Fillip H.

Staff member
Owner
Developer
Customer
Hey all,

We're releasing vBSecurity v2.1.0 in order to add a multitude of new features. This version has two main focus points: "Quality of Life" changes, as well as additional log displays.

We have added the ability to re-send both the admin and user IP verification emails, in response to certain users experiencing severe delays or lack of receiving the email entirely.

There have also been improvements to the code that handles Watcher actions; IP bans are no longer applied to IP addresses that have previously been verified by administrators or members.

For logging, we've added multiple improvements, with the most important being restriction on viewing the logs; Only administrators with the "Can View Admin Logs" config.php permission may now view the vBSecurity logs. This helps reduce the impact of a breach of security on your AdminCP.

Four new log displays have been added; Potentially Compromised Accounts, Watchers, User IP Verification and Admin IP Verification.
Potentially Compromised Accounts displays a list of all accounts that have been accessed by a user that has previously attempted to login with other user names.
Watchers displays a list of all Watcher log entries.
User IP Verification displays a list of all user IP verification requests and their status
Admin IP Verification displays a list of all admin IP verification requests and their status

Lastly, we have also added "Country" display for the IP Address Search and IP Host Lookup pages. This requires the downloadable GeoLite2 (GeoIP 2 Lite Database) downloaded onto your server. You can specify the path to the file via a vBulletin Option, which also contains a link to the download page on the MaxMind site (free, no registration required).


If you like the product you can show your support by nominating it for mod of the month here: vBSecurity v2 (vB4) - vBulletin.org Forum or here vBSecurity v2 [AJAX] (vB3) - vBulletin.org Forum, and also please rate it to help cancel out the users who 1 star our mods.


Complete Change Log

vBSecurity v2.1.0

New Features:

IP Verification
  • IP addresses that have been verified by users or administrators will no longer be subject to IP bans
  • Helps prevent false positives

Admin IP Verification: Re-Send Emails
  • Administrators can request to re-send the email to verify their IP address
  • Useful if the email takes a long time to arrive for whatever reason

User IP Verification: Re-Send Emails
  • Users can request to re-send the email to verify their IP address
  • Useful if the email takes a long time to arrive for whatever reason

Security Watcher Display
  • The time period for the Security Watcher display can be configured
  • Default: 7 days
  • Controlled via vBulletin Options

(Pro) User IP Verification: Admin Control
  • Super Administrators can disable a member’s IP verification setting via the AdminCP user management screen
  • Accessed via the User Manager

(Pro) IP Address Search: Country Display
  • The IP Address Search screen includes the IP address' country, if your system supports this
  • Requires GeoIP2 downloaded database on your server
  • Controlled via vBulletin Options

(Pro) IP Host Lookup: Country Display
  • The IP Host Lookup screen includes the IP address' country, if your system supports this
  • Requires GeoIP2 downloaded database on your server
  • Controlled via vBulletin Options

(Pro) IP Address Search: IP Usage
  • The IP Address Search displays the first and last logged date for a particular IP in the "Logged IP Addresses" list
  • Only displays IP addresses since v2.0.0 was installed.

(Pro) Compromised Accounts Log
  • Displays a list of accounts flagged as potentially compromised
  • Quick links to users' logged IP addresses as well as displaying current IP address
  • Fully searchable
  • Can only be viewed by administrators with the "Can View Admin Logs" config.php permission
  • Can be pruned by administrators with the "Can Prune Admin Logs" config.php permission

(Pro) Watcher log
  • Displays the complete list of all Watcher log entries
  • Can be filtered by individual watchers
  • Fully searchable
  • Can only be viewed by administrators with the "Can View Admin Logs" config.php permission
  • Can be pruned by administrators with the "Can Prune Admin Logs" config.php permission

(Pro) User IP Verification log
  • Displays the complete list of all user IP Verification entries
  • Displays whether the IP has been verified or not
  • Fully searchable
  • Can only be viewed by administrators with the "Can View Admin Logs" config.php permission
  • Can be pruned by administrators with the "Can Prune Admin Logs" config.php permission

(Pro) Admin IP Verification log
  • Displays the complete list of all admin IP Verification entries
  • Displays whether the IP has been verified or not
  • Fully searchable
  • Can only be viewed by administrators with the "Can View Admin Logs" config.php permission
  • Can be pruned by administrators with the "Can Prune Admin Logs" config.php permission


Changes To Existing Features:


  • Consolidated the code that applies watcher actions to enable easy extension in the future
  • Config Tampering alerts can now be reset
  • Reworded one of the new Log Prune options to clarify what exactly it’s pruning
  • All log pages now require the config.php "Can View Admin Logs" setting for additional security
  • "AdminCP Logins Viewer" now uses username search instead of a drop-down for improved performance
  • "Admin Strikes Viewer" should now perform better as a result of removal of an unreliable feature
  • "Login Strikes Viewer" now uses username search instead of a drop-down for improved performance
  • "IP Ban Log Viewer" now allows you to filter by action when pruning the log


Bug Fixes:
  • An issue where limiting the IP Ban Log by action would not work as intended has been corrected
  • "Failed Admin Logins" have been moved to the "Logins" watcher group, as was intended


As always, thank you for your continued support!

Discuss this news here.
 
Back
Top