Xenforo 2.1 Dragonbyte Security XF 2.2 Addon

BattleKing

Spirit of darkness
Staff member
Administrator
Moderator
+Lifetime VIP+
S.V.I.P Member
Collaborate
Registered
Joined
May 24, 2020
Messages
3,497
Points
523

Reputation:

Cumminator

Well-known member
Registered
Joined
Mar 18, 2021
Messages
97
Points
28

Reputation:

View previous replies…

BattleKing

Spirit of darkness
Staff member
Administrator
Moderator
+Lifetime VIP+
S.V.I.P Member
Collaborate
Registered
Joined
May 24, 2020
Messages
3,497
Points
523

Reputation:

Cumminator

Well-known member
Registered
Joined
Mar 18, 2021
Messages
97
Points
28

Reputation:

Ups just recognize, for that a higher account upgrade is required, it is in the Verified SVIP Member Club Resources Sections
BattleKingAnyways to prevent xrummer to spam? Somehow they bypass recaptcha and hcaptcha. Sends spam messages to users and creates spam threads
 

BattleKing

Spirit of darkness
Staff member
Administrator
Moderator
+Lifetime VIP+
S.V.I.P Member
Collaborate
Registered
Joined
May 24, 2020
Messages
3,497
Points
523

Reputation:

Anyways to prevent xrummer to spam? Somehow they bypass recaptcha and hcaptcha. Sends spam messages to users and creates spam threads
CumminatorMajor Features
Security Watchers:
Keep an eye on the most important aspects of XenForo: config.php tampering, AdminCP / User Account access attempts, XenForo Options, User Data, Usergroup Settings and Usergroup Permissions.
Detailed changelogs available for each watcher dealing with changes.
IP Ban, User Ban, Email alerts and temporary forum closure options available for each watcher individually.
Password Expiry: Passwords can be set to expire on a per-usergroup basis after X days. Users will be redirected to the password management screen with a notice saying why they need to change their password.
Password Rules: Set rules for new passwords per-usergroup; minimum length, must contain lower-case, must contain upper-case, must contain numbers, must contain symbols. Can even be applied to new registrations by setting the usergroup permissions for the "Unregistered" group.
Device Trust: Permanently trust a device / IP address combination (optional; on top of XenForo's native 30-day trust) as well as the ability to revoke trust at any time via the Two-Factor Authentication page in your Account page.
Session Management: Easily see all devices your account is currently signed in at (since installing this mod), with the ability to one-click log out any devices you do not recognise.
"Bad Behavior" Integration: Integrate with http://bad-behavior.ioerror.us/ to detect malicious traffic and block it using this easy-to-use, free (at the time of writing) remote detection service.
Complete Feature List

