Hey all,
In today's online space, the weak point when it comes to security is often not the server itself, but rather that people are using weaker passwords. In other words, it's easier to guess someone's insecure password than it is to break in to your server. For that reason, vBSecurity v1.1.1 contains three new features to boost this aspect of your forum's security.
First and foremost is Password Rules. This feature will let you define a set of rules for your members' passwords per-usergroup, denying the ability to submit the Registration (works with our Advanced Registration mod!) or Change Password forms until the rules have been satisfied. You can choose any combination of these rules: Length, Lower-case, Upper-case, Numbers, Symbols.
In other words, you can make it so that a password will need to be at least 8 characters long, contain both upper- and lower-case characters and at least one number and symbol.
These rules can be set individually in the Usergroup Manager, or you can change each usergroup simultaneously via the new "Security Settings: Passwords" page in your AdminCP menu.
This feature is a Pro-only feature.
Secondly, we have Password Reset. If all else has failed, and a malicious individual has gained access to your database (meaning the individual has the ability to decrypt all your staff and members' passwords), you can quickly force a password reset via our new "Maintenance" page.
This will change the password for all users (except yourself, otherwise you'd be locked out of the ACP) to a random number and email the user letting them know; that their password was reset by an administrator for security reasons, their account name and password, and the link to change their password to a personalised password.
Last but by no means least, you now have the option of enabling a small table above your normal ACP menu that will tell you if your currently active IP matches the last IP you logged in to the ACP with, similar to Google Mail's unauthorised account access displays.
This can be quite useful for determining if someone else may have accessed the AdminCP in your name.
There's also a log browser for these new access logs, that still require the same view & prune permissions as vBulletin logs do, for added levels of security.
Additionally, this version addresses an issue in which if you use [vSA] Login As User and access the AdminCP while logged in as a non-admin, vBSecurity will no longer email the user you are logged in as with a link to authorise your IP address.
If you like the product you can show your support by nominating it for mod of the month here: vBSecurity v1 (vB4) - vBulletin.org Forum or here vBSecurity v1 [AJAX] (vB3) - vBulletin.org Forum, and also please rate it to help cancel out the users who 1 star our mods.
Complete Change Log
vBSecurity v1.1.1
(Pro) Password Rules
Password Reset
ACP Access Log / Verifier
General / Other
Fix: Using [vSA] Login As User and accessing the AdminCP while logged in as a non-admin will no longer email the user you are logged in as with a link to authorise your IP address.
As always, thank you for your continued support
[/QUOTE]
Discuss this news here.
In today's online space, the weak point when it comes to security is often not the server itself, but rather that people are using weaker passwords. In other words, it's easier to guess someone's insecure password than it is to break in to your server. For that reason, vBSecurity v1.1.1 contains three new features to boost this aspect of your forum's security.
First and foremost is Password Rules. This feature will let you define a set of rules for your members' passwords per-usergroup, denying the ability to submit the Registration (works with our Advanced Registration mod!) or Change Password forms until the rules have been satisfied. You can choose any combination of these rules: Length, Lower-case, Upper-case, Numbers, Symbols.
In other words, you can make it so that a password will need to be at least 8 characters long, contain both upper- and lower-case characters and at least one number and symbol.
These rules can be set individually in the Usergroup Manager, or you can change each usergroup simultaneously via the new "Security Settings: Passwords" page in your AdminCP menu.
This feature is a Pro-only feature.
Secondly, we have Password Reset. If all else has failed, and a malicious individual has gained access to your database (meaning the individual has the ability to decrypt all your staff and members' passwords), you can quickly force a password reset via our new "Maintenance" page.
This will change the password for all users (except yourself, otherwise you'd be locked out of the ACP) to a random number and email the user letting them know; that their password was reset by an administrator for security reasons, their account name and password, and the link to change their password to a personalised password.
Last but by no means least, you now have the option of enabling a small table above your normal ACP menu that will tell you if your currently active IP matches the last IP you logged in to the ACP with, similar to Google Mail's unauthorised account access displays.
This can be quite useful for determining if someone else may have accessed the AdminCP in your name.
There's also a log browser for these new access logs, that still require the same view & prune permissions as vBulletin logs do, for added levels of security.
Additionally, this version addresses an issue in which if you use [vSA] Login As User and access the AdminCP while logged in as a non-admin, vBSecurity will no longer email the user you are logged in as with a link to authorise your IP address.
If you like the product you can show your support by nominating it for mod of the month here: vBSecurity v1 (vB4) - vBulletin.org Forum or here vBSecurity v1 [AJAX] (vB3) - vBulletin.org Forum, and also please rate it to help cancel out the users who 1 star our mods.
Complete Change Log
vBSecurity v1.1.1
(Pro) Password Rules
- Per-usergroup password rules
- Length, Lower-case, Upper-case, Numbers, Symbols
- Enforces the rules before the form can be submitted
- Works on Registration and Change Password in the UserCP
- Works with [DBTech] Advanced Registration
Password Reset
- Found under "Maintenance" in the AdminCP menu for this mod
- Resets all users' password to a random number
- Emails user detailing the password was reset for security reasons
- Contains username included in the email in case they forgot
- Contains direct link to the Change Password form in the UserCP
ACP Access Log / Verifier
- Small table above the normal ACP menu displays current & last logged in IP for the current admin
- Settable colours for IP Match / IP Mismatch
- ACP Access Log browser
- Ability to prune ACP Access Log (separate from vBulletin built-in logs)
- Ability to turn system off via vBulletin Options
General / Other
Fix: Using [vSA] Login As User and accessing the AdminCP while logged in as a non-admin will no longer email the user you are logged in as with a link to authorise your IP address.
As always, thank you for your continued support
[/QUOTE]Discuss this news here.
