- XF Compatibility
- 2.3.x
- 2.2.x
- Short Description
- DragonByte keeps an eye on your XenForo forum security 24/7, alerting you to suspicious activities. With features like Failed Logins, AdminCP access attempts, and template modifications monitoring, it ensures your community stays secure. Plus, its comprehensive device trust and session management tools make it a top choice for enhanced security.
DragonByte keeps a watchful eye over your forum even when you are not there and has the capability to alert you of any suspicious activity.Uses[/b]DragonByte is the ideal product for forums that are concerned about security or wish to be alerted when something suspicious happens. It features multiple "Security Watchers" such as Failed Logins and Failed AdminCP Logins, allowing you to set up different "tiers" of actions when certain thresholds are met. For example, if someone tries to log in to 5 different accounts from the same IP address in an hour, you can alert the webmaster. If they try 15 accounts in an hour, ban the IP address from your forum entirely.
It keeps a watchful eye on your configuration file, ensuring it does not get modified by mods or plugins. You can also optionally receive email alerts when any template is modified, including a colourised change log, so you can easily see if someone has added malicious code to your templates.
DragonByte also adds the ability to permanently trust devices in your XenForo's Two-Factor Authentication module, as well as managing trusted devices and login sessions via your Account page. Therefore, DragonByte can be called one of the most comprehensive security suites for your XenFora forum.Security Watchers:Detailed changelogs available for each watcher dealing with changes.
IP Ban, User Ban, Email alerts and temporary forum closure options available for each watcher individually.Password Expiry:Passwords can be set to expire on a per-usergroup basis after X days. Users will be redirected to the password management screen with a notice stating why they need to change their password.Password Rules:Set rules for new passwords per-usergroup; minimum length, must contain lowercase, must contain uppercase, must contain numbers, must contain symbols. Can also be applied to new registrations by setting the usergroup permissions for the "Unregistered" group.Device Trust:Permanently trust a device/IP address combination (optional; on top of XenForo's native 30-day trust) as well as the ability to revoke trust at any time via the Two-Factor Authentication page in your Account page.Session Management:Easily see all devices your account is currently signed in at (since installing this mod), with the ability to one-click log out any devices you do not recognize.Bad Behavior Integration:Integrate withbad-behavior.ioerror.usto detect malicious traffic and block it using this easy-to-use, free (at the time of writing) remote detection service.Complete Feature List
Options
[]Display Version Number[]Enable Modification[]* Reason For Turning The Modification Off[][*]Block Tor Exit Nodes[]Security Breach Closed Reason[]*[Security Watcher: Display Limit[]Compromised Account Alert: Limit[]Compromised Account Alert: Alert Staff[]Compromised Account Alert: Lock Account[]Enable File Health Check[]Enable Template Modification Check[][*]Prune "Admin Strikes Log" (Days)[]*]Prune "Login Strikes Log" (Days)[][*]Prune "IP Matcher Log" (Days)[]*(Pro) GeoIP2 File PathBad Behavior[]Enable Bad Behavior Detection[]Enable Strict Mode[]Enable Logging[]Enable Verbose Logging[]disable eu cookie exemption[]]*Exempt Registered Members[]*]Reverse Proxy[]http://BL_API_Key[]http://BL Threat Level[]*]http://BL Maximum Age[/list]
Usergroup Permissions
[]Minimum Password Length[]Password Requires Lowercase Characters[]Password Requires Uppercase Characters[]Password Requires Numbers[]Password Requires Symbols[]Password Expiry (Days)[/list]
Browsable Logs
It keeps a watchful eye on your configuration file, ensuring it does not get modified by mods or plugins. You can also optionally receive email alerts when any template is modified, including a colourised change log, so you can easily see if someone has added malicious code to your templates.
DragonByte also adds the ability to permanently trust devices in your XenForo's Two-Factor Authentication module, as well as managing trusted devices and login sessions via your Account page. Therefore, DragonByte can be called one of the most comprehensive security suites for your XenFora forum.Security Watchers:Detailed changelogs available for each watcher dealing with changes.
IP Ban, User Ban, Email alerts and temporary forum closure options available for each watcher individually.Password Expiry:Passwords can be set to expire on a per-usergroup basis after X days. Users will be redirected to the password management screen with a notice stating why they need to change their password.Password Rules:Set rules for new passwords per-usergroup; minimum length, must contain lowercase, must contain uppercase, must contain numbers, must contain symbols. Can also be applied to new registrations by setting the usergroup permissions for the "Unregistered" group.Device Trust:Permanently trust a device/IP address combination (optional; on top of XenForo's native 30-day trust) as well as the ability to revoke trust at any time via the Two-Factor Authentication page in your Account page.Session Management:Easily see all devices your account is currently signed in at (since installing this mod), with the ability to one-click log out any devices you do not recognize.Bad Behavior Integration:Integrate withbad-behavior.ioerror.usto detect malicious traffic and block it using this easy-to-use, free (at the time of writing) remote detection service.Complete Feature List
Options
[]Display Version Number[]Enable Modification[]* Reason For Turning The Modification Off[][*]Block Tor Exit Nodes[]Security Breach Closed Reason[]*[Security Watcher: Display Limit[]Compromised Account Alert: Limit[]Compromised Account Alert: Alert Staff[]Compromised Account Alert: Lock Account[]Enable File Health Check[]Enable Template Modification Check[][*]Prune "Admin Strikes Log" (Days)[]*]Prune "Login Strikes Log" (Days)[][*]Prune "IP Matcher Log" (Days)[]*(Pro) GeoIP2 File PathBad Behavior[]Enable Bad Behavior Detection[]Enable Strict Mode[]Enable Logging[]Enable Verbose Logging[]disable eu cookie exemption[]]*Exempt Registered Members[]*]Reverse Proxy[]http://BL_API_Key[]http://BL Threat Level[]*]http://BL Maximum Age[/list]
Usergroup Permissions
[]Minimum Password Length[]Password Requires Lowercase Characters[]Password Requires Uppercase Characters[]Password Requires Numbers[]Password Requires Symbols[]Password Expiry (Days)[/list]
Browsable Logs
- []*]Admin Login Strike: Failed AdminCP Logins[]*]Login Strikes: Failed Front-end Logins[]Change Log: Edits such as new user groups, deleted user groups, permission changes, etc[]
- IP Ban Log: IP addresses banned by security watchers[]Compromised Log: Accounts that have been successfully logged in after a number of failed login attempts[]Watcher Log: Security watcher triggers[]*Filtering / Sorting options
- []*]General
- []
- config.php Variable Tampering
- []*]Logins