| Author |
 Topic  |
|
Blimp
Starting Member
Sweden
33 Posts |
 Posted - 23 September 2002 : 09:57:52
|
I think I have found a moderator security issue, or am I doing something wrong.
Information regarding the system:
- We have two categorys (Cat1 and Cat2)
- We also have two forum (Cat1/Forum1 and Cat2/Forum2)
- Cat2 is set to allowed members only(Hidden) and the its locked and all forum and topics below have also the locked ikon.
-We have also a moderator (mod1) that are a moderator for Cat1/forum1, nothing else.
The mod1 is able to create topics of under Cat2/Forum2. Mod1 is not an moderator for this forum. Is this correct?
/Blimp
|
//Blimp |
Edited by - Blimp on 23 September 2002 09:58:10 |
|
|
davemaxwell
Access 2000 Support Moderator
USA
3020 Posts |
Posted - 23 September 2002 : 10:40:33
|
Is Mod1 an allowed member for Forum2? If so, that's how they would be able to post to the forum.
If not, check the mods you installed so any problems with security. You'd want to look in post.asp and post_info.asp. |
Dave Maxwell
Barbershop Harmony Freak |
 |
|
|
Blimp
Starting Member
Sweden
33 Posts |
Posted - 23 September 2002 : 10:51:45
|
the mod1 is a member, and all members is allowed to view this page, but mod1 is no mod for forum2.
Will this mean that i have to go back and do some mod hacking   .
|
//Blimp |
Edited by - Blimp on 23 September 2002 10:52:06 |
|
|
|
davemaxwell
Access 2000 Support Moderator
USA
3020 Posts |
Posted - 23 September 2002 : 11:26:51
|
| What I am saying is that if mod1 is on the allowed members list, he will be able to post topics and replies into forum2. All "allowed members only" does is prevent entrance into the forum. You will need to either hack the forum permissions some OR lock the forum so that only the moderator can posts topic/replies. |
Dave Maxwell
Barbershop Harmony Freak |
|
|
|
Blimp
Starting Member
Sweden
33 Posts |
Posted - 23 September 2002 : 16:40:03
|
The cat2 and the forum2 is locked
Moderation Not Allowed in the Category
still can mod1 add topics and there are no moderation allowed
You said it was a way to hack the forum premissions, do you know with file? Or can I change it in the DB?
btw, I have removed all my mods and still gets this issue.
//Blimp |
//Blimp |
Edited by - Blimp on 23 September 2002 16:40:52 |
|
|
|
Nikkol
Forum Moderator
USA
6907 Posts |
Posted - 23 September 2002 : 17:57:50
|
| If you've locked the category and forum, then no one except moderators of those forums and admin should be able to post. Is it just this one user that can post or can all users post in that forum? Can you set up a test account and give the url of your forum? I'd be happy to help you test it. |
Nikkol ~ Help Us Help You | ReadMe | 3.4.03 fixes | security fixes ~ |
|
|
|
Blimp
Starting Member
Sweden
33 Posts |
Posted - 23 September 2002 : 18:15:29
|
www.course.nu
http://www.course.nu
Name: ****
Pass: ****
Please delete this info when you have it.
btw, I have put back the mods sins it had the same problem without them.
rgds
//Blimp |
//Blimp |
Edited by - ruirib on 23 September 2002 18:40:14 |
|
|
|
Nikkol
Forum Moderator
USA
6907 Posts |
Posted - 23 September 2002 : 18:19:11
|
| k, if you want to edit your above post to remove that info...I got it now. I don't have the ability to edit it. I'll let you know what happens with my testing. |
Nikkol ~ Help Us Help You | ReadMe | 3.4.03 fixes | security fixes ~ |
|
|
|
Nikkol
Forum Moderator
USA
6907 Posts |
Posted - 23 September 2002 : 18:22:02
|
Any reason you have Cookie Mode Off?
Also, is the account you gave me a regular member? I just posted in a locked forum on a locked topic.
You have lots of modifications to your forum...it might be due to some changes you've made.
For the record ... I see one category and two forums as the user you gave. The category and the two forums in that category are showing as locked. |
Nikkol ~ Help Us Help You | ReadMe | 3.4.03 fixes | security fixes ~ |
Edited by - Nikkol on 23 September 2002 18:25:16 |
|
|
|
Blimp
Starting Member
Sweden
33 Posts |
Posted - 23 September 2002 : 18:45:46
|
The cooki mode reason, is was set to off, when I tested the issue.
And yes, I have a few mods installed, but I had them removed with the same issue, (could it be that one mod has done this? I have two more forums without the problem on the same phsical server with some other IP addreses.
And its correct that you chould se those forums, I have some more forum thats ar hidden expect for some users.
|
//Blimp |
Edited by - Blimp on 23 September 2002 18:46:42 |
|
|
|
Nikkol
Forum Moderator
USA
6907 Posts |
Posted - 23 September 2002 : 18:47:26
|
k, can you set Non-Cookie Mode to Off so I can test it with that setting?
Also, do you have Secure Admin ON??? |
Nikkol ~ Help Us Help You | ReadMe | 3.4.03 fixes | security fixes ~ |
Edited by - Nikkol on 23 September 2002 18:49:00 |
|
|
|
Blimp
Starting Member
Sweden
33 Posts |
Posted - 23 September 2002 : 18:50:01
|
Some thing has happen to my internet connection at the office, I cant reach any host at a moment.
I will come back to you as soon its up again.
|
//Blimp |
|
|
|
Blimp
Starting Member
Sweden
33 Posts |
Posted - 23 September 2002 : 19:11:26
|
The none cookie mode is set to off
I hate my ISP at home I Have to run VPN to the office and brows from there.
//Blimp
|
//Blimp |
|
|
|
Blimp
Starting Member
Sweden
33 Posts |
Posted - 23 September 2002 : 19:19:39
|
I have been testing in my other forums and they works fine.
For a few minutes ago I copied all my forum files from the course forum to one of my others, and the issue didn't appeare.
Could it be something in the database, that is the only thing that is a difference in-beween them now.
I have put in the same account and password to www.santesson.se/forum.
Be where, in this forum we talk swedish  , but I think you will manage.
|
//Blimp |
Edited by - Blimp on 23 September 2002 19:24:12 |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 23 September 2002 : 19:23:40
|
| I've just checked that with non-cookie mode on you can indeed post in locked topics. That seems to have been the problem previously. If you set non-cookie mode to off the problem should not manifest itself any longer. If it persists then it can only be due to some change due to a mod. |
Snitz 3.4 Readme | Like the support? Support Snitz too |
|
|
|
Blimp
Starting Member
Sweden
33 Posts |
Posted - 23 September 2002 : 19:30:26
|
Thx and thx again.
I have also been testing it and reproduse it on the other forum with the same results.
FYI: The mods that have been installed is all from the 20 mods that serverhacker have bundled version 004.
Many thanks, now I can sleep. |
//Blimp |
Edited by - Blimp on 23 September 2002 19:44:35 |
|
|
|
Topic |
|
Topic Locked
