The Arcive of Official vBulletin Modifications Site.

Rickie3 · #1 06-11-2006, 04:32 AM

I'm hoping someone here can give me some advice,ok here goes
I created some private forums on my board that certain usergroups can view only
the usergorups that have access are
V.I.P colour Purple
Moderators colour Blue
Super Moderators Green
Admins Red.

Now my normal registered users are not allowed access to these forums at all unless i give them access

Normal registered usergroup colour is black.

Ok what happened some of the content from the private sections were taken screenshots of and given out to the public,which has made me very upset and very hard to pin point who and what member was responsiable.I have the hack installed that shows what member has viewed the thread.To my surprise a normal registered user was able to view that private thread,i have checked all my logs and that users permissions,and cant see how this member could view that thread,do i have a security issue on my board how could someone access pages without having the right permissions??? i'm at a loss
see my screenshot below the normal registered user who's name is in black and i have circled red should not have been able to access that forum at all,please can someone help.

Boofo · #2 06-11-2006, 04:41 AM

Quote:

Originally Posted by Rickie3

I'm hoping someone here can give me some advice,ok here goes
I created some private forums on my board that certain usergroups can view only
the usergorups that have access are
V.I.P colour Purple
Moderators colour Blue
Super Moderators Green
Admins Red.

Now my normal registered users are not allowed access to these forums at all unless i give them access

Normal registered usergroup colour is black.

Ok what happened some of the content from the private sections were taken screenshots of and given out to the public,which has made me very upset and very hard to pin point who and what member was responsiable.I have the hack installed that shows what member has viewed the thread.To my surprise a normal registered user was able to view that private thread,i have checked all my logs and that users permissions,and cant see how this member could view that thread,do i have a security issue on my board how could someone access pages without having the right permissions??? i'm at a loss
see my screenshot below the normal registered user who's name is in black and i have circled red should not have been able to access that forum at all,please can someone help.

That's really not that hard to do. I'm not sure how the read a thread hack works, but all a user has to do it directly link the thread and it would show them as viewing it even though they can't see it (if the hack works like I think it does).

What is sounds like to me, and bear with me on this, is that you have a Staff member somewhere that has figured this out and has either used the account to do this or is working in cahoots with the said user. Is this a possibility?

Rickie3 · #3 06-11-2006, 05:10 AM

Hi Bob thanx for replying,i have checked all the admin logs and moderator logs and found nothing out of the ordinary,I also created a dummy registered user and used the thread direct link and it did not show the dummy as viewing that thread,this is why i'm at a loss

Boofo · #4 06-11-2006, 05:28 AM

Quote:

Originally Posted by Rickie3

Hi Bob thanx for replying,i have checked all the admin logs and moderator logs and found nothing out of the ordinary,I also created a dummy registered user and used the thread direct link and it did not show the dummy as viewing that thread,this is why i'm at a loss

Well, then I would think you have a rogue staff member that might have granted the user in question access at one time, long enough to view that thread and then set it back to throw you off. As bad as that sounds, I have seen it done in the past. No other way it can be going down in my book.

And logs are easy to manipulate.

MrZeropage · #5 06-11-2006, 05:32 AM

If you are using the latest version of Paul M's Hack "who viewed this thread", it should tell you the exact date+time when the user viewed it while hovering the mouse over the username. Maybe this helps to track down the issue a little, just look who was online in that time ect...

Rickie3 · #6 06-11-2006, 05:54 AM

@MrZeropage i am running the latest hack and it does give the date and time,,but it still really doesnt norrow who could have been resposiable,I cant going accusing someone when i just dont know who it could be,and in the same time i dont want to punish all the members who have access to the said forums,i guess i'm in a no win situation,so to save face i have locked down those forums so only my admins and mods have access

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.04685 seconds Memory Usage 2,233KB Queries Executed 14 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (1)ad_showthread_firstpost (1)ad_showthread_firstpost_sig (1)ad_showthread_firstpost_start (2)bbcode_quote (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)navbar (3)navbar_link (120)option (6)post_thanks_box (6)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (6)post_thanks_postbit_info (6)postbit (1)postbit_attachment (6)postbit_onlinestatus (6)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_postinfo_query fetch_postinfo fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_attachment postbit_display_complete post_thanks_function_can_thank_this_post_start tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!