Uses
DragonByte is the ideal product for forums that are concerned about security, or wish to be alerted when something suspicious happens. Featuring multiple "Security Watchers" such as Failed Logins and Failed AdminCP Logins, you can set up different "tiers" of actions to be taken when certain thresholds are met. For example, if someone tries to log in to 5 different accounts from the same IP address in 1 hour, you can alert the webmaster. If they try 15 accounts in 1 hour, ban the IP address from your forum entirely.
It keeps a watchful eye on your configuration file, ensuring that it does not get modified by mods or plugins. You can also optionally receive email alerts when any template is modified, including a colourised change log, so you can easily see if someone has added malicious code to your templates.
Add in the ability to permanently trust devices in your XenForo's Two-Factor Authentication module, as well as managing trusted devices and login sessions via your Account page, DragonByte can easily be called one of the most comprehensive security suites for your XenForo forum.
Major Features
Security Watchers: Keep an eye on the most important aspects of XenForo: config.php tampering, AdminCP / User Account access attempts, XenForo Options, User Data, Usergroup Settings and Usergroup Permissions.
Detailed changelogs available for each watcher dealing with changes.
IP Ban, User Ban, Email alerts and temporary forum closure options available for each watcher individually.
Password Expiry: Passwords can be set to expire on a per-usergroup basis after X days. Users will be redirected to the password management screen with a notice saying why they need to change their password.
Password Rules: Set rules for new passwords per-usergroup; minimum length, must contain lower-case, must contain upper-case, must contain numbers, must contain symbols. Can even be applied to new registrations by setting the usergroup permissions for the "Unregistered" group.
Device Trust: Permanently trust a device / IP address combination (optional; on top of XenForo's native 30-day trust) as well as the ability to revoke trust at any time via the Two-Factor Authentication page in your Account page.
Session Management: Easily see all devices your account is currently signed in at (since installing this mod), with the ability to one-click log out any devices you do not recognise.
Complete Feature List
Options
- Display Version Number
- Enable Modification
- Reason For Turning The Modification Off
- Block Tor Exit Nodes
- Security Breach Closed Reason
- Security Watcher: Display Limit
- Compromised Account Alert: Limit
- Enable File Health Check
- Enable Template Modification Check
- Prune "Admin Strikes Log" (Days)
- Prune "Login Strikes Log" (Days)
- Prune "IP Matcher Log" (Days)
- (Pro) GeoIP2 File Path
Usergroup Permissions
- Minimum Password Length
- Password Requires Lower-case Characters
- Password Requires Upper-case Characters
- Password Requires Numbers
- Password Requires Symbols
- Password Expiry (Days)
Browsable Logs
- Admin Login Strikes: Failed AdminCP Logins
- Login Strikes: Failed Front-End Logins
- Change Log: Edits such as new user groups, deleted user groups, permission changes, etc
- IP Ban Log: IP addresses banned by security watchers
- Compromised Log: Accounts that have been successfully logged in to after a number of failed logins
- Watcher Log: Security watcher triggers
- Filtering / Sorting options
Security Watchers
General- config.php Variable Tampering
- AdminCP Access Attempts
- Failed Logins
- Failed Mass Logins
- Failed Non-Existent Logins
- Failed Mass Non-Existent Logins
- Whitelisted IP Addresses
- Whitelisted IP Addresses - Exclude Super Administrators
- Board is Active
- Inactive Board Message
- User Name
- Password
- Primary Usergroup
- Additional Usergroups
- Receive Admin Emails
- New Usergroup
- Deleted Usergroup
- Forum Permissions
- Admin Permissions
Search IP Addresses
- By user name
- By IP address
- Depth (searches for other users / other IP addresses as well)
- Search New IPs - This search lets you find whether any user account has been accessed by a new IP address since a specific date
- Find Multi-Account Access IPs - This search lets you find what IP addresses have accessed multiple accounts, if any
Manage Settings Backups
- A full "dump" of the current XenForo settings are backed up automatically via a cron job
- Can be manually saved via this page
- Can be loaded via this apge
Mass Forced Password Change
- Found under "Maintenance" in the AdminCP menu for this mod
- Forces all users to change password the next time they visit the forum
- Redirects users to the Change Password form in the Account page
Mass Password Reset
- Found under "Maintenance" in the AdminCP menu for this mod
- Uses XenForo's own system for generating new random passwords
- Uses XenForo's email template for sending notifications of the reset in order to maximise familiarity for users
Password Rules
- Per-usergroup password rules
- Length, Lower-case, Upper-case, Numbers, Symbols
- Enforces the rules before the form can be submitted
- Works on Registration and Change Password in the Account page
Trusted Devices Management
- Optionally trust devices permanently when logging in with Two-Factor Authentication
- See a list of all trusted devices in the Two-Factor Authentication page in the "Your Account" page
- Revoke device trust with one click
Session Management
- Track all devices currently logged in to your account
- See a list of all currently logged devices in a new Login Sessions page in the "Your Account" page
- Force a device to log out with one click
- Only works with devices that have accessed the forum since installing the mod, but does not require logout/login
Login Failure Response
- Login failures are modified to give the same response if the user name or password is wrong
- Helps prevent brute forcing by not giving attackers an indication of what accounts are valid
Core File Alterations
- File health is checked every 15 minutes via a cron job
- Receive an email when core files are altered
- Uses XenForo's file health check to check all core XenForo files
- Shows a list of altered files in the email
Template Alterations
- Optionally receive an email when a template is altered
- Includes direct link to view the template history
- Shows a diff similar to the template history
- Can be toggled in the Options for this mod
Tor Exit Node Blocking
- Optionally block Tor exit nodes
- List of exit nodes for your site is updated via a cron job
- Can be toggled in the Options for this mod
Screenshots:
Discuss this news here.
