XF 2.0 / 2.1 / 2.2 / 2.3 [DBTech] DragonByte Security 5.0.1

[laurent68]

DragonByte keeps a watchful eye over your forum even when you are not there, and has the capability to alert you of any suspicious activity.

Uses :
DragonByte is the ideal product for forums that are concerned about security, or wish to be alerted when something suspicious happens. Featuring multiple "Security Watchers" such as Failed Logins and Failed AdminCP Logins, you can set up different "tiers" of actions to be taken when certain thresholds are met. For example, if someone tries to log in to 5 different accounts from the same IP address in 1 hour, you can alert the webmaster. If they try 15 accounts in 1 hour, ban the IP address from your forum entirely.

It keeps a watchful eye on your configuration file, ensuring that it does not get modified by mods or plugins. You can also optionally receive email alerts when any template is modified, including a colourised change log, so you can easily see if someone has added malicious code to your templates.
Add in the ability to permanently trust devices in your XenForo's Two-Factor Authentication module, as well as managing trusted devices and login sessions via your Account page, DragonByte can easily be called one of the most comprehensive security suites for your XenForo forum.

Major Features :

Security Watchers : Keep an eye on the most important aspects of XenForo: config.php tampering, AdminCP / User Account access attempts, XenForo Options, User Data, Usergroup Settings and Usergroup Permissions.
Detailed changelogs available for each watcher dealing with changes.
IP Ban, User Ban, Email alerts and temporary forum closure options available for each watcher individually.

Password Expiry : Passwords can be set to expire on a per-usergroup basis after X days. Users will be redirected to the password management screen with a notice saying why they need to change their password.

Password Rules : Set rules for new passwords per-usergroup; minimum length, must contain lower-case, must contain upper-case, must contain numbers, must contain symbols. Can even be applied to new registrations by setting the usergroup permissions for the "Unregistered" group.

Device Trust : Permanently trust a device / IP address combination (optional; on top of XenForo's native 30-day trust) as well as the ability to revoke trust at any time via the Two-Factor Authentication page in your Account page.

Session Management : Easily see all devices your account is currently signed in at (since installing this mod), with the ability to one-click log out any devices you do not recognise.

"Bad Behavior" Integration : Integrate with Bad Behavior / Bad Behaviour - The Web's premier link spam killer. to detect malicious traffic and block it using this easy-to-use, free (at the time of writing) remote detection service.

Complete Feature List :

Options :

• Display Version Number
• Enable Modification
• Reason For Turning The Modification Off
• Block Tor Exit Nodes
• Security Breach Closed Reason
• Security Watcher: Display Limit
• Compromised Account Alert: Limit
• Compromised Account Alert: Alert Staff
• Compromised Account Alert: Lock Account
• Enable File Health Check
• Enable Template Modification Check
• Prune "Admin Strikes Log" (Days)
• Prune "Login Strikes Log" (Days)
• Prune "IP Matcher Log" (Days)
• (Pro) GeoIP2 File Path

Bad Behavior :

• Enable Bad Behaviour Detection
• Enable Strict Mode
• Enable Logging
• Enable Verbose Logging
• Disable EU Cookie Exemption
• Exempt Registered Members
• Reverse Proxy
• http:BL API Key
• http:BL Threat Level
• http:BL Maximum Age

Usergroup Permissions :

• Minimum Password Length
• Password Requires Lower-case Characters
• Password Requires Upper-case Characters
• Password Requires Numbers
• Password Requires Symbols
• Password Expiry (Days)

Browsable Logs :

• Admin Login Strikes: Failed AdminCP Logins
• Login Strikes: Failed Front-End Logins
• Change Log: Edits such as new user groups, deleted user groups, permission changes, etc
• IP Ban Log: IP addresses banned by security watchers
• Compromised Log: Accounts that have been successfully logged in to after a number of failed logins
• Watcher Log: Security watcher triggers
• Fingerprint Log: Users' browser fingerprints
• Filtering / Sorting options

Security Watchers :

