XF 1.5 Possible Security Issue

M J Austwick

M J Austwick

New member
Hi,

I moved from vB5 to Xenforo recently and it has been a huge success, but yesterday a new user posted claiming to have been randomly logged in as two different users, one of whom is a mod.

They posted proof that they had indeed had Moderator level access, so I'm happy that they aren't just lying for fun.

It is possible that the specific mod account may have been compromised, but I need to rule out the possibility that they are telling the truth. I'm not using any add ons other than the Media pack.

Any thoughts?

Ozhackedaccount.webp
 
Sort by date Sort by votes
I don't use Engintron/nginx (am on LiteSpeed using their XF LSCache plugin) but looks like you need to adjust exclusion rules:
https://github.com/engintron/engintron/issues/12

Probably best to ask them for help.

I don't think any full page cache will do logged in users on forums (only for guests) - there's so many ways you can adjust permissions for each member/group (which changes how each page can look on both a thread and forum level) it probably isn't worth the overhead.
 
Last edited:
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

Black Tiger
  • Solved
XF 2.2 Spammer could post 20 messages?
Replies
8
Views
501
Black Tiger
Black Tiger
Sim
Fixed Moderators can access user email addresses via spam cleaner (GDPR legal issue)
Replies
15
Views
4K
Chris D
Chris D
triforceguy1
PostLoop - Great concept but perhaps too strict?
Replies
0
Views
712
triforceguy1
triforceguy1
MistyMeanor
  • Question Question
XF 1.2 Formatting Problem
Replies
1
Views
1K
Neil E.
Neil E.
ibenick
  • Question Question
Hosting Mod Security Errors
Replies
3
Views
2K
ibenick
ibenick
Top Bottom