XF 1.4 My admin account was logged on from a spamer's IP

DennisSkov

Active member
Hi.

Today we received a report about a spamer on the forum. We took action and used the "report spammer" function in Xenforo, but after I had banned the account, I saw the following:
2014-12-17_21-58-16.webp

I was still sleeping at that time. The admin.php page is only accesible from my own IP, and my password consists of 15 characters that has been randomly generated, not stored anywhere. Is this some sort of exploit?

Any information about this would be much appreciated!
Dennis
 
This is also very possibly caused by an add-on that causes content to be created in someone's name and recording an IP log against that.
 
Yes, I was going to add that the possible causes of this are:
  • a dynamic IP address
  • server configuration
  • an add-on
  • the same person logging in to both accounts
There are no known exploits with the XenForo software which would cause that.
 
This is also very possibly caused by an add-on that causes content to be created in someone's name and recording an IP log against that.
Does this also apply even if it's the only IP address that is logged for the spammer? Since it's the only IP logged, I figure that it's also the IP that the registration happened from.
 
Some add-ons, like Multiple Account Detection, have functionality that will create a new thread in a particular forum. There has to be a 'thread creator' and the the addon will create that thread using the IP address of the user who originally triggered the action (the spammer) as being the IP address of the thread creator, resulting in the thread creator user (*eg dennis) as having apparently 'logged on' from that ip address. Its an annoyance but nothing to be concerned about.
 
Some add-ons, like Multiple Account Detection, have functionality that will create a new thread in a particular forum. There has to be a 'thread creator' and the the addon will create that thread using the IP address of the user who originally triggered the action (the spammer) as being the IP address of the thread creator, resulting in the thread creator user (*eg dennis) as having apparently 'logged on' from that ip address. Its an annoyance but nothing to be concerned about.
Yeah, but again - this is the only IP that was logged on that account. I'm using an addon that sends a message to all new users - could this be the case? The message is send from my user ID, and that kind of suits the things you described. :)
 
Top Bottom