A third party is requesting admin access. What's the best way to handle this safely?
- Thread starter elw323
- Start date
Rhody
Well-known member
That kind of crazy stuff DOES happen!
One of the 9/11 towers fell on top of one of my previous hosts. It took out their building, and also the phone company providing the data. Thankfully, they all got out safely. My email accounts were all on that server, and I had a heck of a time re pointing it at the registrar because the email was down.
Another provider wiped out their entire data center by one of the admins typing a command that they didn't understand "blkdiscard". There was a stoorpool snapshots misconfiguration and they were unable to bring the servers back. The only backup was the emergency offsite one, in a different state, and the sheer amount of data would probably have taken weeks to transfer. The ISP had the servers and accounts up quickly, and hard drives flown in with the data, to expedite restoration. They were 100% transparent about all of this, had great communications, and worked 24/7 to get it resolved and to make sure it couldnt happen again. I'm still with that provider, and trust them fully.
I had my own off-site backups, thankfully, in both cases. With the first one, I had to obviously move all my sites to a new company. (Hostgator, what a mistake THAT was, after the EIG buyout) I since moved to the current provider. With the issue the current provider had, I was able to restore all of my websites and forums from my own daily backups, and had it back up quickly.
My takeaway is to always do my own backups, in addition to what the ISP's do. Never leave domain registration emails solely on the same server, but have a backup like gmail for at least one contact.
Last edited:
Suzanne O
Well-known member
You guys who keep saying data breachs never happen are simply clueless.
It's happened 4 times in the past 12 months here in australia.
Data breaches happen because cybercriminals want your info.
Whether it's your forum, to your address details so they can scam you.
So you don't give anything out at all to anyone you do not know.
instead you take a copy of their email address, their ip address and their comments to police.
I'm sure you guys are wanting your bank details, living details, etc to be compromised.
I'm that sure you do because all the laughing at how serious this is beyond stupid and childish.
I'm sure your folks won't be able to bail you out of these things because you find it funny.
It's happened 4 times in the past 12 months here in australia.
Data breaches happen because cybercriminals want your info.
Whether it's your forum, to your address details so they can scam you.
So you don't give anything out at all to anyone you do not know.
instead you take a copy of their email address, their ip address and their comments to police.
I'm sure you guys are wanting your bank details, living details, etc to be compromised.
I'm that sure you do because all the laughing at how serious this is beyond stupid and childish.
I'm sure your folks won't be able to bail you out of these things because you find it funny.
TPerry
Well-known member
Oh, I know... at least 2 of those did with some hosting providers I know of.
And this emphasizes the "due diligence" part. Any admin that does not have off-site backups and that depends only upon that provided by their hosting provider is playing with fire.
Over the last decade, I've seen several negatively impacted by that reliance (and also upon simple cPanel backups they never checked). In addition to the off-site backups, you should regularly test them also.
I don't think anyone has claimed that data breaches don't occur.... but if they do to your site, then you have more serious issues than granting someone limited access to your forum ACP.
I think that some of us have abilities and knowledge WELL beyond yours in securing our data at both the server level and also the forum level.
The difference here is you aren't being contacted by an email or by a telephone call. It's someone that the OP has dealings with either via an add-on or via a style.... and there are times that they may want access to your site to see directly as they may not be running a duplicate of what you are. You (once more) simply need to do due diligence in researching who is requesting access and grant them ONLY the access they need to perform the service. It's not much different that your "managed service provider" needing access to your site to perform the functions they are getting paid for. There reaches a level of paranoia that causes negative issues unless you can do it all yourself.
And as former "police"... we'd go "And?"
StarArmy
Well-known member
Remember that whoever has admin access has access to all of the other members' personal information like IP addresses, possibly locations, birth dates, gender, email address, etc. I don't think you should give anyone super admin unless the other person is taking over as the forum's new owner (like if you need to retire as admin or are unable to perform your duties).
webbouk
Well-known member
If the person you are referring to is Andy of XF2 Addons, you will have no issues what so ever with granting him access to resolve an issue.
I can personally vouch for him in that respect having corrected a few issues over time and offered advice freely with regards to tweaks and settings.
I can personally vouch for him in that respect having corrected a few issues over time and offered advice freely with regards to tweaks and settings.
Rusty Snippets
Well-known member
I'll vouch for Andy too! Good man!!
