Tor

Bob_R

Active member
Has anyone ever heard of Tor?

Well guess what. Anyone that has Tor and is a member of your site (maybe they have to already be a Mod) instantly becomes a Mod of every forum on your board!

If the staff here don't know about this I suggest you look into it immediately.

And, if I'm somehow wrong or mistaken please guide me in the right direction.

Because one of my members has just proved it to me. He can mod every single forum but the Staff Only forum.

Does anyone have a logical explanation for this?
 
Has anyone ever heard of Tor?

Well guess what. Anyone that has Tor and is a member of your site (maybe they have to already be a Mod) instantly becomes a Mod of every forum on your board!

If the staff here don't know about this I suggest you look into it immediately.

And, if I'm somehow wrong or mistaken please guide me in the right direction.

Because one of my members has just proved it to me. He can mod every single forum but the Staff Only forum.

Does anyone have a logical explanation for this?

Confirmed. As long as you are already a Mod you become a M0d of every forum.

Major security vulnerability.

I would say you have a Permissions Issue. I would first check there.....
 
Besides permissions, can you replicate this yourself on a test account?

How did you add the user to the moderator user group?

How do you set up your moderator permissions?
 
Besides permissions, can you replicate this yourself on a test account?

How did you add the user to the moderator user group?

How do you set up your moderator permissions?

No, can't replicate. Do not wish to install TOR.

Do not remember how added to mod user group was last June

Do not remember how set up moderator permissions was last June.
 
What did analyze permissions show exactly? If test permissions gave you those permissions, then analyze permissions would show it. Tor is entirely unrelated.

It's almost certainly an issue in your permission configuration, such as you applying moderator permissions to the moderating group (thereby giving them all moderator permissions everywhere it isn't explicitly removed).
 
What did analyze permissions show exactly? If test permissions gave you those permissions, then analyze permissions would show it. Tor is entirely unrelated.

It's almost certainly an issue in your permission configuration, such as you applying moderator permissions to the moderating group (thereby giving them all moderator permissions everywhere it isn't explicitly removed).

Here's a little snapshot from his Analyze permissions.
 

Attachments

  • Screen shot 2015-01-23 at 7.46.41 AM.webp
    Screen shot 2015-01-23 at 7.46.41 AM.webp
    25.2 KB · Views: 24
That analyze permission screenshot shows what I expected: you applied permissions via the moderating group. This means that the user receives those permissions everywhere unless explicitly revoked. If you are dealing with forum-specific moderators, you shouldn't specify any "default" moderating group permissions and apply the permissions you want via the "Moderators" system.
 
That analyze permission screenshot shows what I expected: you applied permissions via the moderating group. This means that the user receives those permissions everywhere unless explicitly revoked. If you are dealing with forum-specific moderators, you shouldn't specify any "default" moderating group permissions and apply the permissions you want via the "Moderators" system.

I am dealing with forum specific moderators. Where is the "Moderators" system?
 
I am dealing with forum specific moderators. Where is the "Moderators" system?
AdminCP -> Users -> Moderators -> Create New Moderator
Type in the user name, and then select Forum moderator, and select the forum from the drop down. This will take you to a new check-box permission system for that forum, :)
 
Top Bottom