The Forum has been Updated
The code has been upgraded to the latest .NET core version. Please check instructions in the Community Announcements about migrating your account.
I had a look at my 'Active Users' tonight and found several 'Guests' viewing 'Admin Options', more specifically these links:
http://www.mysite.com/forum/post.asp?method=-1%27&forum_id=14
http://www.mysite.com/forum/post.asp?method=-1%27&forum_id=60
http://www.mysite.com/forum/post.asp?method=-1%27&reply_id=1613182&topic_id=163054&forum_id=14
http://www.mysite.com/forum/post.asp?method=-1%27&topic_id=163054&forum_id=14
Their IP addresses were all different, one being 200.215.99.145 which belongs to Brasil Telecommunications and another being 92.77.253.27 which belongs to a German ISP
As far as I'm aware all security fixes are in place and there has been no disruption, but is it something I need to be concerend about or just someone passing through ?
http://www.mysite.com/forum/post.asp?method=-1%27&forum_id=14
http://www.mysite.com/forum/post.asp?method=-1%27&forum_id=60
http://www.mysite.com/forum/post.asp?method=-1%27&reply_id=1613182&topic_id=163054&forum_id=14
http://www.mysite.com/forum/post.asp?method=-1%27&topic_id=163054&forum_id=14
Their IP addresses were all different, one being 200.215.99.145 which belongs to Brasil Telecommunications and another being 92.77.253.27 which belongs to a German ISP
As far as I'm aware all security fixes are in place and there has been no disruption, but is it something I need to be concerend about or just someone passing through ?
Posted
Log out and see if the admin options, post reply, and new topic links are showing.
Posted
This links do not seem to access admin options. Probably it's just the default info shown by Active Users?
Anyway, even when non authorized users try to access admin options, AU will show them trying, but they cannot actually access them.
Anyway, even when non authorized users try to access admin options, AU will show them trying, but they cannot actually access them.
Posted
It's the first time I've seen such and they stayed 'active' for up to 2 hours then no more
Bobby, those links don't show when logged out and the 'admin options' only shows on my site when logged in and with admin status (ie mlev=4)
Rui, the links above haven't displayed properly, there was a reference to 'admin... ' in the link which seems to have been filtered out on here, hence the concern
Bobby, those links don't show when logged out and the 'admin options' only shows on my site when logged in and with admin status (ie mlev=4)
Rui, the links above haven't displayed properly, there was a reference to 'admin... ' in the link which seems to have been filtered out on here, hence the concern
Posted
Active Users is not really a good reference regarding who accesses what, since it does not determine who had access rejected because of permissions. I have also seen AU just stating Admin Options for other stuff, like the mod that allows draft creations and such.
IMO, it should be nothing to worry about, but try the links while being logged out and see what happens.
IMO, it should be nothing to worry about, but try the links while being logged out and see what happens.
Posted
I've got one now and the link takes you to the default.asp page 