1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.4 My admin account was logged on from a spamer's IP

Discussion in 'Troubleshooting and Problems' started by DennisSkov, Dec 17, 2014.

  1. DennisSkov

    DennisSkov Active Member

    Hi.

    Today we received a report about a spamer on the forum. We took action and used the "report spammer" function in Xenforo, but after I had banned the account, I saw the following:
    2014-12-17_21-58-16.png

    I was still sleeping at that time. The admin.php page is only accesible from my own IP, and my password consists of 15 characters that has been randomly generated, not stored anywhere. Is this some sort of exploit?

    Any information about this would be much appreciated!
    Dennis
     
  2. Brogan

    Brogan XenForo Moderator Staff Member

    If you don't have a static IP address, this is possible.
     
  3. Mike

    Mike XenForo Developer Staff Member

    This is also very possibly caused by an add-on that causes content to be created in someone's name and recording an IP log against that.
     
  4. Brogan

    Brogan XenForo Moderator Staff Member

    Yes, I was going to add that the possible causes of this are:
    • a dynamic IP address
    • server configuration
    • an add-on
    • the same person logging in to both accounts
    There are no known exploits with the XenForo software which would cause that.
     
  5. DennisSkov

    DennisSkov Active Member

    Does this also apply even if it's the only IP address that is logged for the spammer? Since it's the only IP logged, I figure that it's also the IP that the registration happened from.
     
  6. Jim Boy

    Jim Boy Well-Known Member

    Some add-ons, like Multiple Account Detection, have functionality that will create a new thread in a particular forum. There has to be a 'thread creator' and the the addon will create that thread using the IP address of the user who originally triggered the action (the spammer) as being the IP address of the thread creator, resulting in the thread creator user (*eg dennis) as having apparently 'logged on' from that ip address. Its an annoyance but nothing to be concerned about.
     
  7. DennisSkov

    DennisSkov Active Member

    Yeah, but again - this is the only IP that was logged on that account. I'm using an addon that sends a message to all new users - could this be the case? The message is send from my user ID, and that kind of suits the things you described. :)
     
  8. Brogan

    Brogan XenForo Moderator Staff Member

    That's the add-on which is known to cause this problem.
     
    DennisSkov likes this.
  9. DennisSkov

    DennisSkov Active Member

    Ok, thanks for clearing that up! It would explain that other users are sharing my IP as well... :p

    I almost panicked. Thanks for being so fast with the correct information. It's much appreciated :)
     
  10. cdub

    cdub Well-Known Member

    Which addon exactly is that?
     
  11. DennisSkov

    DennisSkov Active Member

    It's called New Users Welcome.
     
  12. cdub

    cdub Well-Known Member

    And is it a security concern or just a glitch?
     
  13. rainmotorsports

    rainmotorsports Well-Known Member

    Any add-on that creates threads, conversations or profile posts can do this. You have to set a flag in the data writer to not record an IP. Otherwise a random or the receivers IP will be written. Most addons of this nature have this issue. Its not that hard to fix.
     
    stilly likes this.
  14. DennisSkov

    DennisSkov Active Member

    It shouldn't be a security issue from what I understand.
     

Share This Page