Options

  • Display Version Number
  • Enable Modification
  • Reason For Turning The Modification Off
  • Block Tor Exit Nodes
  • Security Breach Closed Reason
  • Security Watcher: Display Limit
  • Compromised Account Alert: Limit
  • Compromised Account Alert: Alert Staff
  • Compromised Account Alert: Lock Account
  • Enable File Health Check
  • Enable Template Modification Check
  • Prune "Admin Strikes Log" (Days)
  • Prune "Login Strikes Log" (Days)
  • Prune "IP Matcher Log" (Days)
  • (Pro) GeoIP2 File Path
Bad Behavior
  • Enable Bad Behaviour Detection
  • Enable Strict Mode
  • Enable Logging
  • Enable Verbose Logging
  • Disable EU Cookie Exemption
  • Exempt Registered Members
  • Reverse Proxy
  • http:BL API Key
  • http:BL Threat Level
  • http:BL Maximum Age
Usergroup Permissions
  • Minimum Password Length
  • Password Requires Lower-case Characters
  • Password Requires Upper-case Characters
  • Password Requires Numbers
  • Password Requires Symbols
  • Password Expiry (Days)
Browsable Logs
  • Admin Login Strikes: Failed AdminCP Logins
  • Login Strikes: Failed Front-End Logins
  • Change Log: Edits such as new user groups, deleted user groups, permission changes, etc
  • IP Ban Log: IP addresses banned by security watchers
  • Compromised Log: Accounts that have been successfully logged in to after a number of failed logins
  • Watcher Log: Security watcher triggers
  • Fingerprint Log: Users' browser fingerprints
  • Filtering / Sorting options
Security Watchers
  • General
    • config.php Variable Tampering
  • Logins
    • AdminCP Access Attempts
    • Failed Logins
    • Failed Mass Logins
    • Failed Non-Existent Logins
    • Failed Mass Non-Existent Logins
  • XenForo Options
    • Whitelisted IP Addresses
    • Whitelisted IP Addresses - Exclude Super Administrators
    • Board is Active
    • Inactive Board Message
  • User Data
    • User Name
    • Password
    • Email
    • Primary Usergroup
    • Additional Usergroups
    • Receive Admin Emails
  • Permissions
    • New Usergroup
    • Deleted Usergroup
    • Forum Permissions
    • Admin Permissions
  • Fingerprints
    • New Device Fingerprints (Member Accounts)
    • New Device Fingerprints (Staff Accounts)
Compromised Account Lock
  • Ability to lock an account if it's detected as compromised
  • Prevents any action on the forum
  • The user whose account was logged in to will need to click a link in their email inbox to unlock their account
Compromised Account Alert
  • Alert staff when an account has potentially been compromised
Security Watcher: Failed Staff Logins
  • Identical to "Failed Logins" watcher, except only for staff accounts
  • Allows you to set stricter rules for staff accounts, or optionally only alert the webmaster if a staff account is broken into
  • Failed Staff Logins can lock the account in one of two ways; User Unlock or Admin Unlock. Admin Unlock requires an administrator (other than the affected user) to unlock the account.
Search IP Addresses
  • By user name
  • By IP address
  • Depth (searches for other users / other IP addresses as well)
  • Search New IPs - This search lets you find whether any user account has been accessed by a new IP address since a specific date
  • Find Multi-Account Access IPs - This search lets you find what IP addresses have accessed multiple accounts, if any
  • Suspect IP Range Search - Collates IPs from various DB Security logs and matches partial IPs to detect suspicious IP ranges
  • Find Potential Intruder IP Addresses - Displays a list of IP addresses who have failed to login to valid member accounts more than once
Country Blocking
  • You can now block any country from your forum easily by selecting the country via the new AdminCP page
  • Uses XenForo's IP Ban system to ban the IP ranges assigned to each country
Browser Fingerprinting
  • You can enable browser fingerprinting and have this logged alongside a member's user ID and IP address
  • Used in two new security watchers
  • Defaults to off
Manage Settings Backups
  • A full "dump" of the current XenForo settings are backed up automatically via a cron job
  • Can be manually saved via this page
  • Can be loaded via this apge
Forced Password Change
  • Forces all users to change password the next time they visit the forum
  • Redirects users to the Change Password form in the Account page
  • Can be limited to only force password change for users without 2FA enabled
  • Can be limited to only force password change for users who have been inactive for X days
Mass Password Reset
  • Uses XenForo's own system for generating new random passwords
  • Uses XenForo's email template for sending notifications of the reset in order to maximise familiarity for users
  • Can be limited to only reset passwords for users without 2FA enabled
  • Can be limited to only reset passwords for users who have been inactive for X days
Password Rules
  • Per-usergroup password rules
  • Length, Lower-case, Upper-case, Numbers, Symbols
  • Enforces the rules before the form can be submitted
  • Works on Registration and Change Password in the Account page
Trusted Devices Management
  • Optionally trust devices permanently when logging in with Two-Factor Authentication
  • See a list of all trusted devices in the Two-Factor Authentication page in the "Your Account" page
  • Revoke device trust with one click
Session Management
  • Track all devices currently logged in to your account
  • See a list of all currently logged devices in a new Login Sessions page in the "Your Account" page
  • Force a device to log out with one click
  • Only works with devices that have accessed the forum since installing the mod, but does not require logout/login
Login Failure Response
  • Login failures are modified to give the same response if the user name or password is wrong
  • Helps prevent brute forcing by not giving attackers an indication of what accounts are valid
Template Alterations
  • Optionally receive an email when a template is altered
  • Includes direct link to view the template history
  • Shows a diff similar to the template history
  • Can be toggled in the Options for this mod
Tor Exit Node Blocking
  • Optionally block Tor exit nodes
  • List of exit nodes for your site is updated via a cron job
  • Can be toggled in the Options for this mod
 

fully1337

Member
Registered
Joined
Oct 1, 2021
Messages
9
Points
13

Reputation:

has this resource been removed? there is a new update for this (version 4.6.4), and im currently at 4.3.2 :/

much appreciated!
 

BattleKing

Spirit of darkness
Staff member
Administrator
Moderator
+Lifetime VIP+
S.V.I.P Member
Collaborate
Registered
Joined
May 24, 2020
Messages
3,497
Points
523

Reputation:

has this resource been removed? there is a new update for this (version 4.6.4), and im currently at 4.3.2 :/

much appreciated!
fully1337no it is still there but we need just the latest version
 
View previous replies…
Top