Guest viewing things they shouldn't

Started by lchris, January 13, 2011, 05:53:20 AM

Previous topic - Next topic

lchris

I have set Guest to not have access to anything, so how is it that occasionally a guest (not a bot) is able to "see" something? We have had trouble in our community in the past, but this is a new site.

Here is a concrete example from last night

Guest (67.166.54.177) 09:01:25 PM Viewing tech1's profile

The Guest IP is a known person that is likely 'spying' for another site. Silly as all are welcome to register and join, but those in paranoia mode cannot help themselves, I suppose. <g>

tech1 is an admin

So, how was she able to get to that profile as a guest? Any ideas?

I have tried as guest and don't get anywhere.

Thanks for any suggestions.

Illori

can you physically view the profile confirmed as a guest? it is possible and common that the bot/guest is viewing the page but getting an error that they must login to view what is actually on the page

lchris

Thank you for such a quick reply.

No. If I (or other staff) try as guests we don't see anything. We cannot get there at all. I understand about the bots. This is a real person, that is why I asked. I know that IP from past 'troubles'. I want to understand how a person can get to that place as a guest when the rest of us cannot do it when we try as guest. The site is http://forum.susan-boyle-fans.com/ [nofollow], if you want to try. It's SMF RC4.

Illori

then you are just getting the message and they are not able to view anything as you described. it is normal in the who's online list to tell you more details then what a person is actually able to see.

lchris

Illori, I must be missing something. How does a guest even get to that location? There is no link for a guest to follow to get there that I can see.

Illori

they could have gotten it from someone else, or trying known good urls to see if they can get access.

lchris

OK..so, the site is private. So, the likely answer, you think - is that she got a URL from a registered member and tried that?

Illori

or they got the url from another smf forum and changed the user id part of it to a known user id on your forum.

lchris

I see. Though you would have to get the 'known user id on your forum' from a registered member as that is not publicly available.

Illori

you can randomly pick a user id and might get lucky that it works, for example i could pick 12467 from this forum and may get lucky and find it is a valid id.

lchris

Thanks Illori,  Seems to me it would be easier to just register on the forum and look around properly. LOL I guess some prefer the 'cloak and dagger dramas.

Arantor

Well, don't forget that there are plenty of links to user profiles, even when there isn't permission for such.

As for Who's Online, that lists what a user was trying to do, even if the user can't do it. (This is why I wrote a mod for my forum, that if a user tries to do something and it generates an error, that's logged with the online log so I can see it from Who's Online - so if they get an error because they're not allowed to do something, it shows me)

lchris

IncognitoMuse,

If a site is closed, then how do these links become accessible in the first place? She is trying again today - shows up as Guest "looking" at stuff. Sigh.

Arantor

Well, even a forum that's not even accessible to guests still shows up stuff through other means.

But every SMF forum automatically displays a link to user profiles, from say the thread view, without checking if the user can see the link or not. So they will still be logged trying to do these things.

Is the forum closed even to guests? (Admin > Features and Options > Allow guests to browse the forum -> is unchecked)

tesser

I just tried as a guest

hxxp://forum.susan-boyle-fans.com/index.php?action=profile;u=2

and got asked to login  so no one will be seeing any thing  but your logs will show me as looking

i also tried random member id's all go to the login page.

Arantor

That's exactly it - the guest is shown the login page, but the log is showing what they *tried* to do. Nowhere does it say that it was unsuccessful (which is why I modded it for my own sites)

lchris

Thanks Tesser and IncognitoMuse, I so appreciate your taking the time to answer and/or look. What I just don't understand is how many locations this person seems able to 'reach' by 'guessing'? If they are really just getting the login page - why spend hours daily doing this?

tesser

If you and the said ip are no longer freinds  they might be giving you the run around  (mind games)

making you think  they have access as the logs say they do

now i dont know your admin details  or any info  but i can make it show in your logs that im trying to get into your acp

there i just tried your admin control panel  and got this

An Error Has Occurred!
You will have to wait about 2 seconds to login again, sorry.

cloksin

IncognitoMuse, any chance of getting that mod you made?
SMF 2.0.1
SimplePortal 2.3.3

Arantor

Not from me. I gave all my mods away after closing ArantorMods.com, and I'm not writing any more mods for SMF, 70 or so was enough.

Advertisement: