Admin member without permissions

Started by Gentleman99, August 05, 2012, 05:33:44 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Gentleman99

August 05, 2012, 05:33:44 PM
Hello there.
I got a SMF 2.0.2 board and running really great but somehow there's a member who is able to give himself admins permissions. He's "friendly" and has no bad intentions but i checked every permission and he's not doing any "additional groups" - he also has no password of any moderator (checked logs and changed personally every password also mine) and changed passwords of server/hosting/cpanel/ftp ...everything. Nothing on him but it gives me sense of "stupidity" because he can do everything he wants with MY forum and if another one comes with his same "powers" he could destroy our forum... how this is possible? i'm 100% safe on giving him passwords and changed them one by one 3 times in 2 days... but this scares me.

Hope i wrote everything good and you can understand, i'm italian. :)

emanuele

#1
August 05, 2012, 05:58:59 PM
Ciao Gentleman99 e benvenuto su sm.org! :P

Well...no, to me it's not completely clear, in particular this part:
Quote from: Gentleman99 on August 05, 2012, 05:33:44 PM
and changed passwords of server/hosting/cpanel/ftp ...everything.
If he can change the password of your cpanel...well, that's a bit scary and you probably have some bigger problem there...

If you feel more comfortable, you can come to the Italian board and explain your the issue in Italian so that we can understand each other better. ;)


Take a peek at what I'm doing! ;D



Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

Arantor

#2
August 05, 2012, 06:07:26 PM
First step: do a virus check on your computer.

Mstcool

#4
August 05, 2012, 10:02:56 PM
I think he said that GentleMan changed his own password for cpanel and all that stuff not the guy who has admin powers.

Gentleman99

#5
August 06, 2012, 04:15:33 AM
Quote from: Mstcool on August 05, 2012, 10:02:56 PM
I think he said that GentleMan changed his own password for cpanel and all that stuff not the guy who has admin powers.

Yes. For security reason I changed all passwords related to cpanel and other stuff, but he still has the powers.
Now I'm solving this with emanuele in Italian support, but thank you!

Mstcool

#6
August 06, 2012, 04:38:53 AM
Good Luck with it! :)

Arantor

#7
January 13, 2014, 02:32:36 PM
Well, there's been no resolution of this, but if there's no additional groups or anything (and he's not in the master admin group), that either means he has some permissions granted by something else, or the core code has already been changed in some other fashion.

Fresh set of files would eliminate the latter, the user's profile > permissions should eliminate the former.

Also, it's possible that this can happen in the event of deleting the 0-member post count group.

Pending further information/investigation I'm going to move this to the closed reports board simply because without further information we can't do anything, and it's been a long time without any follow-ups (so I kind of assume the problem has gone away)
Print
Go Up Pages1
User actions
Advertisement: