| Author |
 Topic  |
|
Sting-USA
Starting Member
USA
34 Posts |
 Posted - 09 August 2007 : 13:56:35
|
| I approved a new member. A while later I discovered that this new member somehow has admin control. I don't have permission to modify an admin. He may have turned off "New Members." And may be responsible for other strange events recently. I have admin control of the forum and admin control over the website it's on. How do I get rid of this user? |
Steve "Sting-USA" |
|
|
huwtest
Moderator
30 Posts |
Posted - 09 August 2007 : 14:18:26
|
what version of the forum are you using ? this was an issue with one of the older versions and should not affect the current version.
If you are on an older version, download or log in to your db and delete the user. then upgrade to the latest version.
If you are indeed using the current version, please ask your host for a copy of your weblogs and email them to us so we can find out how they did this.
Also give us a list of all mods that you have installed incase it is a problem with a Mod that has enabled them to do this. |
 |
|
|
HuwR
Forum Admin
United Kingdom
20600 Posts |
Posted - 09 August 2007 : 14:19:27
|
| that was actually me posting, didn't realise I was logged in with my test account. |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
|
|
Sting-USA
Starting Member
USA
34 Posts |
Posted - 09 August 2007 : 18:04:20
|
Hi,
That's correct v3.4.03...
No mods... |
Steve "Sting-USA" |
Edited by - Sting-USA on 09 August 2007 18:06:56 |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 09 August 2007 : 20:46:15
|
That version has several security issues, for which we have posted fixes in the Security Related bug fixed forums.
If you have no mods I would advise you a migration for the latest version, which will not be hackable using the hacks now used to hack 3.4.03. You should then check all admins to make sure they are valid and lock or delete any admins that may have been created by the hacker. After that you should be safe.
We have subscriptions enabled for the Security Related Bug Fixed forum. I'd advise you to subscribe to the forum, in order to know about any security fix that may be released in the future. |
Snitz 3.4 Readme | Like the support? Support Snitz too |
|
|
|
Sting-USA
Starting Member
USA
34 Posts |
Posted - 10 August 2007 : 04:03:57
|
Hi,
Thank you for all the answers... Even though I've had our Forum open for over 5 years, I barely remember where everything is. Everything has always performed flawlessly, I've never needed to work on it. Subscription sounds like a great idea for staying current, I will subscribe later today!
Since I don't have his password, I haven't been able to lock, delete or edit or in any way alter the unauthorized users account within the Snitz program. I get a "No Permission to modify admin" message.
I've located the database for our Forum on the website. It's a Microsoft Access file. I thought I had a copy of access, but don't seem to. I haven't been able to even look into that database yet. Is mine one of the "Older Forum Versions" where deleting the unauthorized user from the db would be appropriate? Do I need to get a copy of MS access to edit the db? |
Steve "Sting-USA" |
|
|
|
Shaggy
Support Moderator
Ireland
6780 Posts |
Posted - 10 August 2007 : 04:32:25
|
Give this script a whirl, it will allow you to edit your database online. What you need to do is change the value of M_LEVEL for the offending member to 1 (normal member) and then you will be able to lock the account, or you can lock it while changing the M_LEVEL by changing the value of M_STATUS to 0.
|
 Search is your friend
“I was having a mildly paranoid day, mostly due to the
fact that the mad priest lady from over the river had
taken to nailing weasels to my front door again.” |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
|
|
Sting-USA
Starting Member
USA
34 Posts |
Posted - 11 August 2007 : 00:04:31
|
Hi,
I went through the motions with the admin_passreset.asp It didn't seem to make any difference. After I reset the badguys password I couldn't logon as the badguy with his new pword. It didn't seem to change the admin pword wither.
I have downloaded and installed the table editor, but haven't figured out how to use it yet. |
Steve "Sting-USA" |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
|
|
Sting-USA
Starting Member
USA
34 Posts |
Posted - 17 August 2007 : 04:29:42
|
| I put the admin_passreset.asp in the same folder with all the other Snitz .asp files, then I loaded that file. I recall it changed screens and asked for the new pword and confirmation. It just didn't work. I tried it on the badguy username and on the primary admin account (no discernable effect). I didn't try to change my admin level user account (I didn't want to risk being locked out somehow). Was that the correct procedure? |
Steve "Sting-USA" |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
|
|
alltp
Starting Member
36 Posts |
Posted - 17 August 2007 : 23:58:51
|
| As a new admin of a Snitz forum, I can't recommend strongly enough to upgrade to the latest version. It will really simplify your life. |
John Hill
www.alltp.com
www.tabletpcbuzz.com
www.tabletpcbuzz.com/3dbuzz |
|
|
|
Sting-USA
Starting Member
USA
34 Posts |
Posted - 21 August 2007 : 13:20:17
|
Hi,
I think I saw a message that said the pword had been changed.
I'll be happy to upgrade to the newest version. I'd sure be more comfortable having this guy booted, or at least locked out before I try anything major. He's making changes around the Forum faster than I can make it right. He's adding new members (linked to dating sites in Russia, etc.) Then he makes changes so there are no new members allowed, etc. I am trying the passreset again today. If it doesn't work, I am seriously considering closing the Forum down after 5 years. The fix appears to be beyond my technica capability and I can't keep up with the volume of BS work this guy/bot is making for me. Unless someone has a better idea that will work.
Will a version upgrade allow the fix to work? |
Steve "Sting-USA" |
Edited by - Sting-USA on 21 August 2007 13:23:04 |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
|
|
Topic |
|
Topic Locked
