Been trying to find another thread about this, but couldn't.
Is there a Karma exploit? I'm using smf2b4
I have an abuse situation, where a board member is specifically targeting 2 users and giving them negative karma. After checking the logs, I see up to lines within a few minutes where the karma is being applied to the 2 users.
I've specified the setting so that users need 10 posts and 6 hour wait. But still getting through.
I've reset the karma and watched it go up the next day to -150 each for the 2 users.
Luckily I was able to trace the IP from the logs to the user account and banned the user. However I saw that the user tried 3 different IP's to login. Luckily the ban triggers held, but how can I protect my site from this kind of attack?
I don't want to remove the karma, because that implies that the person can come & go as he pleases.
Is there something floating out there that can do this?
I am not aware of any karma exploits. Setting the wait time to 6 hours should have stopped him unless he had other users assisting him in his attack or was using multiple accounts. One alternative would be to place him in a custom user group and deny that group permission to change karma.