• General :
  • config.php Variable Tampering
• Logins :
  • AdminCP Access Attempts
  • Failed Logins
  • Failed Mass Logins
  • Failed Non-Existent Logins
  • Failed Mass Non-Existent Logins
• XenForo Options :
  • Whitelisted IP Addresses
  • Whitelisted IP Addresses - Exclude Super Administrators
  • Board is Active
  • Inactive Board Message
• User Data :
  • User Name
  • Password
  • Email
  • Primary Usergroup
  • Additional Usergroups
  • Receive Admin Emails
• Permissions :
  • New Usergroup
  • Deleted Usergroup
  • Forum Permissions
  • Admin Permissions
• Fingerprints :
  • New Device Fingerprints (Member Accounts)
  • New Device Fingerprints (Staff Accounts)

Compromised Account Lock :

• Ability to lock an account if it's detected as compromised
• Prevents any action on the forum
• The user whose account was logged in to will need to click a link in their email inbox to unlock their account

Compromised Account Alert :

• Alert staff when an account has potentially been compromised

Security Watcher: Failed Staff Logins :

• Identical to "Failed Logins" watcher, except only for staff accounts
• Allows you to set stricter rules for staff accounts, or optionally only alert the webmaster if a staff account is broken into
• Failed Staff Logins can lock the account in one of two ways; User Unlock or Admin Unlock. Admin Unlock requires an administrator (other than the affected user) to unlock the account.

Search IP Addresses :

• By user name
• By IP address
• Depth (searches for other users / other IP addresses as well)
• Search New IPs - This search lets you find whether any user account has been accessed by a new IP address since a specific date
• Find Multi-Account Access IPs - This search lets you find what IP addresses have accessed multiple accounts, if any
• Suspect IP Range Search - Collates IPs from various DB Security logs and matches partial IPs to detect suspicious IP ranges
• Find Potential Intruder IP Addresses - Displays a list of IP addresses who have failed to login to valid member accounts more than once

Country Blocking :

• You can now block any country from your forum easily by selecting the country via the new AdminCP page
• Uses XenForo's IP Ban system to ban the IP ranges assigned to each country

Browser Fingerprinting :

• You can enable browser fingerprinting and have this logged alongside a member's user ID and IP address
• Used in two new security watchers
• Defaults to off

Manage Settings Backups :

• A full "dump" of the current XenForo settings are backed up automatically via a cron job
• Can be manually saved via this page
• Can be loaded via this apge

Forced Password Change :

• Forces all users to change password the next time they visit the forum
• Redirects users to the Change Password form in the Account page
• Can be limited to only force password change for users without 2FA enabled
• Can be limited to only force password change for users who have been inactive for X days

Mass Password Reset :

• Uses XenForo's own system for generating new random passwords
• Uses XenForo's email template for sending notifications of the reset in order to maximise familiarity for users
• Can be limited to only reset passwords for users without 2FA enabled
• Can be limited to only reset passwords for users who have been inactive for X days

Password Rules :

• Per-usergroup password rules
• Length, Lower-case, Upper-case, Numbers, Symbols
• Enforces the rules before the form can be submitted
• Works on Registration and Change Password in the Account page

Trusted Devices Management :

• Optionally trust devices permanently when logging in with Two-Factor Authentication
• See a list of all trusted devices in the Two-Factor Authentication page in the "Your Account" page
• Revoke device trust with one click

Session Management :

• Track all devices currently logged in to your account
• See a list of all currently logged devices in a new Login Sessions page in the "Your Account" page
• Force a device to log out with one click
• Only works with devices that have accessed the forum since installing the mod, but does not require logout/login

Login Failure Response :

• Login failures are modified to give the same response if the user name or password is wrong
• Helps prevent brute forcing by not giving attackers an indication of what accounts are valid

Template Alterations :

• Optionally receive an email when a template is altered
• Includes direct link to view the template history
• Shows a diff similar to the template history
• Can be toggled in the Options for this mod

Tor Exit Node Blocking :

• Optionally block Tor exit nodes
• List of exit nodes for your site is updated via a cron job
• Can be toggled in the Options for this mod

Télécharger V4.3.0 :

Pour afficher le contenu, vous devez Vous connectez ou vous Enregistrez.

Version 4.3.1 Update highlights

This version is a quick maintenance update to fix some reported bugs, as well as improved compliance with the XenForo Resource Guidelines.
The most important fix is PHP 7.4 compatibility; PHP 7.4 is now officially supported.

