[DBTech] DragonByte Security 4.5.0

Плагин для улучшения системы безопасности XenForo 2.





Полное описание на английском


DragonByte keeps a watchful eye over your forum even when you are not there, and has the capability to alert you of any suspicious activity.

Uses
DragonByte is the ideal product for forums that are concerned about security, or wish to be alerted when something suspicious happens. Featuring multiple "Security Watchers" such as Failed Logins and Failed AdminCP Logins, you can set up different "tiers" of actions to be taken when certain thresholds are met. For example, if someone tries to log in to 5 different accounts from the same IP address in 1 hour, you can alert the webmaster. If they try 15 accounts in 1 hour, ban the IP address from your forum entirely.

It keeps a watchful eye on your configuration file, ensuring that it does not get modified by mods or plugins. You can also optionally receive email alerts when any template is modified, including a colourised change log, so you can easily see if someone has added malicious code to your templates.
Add in the ability to permanently trust devices in your XenForo's Two-Factor Authentication module, as well as managing trusted devices and login sessions via your Account page, DragonByte can easily be called one of the most comprehensive security suites for your XenForo forum.


Major Features
Security Watchers: Keep an eye on the most important aspects of XenForo: config.php tampering, AdminCP / User Account access attempts, XenForo Options, User Data, Usergroup Settings and Usergroup Permissions.
Detailed changelogs available for each watcher dealing with changes.
IP Ban, User Ban, Email alerts and temporary forum closure options available for each watcher individually.

Password Expiry: Passwords can be set to expire on a per-usergroup basis after X days. Users will be redirected to the password management screen with a notice saying why they need to change their password.

Password Rules: Set rules for new passwords per-usergroup; minimum length, must contain lower-case, must contain upper-case, must contain numbers, must contain symbols. Can even be applied to new registrations by setting the usergroup permissions for the "Unregistered" group.

Device Trust: Permanently trust a device / IP address combination (optional; on top of XenForo's native 30-day trust) as well as the ability to revoke trust at any time via the Two-Factor Authentication page in your Account page.

Session Management: Easily see all devices your account is currently signed in at (since installing this mod), with the ability to one-click log out any devices you do not recognise.

"Bad Behavior" Integration: Integrate with Bad Behavior / Bad Behaviour - The Web's premier link spam killer. to detect malicious traffic and block it using this easy-to-use, free (at the time of writing) remote detection service.


Complete Feature List

Options

Display Version Number
Enable Modification
Reason For Turning The Modification Off
Block Tor Exit Nodes
Security Breach Closed Reason
Security Watcher: Display Limit
Compromised Account Alert: Limit
Compromised Account Alert: Alert Staff
Compromised Account Alert: Lock Account
Enable File Health Check
Enable Template Modification Check
Prune "Admin Strikes Log" (Days)
Prune "Login Strikes Log" (Days)
Prune "IP Matcher Log" (Days)
(Pro) GeoIP2 File Path

Bad Behavior

Enable Bad Behaviour Detection
Enable Strict Mode
Enable Logging
Enable Verbose Logging
Disable EU Cookie Exemption
Exempt Registered Members
Reverse Proxy
http:BL API Key
http:BL Threat Level
http:BL Maximum Age

Usergroup Permissions

Minimum Password Length
Password Requires Lower-case Characters
Password Requires Upper-case Characters
Password Requires Numbers
Password Requires Symbols
Password Expiry (Days)

Browsable Logs

Admin Login Strikes: Failed AdminCP Logins
Login Strikes: Failed Front-End Logins
Change Log: Edits such as new user groups, deleted user groups, permission changes, etc
IP Ban Log: IP addresses banned by security watchers
Compromised Log: Accounts that have been successfully logged in to after a number of failed logins
Watcher Log: Security watcher triggers
Fingerprint Log: Users' browser fingerprints
Filtering / Sorting options

Security Watchers

General
config.php Variable Tampering

Logins
AdminCP Access Attempts
Failed Logins
Failed Mass Logins
Failed Non-Existent Logins
Failed Mass Non-Existent Logins

XenForo Options
Whitelisted IP Addresses
Whitelisted IP Addresses - Exclude Super Administrators
Board is Active
Inactive Board Message

User Data
User Name
Password
Email
Primary Usergroup
Additional Usergroups
Receive Admin Emails

Permissions
New Usergroup
Deleted Usergroup
Forum Permissions
Admin Permissions

Fingerprints
New Device Fingerprints (Member Accounts)
New Device Fingerprints (Staff Accounts)


Compromised Account Lock

Ability to lock an account if it's detected as compromised
Prevents any action on the forum
The user whose account was logged in to will need to click a link in their email inbox to unlock their account

Compromised Account Alert

Alert staff when an account has potentially been compromised

Security Watcher: Failed Staff Logins

Identical to "Failed Logins" watcher, except only for staff accounts
Allows you to set stricter rules for staff accounts, or optionally only alert the webmaster if a staff account is broken into
Failed Staff Logins can lock the account in one of two ways; User Unlock or Admin Unlock. Admin Unlock requires an administrator (other than the affected user) to unlock the account.

Search IP Addresses

By user name
By IP address
Depth (searches for other users / other IP addresses as well)
Search New IPs - This search lets you find whether any user account has been accessed by a new IP address since a specific date
Find Multi-Account Access IPs - This search lets you find what IP addresses have accessed multiple accounts, if any
Suspect IP Range Search - Collates IPs from various DB Security logs and matches partial IPs to detect suspicious IP ranges
Find Potential Intruder IP Addresses - Displays a list of IP addresses who have failed to login to valid member accounts more than once
Country Blocking

You can now block any country from your forum easily by selecting the country via the new AdminCP page
Uses XenForo's IP Ban system to ban the IP ranges assigned to each country

Browser Fingerprinting

You can enable browser fingerprinting and have this logged alongside a member's user ID and IP address
Used in two new security watchers
Defaults to off

Manage Settings Backups

A full "dump" of the current XenForo settings are backed up automatically via a cron job
Can be manually saved via this page
Can be loaded via this apge

Forced Password Change

Forces all users to change password the next time they visit the forum
Redirects users to the Change Password form in the Account page
Can be limited to only force password change for users without 2FA enabled
Can be limited to only force password change for users who have been inactive for X days

Mass Password Reset

Uses XenForo's own system for generating new random passwords
Uses XenForo's email template for sending notifications of the reset in order to maximise familiarity for users
Can be limited to only reset passwords for users without 2FA enabled
Can be limited to only reset passwords for users who have been inactive for X days

Password Rules

Per-usergroup password rules
Length, Lower-case, Upper-case, Numbers, Symbols
Enforces the rules before the form can be submitted
Works on Registration and Change Password in the Account page

Trusted Devices Management

Optionally trust devices permanently when logging in with Two-Factor Authentication
See a list of all trusted devices in the Two-Factor Authentication page in the "Your Account" page
Revoke device trust with one click

Session Management [NOT YET IMPLEMENTED, FUTURE UPDATE]

Track all devices currently logged in to your account
See a list of all currently logged devices in a new Login Sessions page in the "Your Account" page
Force a device to log out with one click
Only works with devices that have accessed the forum since installing the mod, but does not require logout/login

Login Failure Response

Login failures are modified to give the same response if the user name or password is wrong
Helps prevent brute forcing by not giving attackers an indication of what accounts are valid

Template Alterations

Optionally receive an email when a template is altered
Includes direct link to view the template history
Shows a diff similar to the template history
Can be toggled in the Options for this mod

Tor Exit Node Blocking

Optionally block Tor exit nodes
List of exit nodes for your site is updated via a cron job
Can be toggled in the Options for this mod