IP Address Account Login Protection
Prevents an attacker from accessing a protected account by brute force, or even if they have gained the password by other methods
- Protect your account from access / brute force attempts by only allowing specified IP ranges to Login for that account
- XenLoginSecuity is permissions based, so any account can be granted this option (Admins / Moderators / Usergroups / Individuals)
- Once granted the permissions, users can turn this on / off from their account >> Personal Details >> Login Security
- User can define a list of allowed IP addresses and also define a network range
- If a user tries to access an account from an unauthorised IP address, they are prevented from logging in, this attempted is logged
- On attempting to login from an unauthorised IP address, an automatic email is sent to the users account
- The automatic email contains a link with an access key, this link will allow access to login from any IP for a limited time (but only for the individual user account)
- The maximum number of auto emails a user receives a day is definable in the ACP
- The maximum number of auto emails any given IP address can send a day is definable in the ACP
- The time limit for the access key to expire is definable in the ACP
- The access key is not just created from time dependant random function, but also hashed details the attacker could no know about the account
- The ACP area is also protected by XenLoginSecurity if the Admin has permissions and has switched it on
- No auto email is sent from the ACP area (if needed, the admin can send an auto email from the forum area, then add the new IP address to their Login Security account)
Installation:
- First, join surrey forum: www.surreyforum.co.uk
- Then purchase the plug-in here: www.surreyforum.co.uk
- Download the latest version www.surreyforum.co.uk
- Unzip the file
- Upload this folder into the library folder of your XenForo root
http:// www. yourforum.com/library/XenLoginSecurity
- Go to ACP -> Add-ons -> Install Add-on -> Install from file on server
- Install from file on server: " library/XenLoginSecurity/addon-XenLoginSecurity.xml"
- Set options in the administration control panel ACP>>Home>>Options>>XenLoginSecurity
- Give XenLoginSecurity to the user group you wish to alow use this addon: Users >> User Group Permissions >> XenLoginSecurity - User Permissions
Upgrade:
1. Unzip the following zip file, and copy over the original files with the new versions (just copy over the entire StopCountrySpam Folder)
2. From within the Admin Control Panel: yourforum/admin.php?add-ons/
find the XenLoginSecurity, and select the options
Control >> Upgrade
3. Upgrade from file on server: library/XenLoginSecurity/addon-XenLoginSecurity.xml