Complete Change Log

Change: Updated internal data path references to better support CDNs
Fix: Fix curly brace syntax for PHP 7.4
Fix: Fixed an issue where adding a closure / anonymous function to config.php could cause issues with the config tamper detection

Télécharger V4.3.1 :

Pour afficher le contenu, vous devez Vous connectez ou vous Enregistrez.

Version 4.3.2 Update highlights

This version updates the "Account locked" function to log its state changes in the user change log, similar to other flags in the core XenForo product.
It also resolves a potential server error on install, if the API that fetches the country list is inaccessible.

Complete Change Log

Feature : Log "account locked" status in the User Change Log
Fix: Fix a potential server during install

Télécharger V4.3.2 :

Pour afficher le contenu, vous devez Vous connectez ou vous Enregistrez.

Version 4.3.3 Update highlights

This version fixes a few bugs related to the "account lock" feature reported by the community.

Complete Change Log

Fix: Corrected the log phrase for locked accounts (not retroactive)
Fix: Ensure the "resend" and "unlock" actions are also excluded from force redirects
Fix: Ensure all redirects use the public route (prevents race condition where admin accounts are redirected)

Version 4.3.4 Update highlights

This version fixes a few bugs reported by the community.

Complete Change Log

Fix: "The following sub-option(s) are unknown: includeWebGL" when saving settings
Fix: Fix regression from 4.3.3 affecting fingerprints

Version 4.4.0 Update highlights

This version brings the return of the login session management feature from the XenForo 1.5 version. The previous session management version had some issues, namely in that deleted sessions would be re-generated if the other browser instance wasn't already being logged out.

With v4.4.0, deleting a login session will force the other session to end, as was always intended.

Complete Change Log

Feature: Login session management - Log out of other devices via your Password & Security page

Télécharger V4.4.0 :

Pour afficher le contenu, vous devez Vous connectez ou vous Enregistrez.

Version 4.4.0 Beta 1 Update highlights

This is a quick update to fix a logged error stemming from incorrect handling of a 404 error when calling the Have I Been Pwned? API.

Did you know that there are actual email accounts out there that have never been a victim of a data breach? Neither did I. How long ago was this feature implemented, 1-2 years ago? Crazy.

PS: For those waiting for a XenForo 2.2 version, it's still in testing @ DBTech.

Complete Change Log

Fix: Handle a 404 response from HIBP

Télécharger V4.4.0 b1 :

Pour afficher le contenu, vous devez Vous connectez ou vous Enregistrez.

Version 4.5.0 Beta 1 :

!!! THIS VERSION REQUIRES XENFORO 2.2.0 AND PHP 7.2.0 !!!

This version contains coding style updates and changes for XenForo 2.2.0 / PHP 7.2.0.

XenForo 2.2 features two new "Security lock" features that function slightly differently than the account locks already present in DragonByte Security. These two new features can now be used as Watcher actions where possible.

Furthermore, a couple bugs have been resolved.
This version is flagged as a Beta version, although it has been tested on a live site.

Complete Change Log

Feature : The two new "Security lock" features in XenForo 2.2 can now be used as Watcher actions where this makes sense
Fix : Fix TOR exit node handling
Fix : Handle a 404 response from HIBP

Version 4.5.0 Gold Fix : Fix typo in the "Reset password" watcher action

Version 4.5.1 :

Fix : Fixed a race condition where the same fingerprint could be inserted twice, generating a server error
Fix : Fix a few server errors in the Watcher service

Version 4.5.2 :

Fix : Hide log entries that do not have a valid Watcher record
Fix : Watcher log entries were not removed after a watcher had been deleted
Fix : If no security watchers were set up, the cache could be rebuilt repeatedly when this was not needed

Télécharger V4.5.2 :

Pour afficher le contenu, vous devez Vous connectez ou vous Enregistrez.

Spoiler: Version 4.5.3

Update highlights

This version changes the way sessions are handled in order to improve performance.

DB Security stores a copy of some session information in order to support the ability to disconnect sessions via the "Privacy & Security" settings, as well as some other features.

