what should i do?
 

I was looking at the who's online list and there was this one guest. It said that they were moderating. What should i do? I banned the IP address.

Visiting the page doesn't mean it is able to actually do anything. So what we see in WoL isn't always what's actually going on.

For example i could go to your site and manually type in /inlinemod.php but if i am not logged in and/or don't have the necessary permissions, you'll still see me as "moderating" in WoL anyway.

I recommend you check that IP address to see if it is a legitimate hostname - one that normal people use - before banning. You could well be blocking legitimate people especially if it is a mobile service.

Yes there is nothing to worry about. You should have see the https://vborg.vbsupport.ru/external/2015/01/45.png Viewing Error Message next to the Location, so you know they were not actually doing anything.

Also what could of happen is one of your moderators clicking on a saved bookmark and going to a page where they moderate something ... I banned a moderator once for this very thing lol ...

What you can do is do an IP search from the admin panel to see if it belongs to one of your members first ...

i did a search on StopForumSpam and the IP was listed as a spammer.

i did see the viewing error message symbol next to it.

When I first was promoted to admin at the site with which I help, I was startled to see a guest administrating the site...but I was assured by the site owner this is fairly normal to see, and he cited the same issues given in this thread. It is understandable that you found this disconcerting. :D

I would just ignore the issue, unless the same IP is always trying.

I just checked it and the IP was trying to, even though i banned it.

You may have to wait for your online page to update, it will take as much time as you have set in Session Timeout for it to not show anymore.

the hostname was this "rate-limited proxy". There are now a lot of these "rate limited proxy" IPs on my site right now trying to access areas they should not be accessing like the modcp and the admincp. The other admin got an email saying he had been locked out of his account because the failed password attempts. Is someone trying to hack/brute force my site?

What is the useragent string of the users?

what is a useragent string of users?

On your online.php page scroll to the bottom and for the option User Agent: select Yes, then click on the display button.

This little edit will make your site always show you the UA strings in WoL:

https://vborg.vbsupport.ru/showthread.php?t=306009

this is what it gave me

Need to see the entire UA string, IP and all.

Then they are safe, http://en.wikipedia.org/wiki/Mediabot

This is why we need to see the whole thing, especially the IP. Might be a spoofed UA.

That is all they use, https://support.google.com/webmaster.../1061943?hl=en

But it will be from their IP. Not some singapore spammer IP.

True, but we don't know the IP as it was not asked yet. :p

Other than me asking for the whole UA string including the IP.:D

But they do not add it, that is what I said, it only shows up as Mediapartners-Google

it is currently not online. I will give the hostname when it is online again. It was also trying to register.

If it is in the below IP ranges you should be ok.

robots ip address ranges Google (Googlebot)

From | To
64.233.160.0 | 64.233.191.255
66.102.0.0 | 66.102.15.255
66.249.64.0 | 66.249.95.255
72.14.192.0 | 72.14.255.255
74.125.0.0 | 74.125.255.255
209.85.128.0 | 209.85.255.255
216.239.32.0 | 216.239.63.255

Also if they are showing up as guests, you are not using the most current spiders.xml

You need to get it from here, vBulletin Spiders List Hits 1000 Spiders!

I am now locked out of my account on my site for 15 minutes. seems i tried to get brute forced. I will update after my account is unlocked.

On here or your site, or mine?

on my site. The other admin was locked out a while ago.

Well that stinks.

yes it does. I just googled it, and there was a tutorial on how to spoof your IP and make it look like you are a google bot. Maybe someone is doing that.

Doubtful since the site is so new.

it could be joey.

Who or what is joey?

Not hard to spoof google adsense using Brutus, or most any other brute force type password cracking tool.

Just some troll that follows me around on every forum i go on. I was on his fish site, until he blocked my IP for no reason, and joined my friends site .under the name elaine and used his avatar, but changed the words on it so it said elaine instead of joey and the IP traced back to Truro, Nova Scotia (joey lives in Truro, Nova Scotia) and then he tried to get into my friend's site. I posted a link to my vBulletin site on my friend's site, and maybe joey found his way there.