• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Serious Security Issue

Gabby

Well-known member
#1
Hello,
So view my forum today and see that there are six new spammers. All from same IP address. WTF?

Also able to post as a guest without permission. Guest permission set correctly.

So need this problem solved asap.
Why were they able to post as a guest even if permissions are set properly
Why were they able to post using same IP address?

Oh and interesting note. Humm, my forum does't even come up on google search yet someone found me. The only place they could have me is from here. :rolleyes: :mad:
 

Gabby

Well-known member
#4
Hey Blue, yet it's wierd. i've double checked my permission... yada yada yada.

Anyone have any answers? Forum is closed until I figure this out:)
 

Gabby

Well-known member
#7
How could these spammers reply to a "locked" thread if they aren't a mod? I'm sure something is being overlooked.
 

Walter

Well-known member
#8
Just stop and think for yourself: this forum software is used by many other people.
How probable is it that you are the only one with this error? Unlikely.
But it's highly likely that this is a permission problem. Open a ticket and give some someone from the support team forum access.
 

Gabby

Well-known member
#9
Just stop and think for yourself: this forum software is used by many other people.
How probable is it that you are the only one with this error? Unlikely.
But it's highly likely that this is a permission problem. Open a ticket and give some someone from the support team forum access.
Probably so. It's easy to do with this ridiculous permission system.:)

I'm still going through everything. I'm sure I'm totally missing something.
 

Adam Howard

Well-known member
#11
DONE :)

I changed a few guest settings to "never", verified that your node settings were correct (they were), and then rebuilt the thread, forum, and user cache to make sure the system cycles those settings completely.

You should be all set to open your site and I will attempt to post as a guest to test things.

FYI:

admin.php?logs/admin

^^ For your peace of mind, you can always confirm someone's full actions by viewing your logs :)

This is good practice to do any time you give someone admin access (no matter how trusted) ;)
 

Gabby

Well-known member
#12
Thanks so much Adam. I thought it might be that but was hesitant to change this from past Never use Never advice...o_O

See pm.

Thank soooooooo much again.

Gabby