In prior versions, old DB Security sessions would be deleted any time a user started a new session. This was done in order to ensure that no-one could hijack a session or no-one could still be logged in with an expired session.
However, this doesn't scale well for large forums with a large amount of sessions. In this version, old DB Security sessions are now expired using a hourly cron job, and any code that previously looked for DB Security sessions has been updated to also check for expiry.

None of these changes affect the built-in XenForo session system.

Complete Change Log : Change : Expired sessions are now deleted via a Cron job instead of on session start

Spoiler: Version 4.5.4

Version 4.5.4 Update highlights

This version resolves an issue when loading options on certain pages other than the main AdminCP settings page.

Complete Change Log

Fix: When viewing options from pages other than the "Settings" page, a server error could be generated

Spoiler: Version 4.5.5

Version 4.5.5 Update highlights

This version contains an update to support the new API for fetching the list of countries. You now require a (free) API key in order to fetch this data, added via the new setting.

Complete Change Log

Fix: Updated the Country API to account for changes in 3rd party services (now requires an API key)

Spoiler: Version 4.5.6

Version 4.5.6 Update highlights

This version updates the country fetching code to be more reliable, and no longer requires an API key. If you previously had problems fetching the country list, please run the "Update country list" cron job one more time manually, after which the list should populate itself correctly.

Furthermore, since no API key is needed, fresh installation should once again find the country list pre-populated.

Complete Change Log

Change: Switch to a more stable method of updating the country list

Version 4.6.0 :

Feature : Account unlocks now add an entry to the IP log
Feature : Batch update: Account lock (user unlock)
Feature : Optional forced CAPTCHA for front-end and AdminCP logins
Change : Account locks (user unlock or admin unlock) are now logged in the User Change Log
Fix : Fix potential server errors when viewing certain pages

Télécharger V4.6.0 :

Pour afficher le contenu, vous devez Vous connectez ou vous Enregistrez.

Fix: Fix an issue where the User Information watcher wasn't correctly limiting to the field described in the Watcher Rules

Version 4.6.1 Update highlights
This version fixes an issue wherein the new Login Captcha feature could be enabled on pages that did not support it.

Complete Change Log
Fix: Login captcha no longer applies to password confirmation screens.

Version 4.6.1 Update highlights
This version fixes a couple of issues with the new Login Captcha feature, as well as an issue with the new Security Lock feature in XenForo 2.2.

Complete Change Log

Fix : "You must be logged in to do that" pages did not have captcha properly applied on first load
Fix : Fix incompatibility with 3rd party add-ons that also extend certain View classes
Fix : Using the new XF2 security locking feature in a Security Watcher could fail to apply the lock in certain scenarios

Télécharger V4.6.2 :

Pour afficher le contenu, vous devez Vous connectez ou vous Enregistrez.

Version 4.6.3 Update highlights :

- This version fixes an issue wherein modifying the "Master Style", such as while upgrading add-ons, would attempt to send invalid emails when the "Email webmaster on template changes" option is turned on.

"Master Style" changes are no longer subject to email notifications.
Complete Change Log : Fix potential server error while upgrading other add-ons

Version 4.6.4 Update highlights :

- This version fixes an issue with "Always show CAPTCHA when logging in to: front-end" option if the login form was loaded via AJAX (i.e. in an overlay).
Complete Change Log Fix : The "Always show CAPTCHA when logging in to: front-end" option would not function correctly if the login form was loaded via AJAX

Télécharger V4.6.4 :

Pour afficher le contenu, vous devez Vous connectez ou vous Enregistrez.

Version 4.6.5 :

- This version changes some internal functions to no longer rely on deprecated XenForo functions, and fixes a server error that could occur with certain maliciously crafted URLs.

Change : Change UTF-8 related functions
Fix : Certain URLs could cause a server error in dispatcherPostRender

Télécharger V4.6.5 :

Pour afficher le contenu, vous devez Vous connectez ou vous Enregistrez.

Version 4.6.6 :

Change : Improve compatibility with databases setup for replication
Fix : Fix "Constant BB2_CORE already defined" error in the Bad Behavior logs

Version 4.6.7 Fix : Fixed an issue where it was possible to delete other users' "Remember Me" records.

