1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Serious Security Issue

Discussion in 'XenForo Questions and Support' started by Gabby, Oct 2, 2012.

  1. Gabby

    Gabby Well-Known Member

    Hello,
    So view my forum today and see that there are six new spammers. All from same IP address. WTF?

    Also able to post as a guest without permission. Guest permission set correctly.

    So need this problem solved asap.
    Why were they able to post as a guest even if permissions are set properly
    Why were they able to post using same IP address?

    Oh and interesting note. Humm, my forum does't even come up on google search yet someone found me. The only place they could have me is from here. :rolleyes: :mad:
     
  2. Gabby

    Gabby Well-Known Member

    Oh and some of the posts they made were to a locked thread. Yikes.

    secissue.png
     
  3. Blue

    Blue Well-Known Member

    That IS weird.
     
  4. Gabby

    Gabby Well-Known Member

    Hey Blue, yet it's wierd. i've double checked my permission... yada yada yada.

    Anyone have any answers? Forum is closed until I figure this out:)
     
  5. Adam Howard

    Adam Howard Well-Known Member

    Send me a link with admin rights and I'll go through the whole thing....

    edit: in a pm of course
     
    Jake Bunce likes this.
  6. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    Probably bad permissions. And mod permissions can allow you to reply to locked threads, so there might be unintended mod permissions in there somewhere.
     
    Insy and Adam Howard like this.
  7. Gabby

    Gabby Well-Known Member

    How could these spammers reply to a "locked" thread if they aren't a mod? I'm sure something is being overlooked.
     
  8. Walter

    Walter Well-Known Member

    Just stop and think for yourself: this forum software is used by many other people.
    How probable is it that you are the only one with this error? Unlikely.
    But it's highly likely that this is a permission problem. Open a ticket and give some someone from the support team forum access.
     
  9. Gabby

    Gabby Well-Known Member

    Probably so. It's easy to do with this ridiculous permission system.:)

    I'm still going through everything. I'm sure I'm totally missing something.
     
  10. Adam Howard

    Adam Howard Well-Known Member

    I got your PM Gabby, but need admin rights to log-in while your site is closed and to double check your settings. :)
     
    Jake Bunce likes this.
  11. Adam Howard

    Adam Howard Well-Known Member

    DONE :)

    I changed a few guest settings to "never", verified that your node settings were correct (they were), and then rebuilt the thread, forum, and user cache to make sure the system cycles those settings completely.

    You should be all set to open your site and I will attempt to post as a guest to test things.

    FYI:

    admin.php?logs/admin

    ^^ For your peace of mind, you can always confirm someone's full actions by viewing your logs :)

    This is good practice to do any time you give someone admin access (no matter how trusted) ;)
     
    Insy, Gabby and Jake Bunce like this.
  12. Gabby

    Gabby Well-Known Member

    Thanks so much Adam. I thought it might be that but was hesitant to change this from past Never use Never advice...o_O

    See pm.

    Thank soooooooo much again.

    Gabby
     
    Adam Howard likes this.
  13. Adam Howard

    Adam Howard Well-Known Member

    You're welcome :)
     

Share This Page