Suzanne O
Well-known member
Just on data breaches if you're not entirely sure what goes on when strangers want your forum
read that.
Things like your drivers licenses have to be changed, etc.
Not so funny now hey @Max Taxable
Would be good for you to learn something for once.
How Data Breaches Happen
www.kaspersky.com
Things like your drivers licenses have to be changed, etc.
Not so funny now hey @Max Taxable
Would be good for you to learn something for once.
FTL
Well-known member
@elw323 ok, let me wade into this discussion for a minute.
If I understand you correctly, you want to let someone on the XF forum have admin access based on a certain number of points or posts (1500) that they have on here for them to help you out? Is this correct? Is there anything else about them that qualifies them? Sounds like a Bad Idea.
The only people that you should consider giving that level of access to are XF developers and third party developers with the best reputation, of which there are only a very small handful afaik. @AndyB is one of them and I know this, because he's got an established reputation, I'd subbed his add-ons some time ago and made him admin when he requested it so he could help me. In return, he's been very reliable and helpful and even helped clean up some of the configuration which he saw was a bit off. In fact, I hardly ever see him log into my forum nowadays, which is fine from a trust viewpoint.
Otherwise, this relatively unknown quantity could do killer damage to your forum and its members and I'm not joking - how about wiping out swathes of forums, posts and users? You know an admin can do this if they hit the proverbial destruct button. They can also harvest personal information that users have put into their profiles. I even apply this argument to myself: don't give me access either (and I'm not asking for access). While I know that I'm trustworthy, you don't know me and I could well be lying as far as you know, so you would have to establish that I'm trustworthy some other way. How, I dunno.
Bottom line is that putting such massive trust in a random forum member is extremely foolhardy. If you really need help with your forum, either learn how to do these things yourself, start a support thread, log a support ticket, or perhaps pay a developer to sort out these things for you. Don't put yourself at risk.
If I understand you correctly, you want to let someone on the XF forum have admin access based on a certain number of points or posts (1500) that they have on here for them to help you out? Is this correct? Is there anything else about them that qualifies them? Sounds like a Bad Idea.
The only people that you should consider giving that level of access to are XF developers and third party developers with the best reputation, of which there are only a very small handful afaik. @AndyB is one of them and I know this, because he's got an established reputation, I'd subbed his add-ons some time ago and made him admin when he requested it so he could help me. In return, he's been very reliable and helpful and even helped clean up some of the configuration which he saw was a bit off. In fact, I hardly ever see him log into my forum nowadays, which is fine from a trust viewpoint.
Otherwise, this relatively unknown quantity could do killer damage to your forum and its members and I'm not joking - how about wiping out swathes of forums, posts and users? You know an admin can do this if they hit the proverbial destruct button. They can also harvest personal information that users have put into their profiles. I even apply this argument to myself: don't give me access either (and I'm not asking for access). While I know that I'm trustworthy, you don't know me and I could well be lying as far as you know, so you would have to establish that I'm trustworthy some other way. How, I dunno.
Bottom line is that putting such massive trust in a random forum member is extremely foolhardy. If you really need help with your forum, either learn how to do these things yourself, start a support thread, log a support ticket, or perhaps pay a developer to sort out these things for you. Don't put yourself at risk.
Mr Lucky
Well-known member
I thought this thread was about letting developers to have admin access, without which they cannot troubleshoot any issues with their addon. This is why I have given AndyB, Chris D, siropu, bassman, and Xon access to my forum. Those are for me trusted developers.
I trust them. Just as I trust any host. In my case trusting my host is easy as it's just one person. If your forum is hosted by a large company you have to wonder how many employees have access to your websites and emails...
Suzanne O
Well-known member
the OP stated strangers wanting access.
Something that i wouldn't allow.
If it was the dev staff from here or vBulletin i'd send them a support ticket first and let them do their work.
I'd also be polite.
Mr Lucky
Well-known member
You mean like total strangers off the street or in a pub? No, don't give them admin access unless they pull a gun on you in which case you just hope your backups are up to date or you remembered to wear your bulletproof vest.
TPerry
Well-known member
Thing is if looking on here... we are ALL strangers. Those that I helped new nothing about me other than what they saw here... they didn't know me personally. If you have hosting issues and contact your host for help, you telling me you know every one of their persons that might work on your issue?
Similar threads
- Question
- Question
- Question