Télécharger V4.6.7 :

Pour afficher le contenu, vous devez Vous connectez ou vous Enregistrez.

Version 4.6.8 Fix : Fix Config Tamper watcher producing a server error when running on XenForo Cloud / with certain config.php additions.

Télécharger V4.6.8 :

Pour afficher le contenu, vous devez Vous connectez ou vous Enregistrez.

Version 4.7.0 Complete Change Log :


Feature : Improved session information display, now parses browser and OS
Feature : Optionally exclude TFA-enabled users from batch update actions
Change : Refactored backend code
Change : Bump minimum PHP version to 7.4 and recommended version to 8.2
Change : Update dependencies to the latest version(s)
Fix : User agent is now updated for login sessions
Fix : Bad Behavior would run on PHP versions newer than it supports
Fix : Fix PHP 8.2 compatibility issues
Fix : Fix PHP 8.4 compatibility issue

Télécharger V4.7.0 :

Pour afficher le contenu, vous devez Vous connectez ou vous Enregistrez.

Version 5.0.0 Release Candidate 1 :

!!!This version requires PHP 8.0+!!!

- This version mainly introduces compatibility with XenForo 2.3. The add-on has been fully updated, meaning no compatibility layers such as loading jQuery or other such patches are required for this add-on.
- One important thing to mention; The WebAuthn integration has been removed, since this is now natively supported in XenForo 2.3.
- Furthermore, a few reported bugs since the release of the last version for XenForo 2.2 have also been resolved.

Complete Change Log​

Change : Reduced query count due to new XenForo 2.3 functionality
Change : Remove WebAuthn support (natively supported in XF 2.3)
Change : Update entity references to use class-string
Change : Updated macros to XF 2.3 format
Change : Updated fingerprinting library to a newer version
Change : Updated password rules functionality to XF 2.3
Change : Replace various references with class-string<T> equivalents
Change : Update code for PHP 8.0
Change : Add compatibility with new XenForo 2.3 Beta 6 feature
Change : Remove "XenForo" from copyright footer
Change : Necessary changes for the new XenForo 2.3 coding style
Change : Automatically clean up files on upgrade
Fix : Fixed template modifications
Fix : Fix inconsistent confirmUrl behaviour with deletion
Fix : Fix missing content type phrases
Fix : Improve performance of Security Session table lookup

Version 5.0.0 : This version is now considered stable. No issues were discovered during the testing phase.Version bump

Version 5.0.1 :
- This version resolves a compatibility issue with XenForo Cloud. You must not enable "Config.php tampering" Watcher on XenForo Cloud, as that will continue to trigger this issue.
Fix : Fix compatibility issue with XenForo Cloud

Télécharger V5.0.1 :

Pour afficher le contenu, vous devez Vous connectez ou vous Enregistrez.

 

XF 2.2 / 2.3  [OzzModz] Move Thread Action Buttons 2.0.3  Patch Level 2

XF 2.0 / 2.1 / 2.2 / 2.3  [DBTech] DragonByte Shop 7.1.0

[Mister Nass]

tu aurais lla traduction ?

 

[laurent68]

tu aurais lla traduction ?

Non je suis entrain de la faire, mais y a 3 pages a traduire, c'est long

 

[Mister Nass]

Non je suis entrain de la faire, mais y a 3 pages a traduire, c'est long

Aïe :/

 

[laurent68]

Ajout de la version 4.3.1

 

[thahtrung06]

good addons

 

[laurent68]

Ajout de la version 4.3.2

 

[fionei]

Merci beaucoup laurent68 pour le partage

 

[laurent68]

Ajout de la version 4.4.0 bêta 1

 

[Brad]

Merci "énormément en attendant la traduction !

 

[laurent68]

Ajout de la version 4.5.2

 

[laurent68]

Ajout de la version 4.6.0

 

[laurent68]

Ajout de la version 4.6.2

 

[laurent68]

Ajout de la version 4.6.4

 

[laurent68]

Ajout de la version 4.6.5

 

[laurent68]

Ajout de la version 4.6.7

 

[laurent68]

Ajout de la version 4.6.8

 

[laurent68]

Ajout de la version 4.7.0

 

[laurent68]

Ajout de la version 5.0.1