I am having a problem with settings changing on my board

for example the other day I went in to change something on 1 of my usegroups and I found there to be 4 usergroups called admins :ermm:

Now I know I haven't set these up and I asked everyone that has access to that part of the admin cp and non of them have touched it, now the funny thing is this happened as a guest was online a guest who I know has a grudge since I banned them (knew it was them through true IP)

Is there any possible way anyone could be getting into my forum and into places they shouldn't without being registered? If there is can I stop that?

Thanks

I am having a problem with settings changing on my board

for example the other day I went in to change something on 1 of my usegroups and I found there to be 4 usergroups called admins :ermm:

Now I know I haven't set these up and I asked everyone that has access to that part of the admin cp and non of them have touched it, now the funny thing is this happened as a guest was online a guest who I know has a grudge since I banned them (knew it was them through true IP)

Is there any possible way anyone could be getting into my forum and into places they shouldn't without being registered? If there is can I stop that?

Thanks

That's always a possibility. The weakest security point and most obvious place to check first would be the passwords you're using to log in. How strong are your passwords? Have you changed them all, recently? What about ftp access on the server side?...that's password protected, too. Same thing if you're using phpmyadmin for access to your data files. You could also check your admin logs from the ACP to see if anyone's been doing something they won't admit to you.

I expect someone else will post here, as well... to offer a few more technical suggestions for you ... but maybe that'll help with some basic information. Your host might also help you with more advice on monitoring server activity and securing your site.

Hope it works out ok for you...

All members as far as I know have unique passwords which this guest would not know, i will take a look at the admin logs, unfortunatly my host will notgive help to any 3rd party programs etc

Thanks for that

Nikki xx

Have a look through your admin logs and try and work out when this happened, eliminate other admins (did you do anything at X time on X day?) until you find out who did it.

Then you can check the ip of that action and run some comparisons.

Lol may sound daft but I have lost it, where do I find the admin logs :S

Thanks

Lol may sound daft but I have lost it, where do I find the admin logs :S

Thanks

In your ACP, go to Usergroups > Administrator Permissions > View Control Panel Log ... for each of the admins you haven't eliminated yet.

/me notes the password protection howto linked in his sig.

That's a nice addition for better security for the ACP. Thanks, Chris.