Easy overview of the most common methods you can use to improve the security of your forum, with minimal technical knowledge needed.
.htaccess-like logins for your administrators means that even if they use the same password on multiple sites, malicious users still need a fresh, unique password to log in.
Keep an eye on the most important aspects of vBulletin: config.php tampering, AdminCP / User Account access attempts, vBulletin Options, User Data, Usergroup Settings and Usergroup Permissions.
Detailed changelogs available for each watcher dealing with changes.
IP Ban, User Ban, Email alerts and temporary forum closure options available for each watcher individually.
* Searchable list of all AdminCP access attempts
* Searchable list of all failed login attempts
* Searchable list of administrator changes for areas governed by the Security Watchers
* Security Recommendations for common steps to improve forum / server security
* vBOption: IP Address whitelist for AdminCP access
* vBOption: Separate "Closed Reason" for closures that happened due to potential security breaches
* Quick setting page for the most important vBulletin Options security settings
* Quick setting page for the most important Usergroup security settings
* Security Watchers: General - config.php Variable Tampering, AdminCP Access Attempts
* Security Watchers: Logins - Failed Logons, Failed Mass Logons
* Security Watchers: vBOptions - vBulletin Active, Reason For Turning vBulletin Off, Banned Email Addresses, Banned IP Addresses, Use Login "Strikes" System, Whitelisted IP Addresses, Whitelisted IP Addresses - Exclude Super Administrators
* Security Watchers: User Data - User Name, Password, Email, Primary Usergroup, Additional Usergroups, Reputation Level, Warnings, Infractions, Infraction Points, Receive Admin Emails
* Security Watcher Actions: 2 thresholds with individual configuration options, IP Ban / User Ban / Email Webmaster / Close Forum options available for each Watcher option listed above. Some watcher options may not have all actions.
ACP Access Log / Verifier
- Found under "Maintenance" in the AdminCP menu for this mod
- Resets all users' password to a random number
- Emails user detailing the password was reset for security reasons
- Contains username included in the email in case they forgot
- Contains direct link to the Change Password form in the UserCP
- Small table above the normal ACP menu displays current & last logged in IP for the current admin
- Settable colours for IP Match / IP Mismatch
- ACP Access Log browser
- Ability to prune ACP Access Log (separate from vBulletin built-in logs)
- Ability to turn system off via vBulletin Options
* Optional .htaccess-like login on a per-administrator basis
* Settings Snapshots - take a "snapshot" of how the vBulletin Options look at the time, instant restore by clicking Load on a previous snapshot
* Security Watchers: Usergroup - Password Expiry, Password History, every usergroup permission group, every "value" permission
* IP Guard: Administrator IP Address authorisation scheme (similar to Steam Guard) - Require email verification for new IP addresses to access the AdminCP, per-administrator disable
(Pro) Password Rules
- Per-usergroup password rules
- Length, Lower-case, Upper-case, Numbers, Symbols
- Enforces the rules before the form can be submitted
- Works on Registration and Change Password in the UserCP
- Works with [DBTech] Advanced Registration