Possible Security Issues with Guests.

br360 · May 29, 2012, 09:36:20 PM

Hi all.

So as I'm viewing the "who's online" link, I am noticing that there are guests that are doing things that I know I disabled; checking another member's profile, sending a message, etc...

I personally made it so that guests had to register to see anything on the forum, and set their permissions to zero. In fact, when I open another browser, and try to snoop as a guest, I get nothing but the typical "You must be a registered member to read the forum"

Doing some more research, I noticed that each time this has happened, the ip address does not match any other member on the forum, and they all seem to be proxy ips.

Any feedback or advice?

Arantor · May 29, 2012, 10:00:39 PM

Yup, there is no security issue whatsoever.

The log shows what people are *trying* to do, but it doesn't check if they actually *can*. So while you see logs of people trying to access profiles, they actually can't. There isn't such a check for performance reasons.

br360 · May 29, 2012, 10:28:49 PM

Thank you for the reply. At least I can stop being paranoid now.

ApplianceJunk · May 29, 2012, 10:45:48 PM

But if you stop being paranoid they will get you for sure.

News:

Possible Security Issues with Guests.

br360

Arantor

br360

ApplianceJunk