Advertisement:

Author Topic: Security problem?  (Read 382 times)

Offline pepf

  • Semi-Newbie
  • *
  • Posts: 70
Security problem?
« on: February 21, 2020, 06:56:56 PM »
Just looked at the forum for the first time in the morning, and the Users Online showed a Guest viewing the profile of a registered member.

How can that be? Guests can only view posts. They should be able to do nothing else in the whole forum, not even viewing profiles. Why is that?

Checking the IP it seemed to be from a Huawei cloud.

Offline a10

  • Charter Member
  • Sr. Member
  • *
  • Posts: 988
Re: Security problem?
« Reply #1 on: February 21, 2020, 07:29:53 PM »
1st, take a look in Admin > Reports > Group Permissions, see if all settings are as expected.
Needs Report Generation (in core features) enabled.
2.0.17, ssl, php 7.3.19, 10.3.21-MariaDB
Mods: Contact Page, Like Posts, Responsive Curve, Search Focus Dropdown, Add Join Date to Post.

Offline Illori

  • Project Manager
  • SMF Legend
  • *
  • Posts: 52,474
Re: Security problem?
« Reply #2 on: February 21, 2020, 08:05:28 PM »
anyone can attempt to do something, to someone that can view that action whos online will show what the action is. the user that is attempting the action will just get a denied error.

Offline pepf

  • Semi-Newbie
  • *
  • Posts: 70
Re: Security problem?
« Reply #3 on: February 21, 2020, 10:41:05 PM »
a10, thanks for this. I didn't know such a convenient table existed. I always thought the 'Reports' tab is for emailing reports which I want to avoid.
Anyway, the only thing that guests are allowed to is to "view events", and I don't really know what 'events' means here. Will look through SMF information to find out.

Thank Illori, that allays my concerns. I just wish there would be a pop-up in Who's Online notifying us that "Viewing" does not necessarily mean the action was successful.

Offline m4z

  • 98.8% chimp
  • Localizer
  • Sophist Member
  • *
  • Posts: 1,089
  • /mɛs/
Re: Security problem?
« Reply #4 on: February 22, 2020, 04:02:13 AM »
Anyway, the only thing that guests are allowed to is to "view events", and I don't really know what 'events' means here. Will look through SMF information to find out.

That probably refers to calendar events.
"Faith is what you have in things that don't exist."
--Homer Simpson

Offline pepf

  • Semi-Newbie
  • *
  • Posts: 70
Re: Security problem?
« Reply #5 on: February 22, 2020, 07:24:40 AM »
Thank you all.