Karma Exploit?

[thecyr]

Been trying to find another thread about this, but couldn't.

Is there a Karma exploit? I'm using smf2b4

I have an abuse situation, where a board member is specifically targeting 2 users and giving them negative karma. After checking the logs, I see up to lines within a few minutes where the karma is being applied to the 2 users.

I've specified the setting so that users need 10 posts and 6 hour wait. But still getting through.

I've reset the karma and watched it go up the next day to -150 each for the 2 users.

Luckily I was able to trace the IP from the logs to the user account and banned the user. However I saw that the user tried 3 different IP's to login. Luckily the ban triggers held, but how can I protect my site from this kind of attack?

I don't want to remove the karma, because that implies that the person can come & go as he pleases.

Is there something floating out there that can do this?

[Oldiesmann]

I am not aware of any karma exploits. Setting the wait time to 6 hours should have stopped him unless he had other users assisting him in his attack or was using multiple accounts. One alternative would be to place him in a custom user group and deny that group permission to change karma.