News:

Join the Facebook Fan Page.

Main Menu

Security problem?

Started by pepf, February 21, 2020, 06:56:56 PM

Previous topic - Next topic

pepf

Just looked at the forum for the first time in the morning, and the Users Online showed a Guest viewing the profile of a registered member.

How can that be? Guests can only view posts. They should be able to do nothing else in the whole forum, not even viewing profiles. Why is that?

Checking the IP it seemed to be from a Huawei cloud.

a10

1st, take a look in Admin > Reports > Group Permissions, see if all settings are as expected.
Needs Report Generation (in core features) enabled.
2.0.19, php 8.0.23, MariaDB 10.5.15. Mods: Contact Page, Like Posts, Responsive Curve, Search Focus Dropdown, Add Join Date to Post.

Illori

anyone can attempt to do something, to someone that can view that action whos online will show what the action is. the user that is attempting the action will just get a denied error.

pepf

a10, thanks for this. I didn't know such a convenient table existed. I always thought the 'Reports' tab is for emailing reports which I want to avoid.
Anyway, the only thing that guests are allowed to is to "view events", and I don't really know what 'events' means here. Will look through SMF information to find out.

Thank Illori, that allays my concerns. I just wish there would be a pop-up in Who's Online notifying us that "Viewing" does not necessarily mean the action was successful.

m4z

Quote from: pepf on February 21, 2020, 10:41:05 PM
Anyway, the only thing that guests are allowed to is to "view events", and I don't really know what 'events' means here. Will look through SMF information to find out.

That probably refers to calendar events.
"Faith is what you have in things that don't exist."
--Homer Simpson

Es gibt hier im Forum ein deutsches Support-Board!

pepf


Advertisement: