Unknown Action - Guest Accessing Admin Panel

Started by desperatefans, October 12, 2010, 07:08:01 PM

Previous topic - Next topic

desperatefans

I am running hxxp:desperatefans.org/forum [nonactive] on the 2.0 RC3 format and I frequently have little monkies who are popping up with unknown actions in the users online panel. I don't have the shoutbox running (so that is not the problem). Instead of a normal expected message I keep getting guests who have these attached to them:

8: Undefined index: image
?action=admin;area=profile_info

I would like to know a) how the hell they are getting into my admin panel if they are a guest, and why does it log as an unknown action. I don't have lax settings, but somehow I keep having people stumble around in there. What are my options to keep them out?

Considering I was told repeatedly that SMF was really secure, this is really making me doubt that.

gbsothere

In Admin==> Permissions, what permissions do your guests have?

The thing about these types of actions is that it's not always what someone is actually doing but what they are attempting to do (unsuccessfully).  You're seeing the attempt while they are seeing an error message (unless permissions allow them to access certain areas, such as your admin panel).  The error you've posted belongs to one of the mods, and they're throwing it, in their attempt to access.

Here's a neat little trick that sheds further light on some of the unknown actions.  (It parses the same for RC3 as it does for 1.1.11; only a source file is edited).  If you decide to do it, back up your original file from your server (in case you need to reupload it).

:)

http://www.simplemachines.org/community/index.php?topic=192529.msg1225427#msg1225427
My apologies, but I am taking a break from accepting PM requests for support.  If I am not currently assisting you, please do not ask as long as this notice is posted.  Thank you.

I Don't Want To Grow Old Alone


It has been proven that Steely Dan reduces the occurrence of road rage, according to an independent study.



A reminder about admin / ftp passwords etc.

desperatefans

They can view polls and the calendar. :/

It just frustrates me because I do see little things getting shifted, and my IP Deny manager is the length of Atlanta.

I'll take a look at the trick, and hopefully that helps. I've had my board get hacked and purged too many times by the same guy and he's the one trying to poke around right now.

Thanks for your help.

gbsothere

For now, until he gets bored and moves on, you might want to take away all guest permissions (zero) and also set it so that guests can't view the forum.  Also, have a look at some of the mods that add extra security.

http://custom.simplemachines.org/mods/index.php?action=search;type=13

(Posters ask about "unknown action" often, but, unless a person has permission for a specific action, he or she is only attempting but they're getting an error message.  Test this out by creating a test newbie account and logging in and trying to access the admin area.  Also, take away all guests permissions and try to access by adding ?action=admin to the end of your forum URL.  You'll get an error message.)

;)
My apologies, but I am taking a break from accepting PM requests for support.  If I am not currently assisting you, please do not ask as long as this notice is posted.  Thank you.

I Don't Want To Grow Old Alone


It has been proven that Steely Dan reduces the occurrence of road rage, according to an independent study.



A reminder about admin / ftp passwords etc.

desperatefans

Thanks, I may do that. I feel bad because it hinders all of my other users who aren't sure whether they are wanting to join or not but this has been going on long enough.

He is a hacker, albeit I don't know how well his talents are and this knowledge always has me on edge.

Hopefully this will finally do the trick so thanks for all of your help!

Oya

http://arantormods.com/index.php?action=media;sa=item;in=24 might help actually, if they're trying to access something they shouldnt, they'll get an error message - that mod will let you see what it is

Aleksi "Lex" Kilpinen

Hi desperatefans, have you been able to sort things out - or do you still need assistance on this?
Slava
Ukraini!
"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

Advertisement: