Interpret for Error Log needed

MaryLouW · November 25, 2017, 06:36:26 PM

In checking my error log today, I found four entries all on the same date (different times) but I do not understand what the error means. The person who's name was on the log joined last April but has never posted a message or anything. I have never seen a message like this on my error log so it somewhat worries me. Can anyone help? Tell me what this means, please?

Kindred · November 25, 2017, 07:41:24 PM

Looks like some sort of mod which allows you to reorganize the admin section....

MaryLouW · November 25, 2017, 07:47:29 PM

That was my conclusion but how did this person manage to do that? It doesn't look like he was successful but, how did he get that kind of access?

Kindred · November 25, 2017, 07:51:11 PM

He doesn't have that access, unless you have messed up permissions...

But lack of access does not stop someone from inputting a url...

MaryLouW · November 25, 2017, 08:11:25 PM

I have not changed my permissions in years - but my question here is, how did this get on my error log? Is this a person that I should perhaps ban? He was somewhere in the system for this to show up on my error log.

drewactual · November 25, 2017, 08:32:27 PM

it doesn't look like he/she was in... it looks like they were attempting to enter the manage attachments area and hoping your permissions or sessions challenge was not working...

by all means, ban that IP. it can't hurt anything.

MaryLouW · November 25, 2017, 08:38:14 PM

Thank you! That's exactly what I plan to do. He has been on my forum since last April. Visits often but has never posted a message. It appeared to me that he was trying to hack into my system for some reason. He was on-line today - maybe coming back to try again ? Anyway, I think a ban is the way to go.

drewactual · November 25, 2017, 08:51:01 PM

he may not be the person who registered... he may have just gained access to the person who registered.

send the registered person's provided email a message asking what is going on... you may find they aren't the same. and if so, you'll retain a member while ferreting out a hacker.

MaryLouW · November 25, 2017, 09:29:31 PM

This person was just on-line so I sent him a message asking why he was trying to hack my system. He said he wasn't, he was just clicking links here and there. So, I asked him exactly what links he was clicking. He said the Admin link. That took him to the control panel. He was clicking on the links that show past versions, updates, etc. However, when clicking on the links beyond that, such as boards, permissions, and such, that took him right back to where he was - the intro area when you click the admin button.

I don't recall this every happening before and it should NOT happen. So, I logged out and logged back in as a regular user. Sure enough, when I clicked on the Admin link, I was taken to the "welcome admin" area. Fortunately, he was not able to "break" anything but he generated those error messages by clicking in the links that were available there.

How can I prevent that from happening?

drewactual · November 25, 2017, 09:54:50 PM

scour your permissions and only grant the ones needed for each group... i'd rather users have too little than too much, but that's just me...

MaryLouW · November 25, 2017, 10:04:53 PM

I already did that. As a regular user, I can still access the admin area. I can't find anywhere that would allow that to happen. I only have a regular group, staff group, and admin group. I've checked all of them and cannot see anything that would allow them to access the admin area other than those who are supposed to have access (staff and admin). Did't help.

drewactual · November 25, 2017, 10:31:46 PM

yup... you're right... but... how did this member know where to find "attachments"? is that option available to them? or... are they familiar with SMF enough to request that function via URL?

i'd watch that rascal.

MaryLouW · November 25, 2017, 10:43:03 PM

I have no idea - he said he was just clicking around on various links because they were available to him. He was exploring. He should NOT have been able to even get that far to start with and I don't see any way to disallow it.

drewactual · November 25, 2017, 10:48:41 PM

you can't stop someone who knows (likely) valid links from typing them in... for instance, i know what version of SMF you run... all i need to know is your web address to try to touch files i know are in your site, because they're in mine, too...

there is nothing for you to worry about with that attempted entry... your machine did what it was supposed to do which is deny, and make note of it. he/she would need to be a lot more clever to get in- and that isn't as easy as it sounds.

MaryLouW · November 25, 2017, 10:53:18 PM

Maybe so but NO user should be able to access the Admin area if they are not authorized.

drewactual · November 25, 2017, 10:55:40 PM

so they'll see the credits... that's pretty much all they get.

Sir Osis of Liver · November 25, 2017, 11:10:27 PM

Thought I had access to your forum, can't find it. If you cam pm admin access I'll take a look.

Sir Osis of Liver · November 26, 2017, 12:25:29 AM

Something's broken. Created a regular member account, I see Admin link. Didn't try all links in ACP, most revert to main admin page, but I can get into News and Newsletters. Don't see anything amiss in permissions. I would try uninstalling SMF 2.1-style Admin Area mod. Offhand I'd guess Harvey wasn't screwing around, just curiousity seeing Admin link. I'd probably do same thing.

MaryLouW · November 26, 2017, 12:43:46 AM

Do you know if anyone else is having this problem?? Not sure what to uninstall.... but I think this leaves me open to a lot of trouble.

Sir Osis of Liver · November 26, 2017, 12:44:42 AM

Can you attach your /Sources/Subs.php?

News:

Interpret for Error Log needed