The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
Security problem
Hi friends, we have a problem in our site.
The fact is that we have an unauthorized user entering and reading restricted forums. Is a user that do not logs in in any way, so appears as "Guest", but when we look at the "Who is connected" screen, we can see him READING a restricted forum only for moderators. What can be the problem? Do we need to install a security update, patch, module, or something? Thanx a lot. |
#2
|
|||
|
|||
Check your forum permissions, check your user group permissions and then check what access "guests" have to your forums. There is a fair bit to check there and it is possible that you may overlooked something.
If all your security settings are done properly there is no way a guest can see a restricted forum, other than logging in as a user. Sometimes the Who's Online page shows that people are reading restricted pages - but if you look closely it shows that they get a warning or error message. This means that they've accessed the page but not the content and are presented with a message saying that they don't have sufficient access. Other than that - what version do you have? Are you running the latest version? What hacks have you put in the system that could weaken the core security of VB? |
#3
|
|||
|
|||
Quote:
I checked all the permissions, and everything seems to be OK. The problem was in fact what you said: The online users page was showing a user trying to read a restricted forum, so it was showing him the "no permissions" message. It is a courious thing, but the permissions seems to be working ok. We don't have any hack installed, and we are running vb 3.8 We have some other problem, I don't know if you can help us also with this, anyway I open another thread. :-) Thanx again. |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|