Hello All,

For the last little while I have been noticed that sometimes regular members try to access the staff section on our website. On the Who's Online area they do get a Stop Sign message. However, this begs the question of how do they know the particular url address for a thread which resides in the staff section. I do not know if this a VB flaw or not.
I am running VB 3.6. If anyone could shed some light on this issue I would greatly appreciate it.

Thank you kindly for your time.

Either you have link somewhere, or they are simply guessing at threadids.

some settings make the forums not displayed by default on forumdisplay but make them appear on forumjump... take care to set the proper permissions to these forums, not only the display of them.

Either you have link somewhere, or they are simply guessing at threadids.

Thank you Paul for your reply. We dont have any links to any of the Staff threads outside the Staff section. If the person is guessing they are doing a decent job of it.

some settings make the forums not displayed by default on forumdisplay but make them appear on forumjump... take care to set the proper permissions to these forums, not only the display of them.

I will definitely look into that. Thank you for the advice.

Also CYB - Advanced Forum Statistics Shows Recent Threads From All Forums, Hidden Included.

Also CYB - Advanced Forum Statistics Shows Recent Threads From All Forums, Hidden Included.

Is that an installed hack that one has to have on VB? Or is it something any regular user can employ?

Its an addon you have the options to install, not required

Are you sure its not google bots, because they try to index every little bit of information they can get, even PM's that you have sent, they pick up that you have sent it and try read the information.

Its an addon you have the options to install, not required

Thank you for the info.

Are you sure its not google bots, because they try to index every little bit of information they can get, even PM's that you have sent, they pick up that you have sent it and try read the information.

Yup Im pretty sure its not a bot. It was an actual member who was new. Which was pretty odd. I know there is a way to insert a .txt to prevent bots from crawling areas that dont need to be indexed.

I wonder though if its possible to to password protect just this restricted section using .htaccess

Its certainly possible with htaccess. Also what I suggest you do is change the name of your admincp and modcp directories to something other than default like admincpx

Jkust make sure you change the appropriate setting in your config.php file and in admin cp settings (if req)

If you do see this happening again - I would suggest you note down the IP address of that user trying to access that forum, and try matching it to any registered user if it is a guest.
Then by taking neccesary precautions to stop this happening again...