1
biomech
User Posting Under My Account
  • 2006/5/30 8:27

  • biomech

  • Not too shy to talk

  • Posts: 161

  • Since: 2002/2/25


Hi,

I'm having a situation where a user has just made a post which appears to have been posted by my user (admin). Are there known bugs which enable people to do this? For now I've banned the IP address, and will change my password as well, but I wonder if there's something I can do to keep this from happening again. (Its happened once before as well, but subsided after I banned the IP.)

Thanks,

- b -

2
kutovoy
Re: User Posting Under My Account
  • 2006/5/30 9:39

  • kutovoy

  • Just popping in

  • Posts: 17

  • Since: 2005/7/11


No XOOPS version specified, no info about in which module user posted/for which item comment posted, nothing, just a question...

Please specify for XOOPS devs at least:

xoops version, and where user posted...

3
bluenova
Re: User Posting Under My Account

Have you changed you password? Remember that when logging into XOOPS (and most user based websites) your password is not sent over a secure connection, so anybody with the know-how could see the password.

4
tripmon
Re: User Posting Under My Account
  • 2006/5/30 14:10

  • tripmon

  • Module Developer

  • Posts: 462

  • Since: 2004/2/28


Unfortunately banning the ip may not do you much good depending on if the malicious user is using a static ip or not...

You can implement SSL for login which would help... search xoops.org for ssl for more info.. (admin/prefs/ general prefs)

There are a number of ways aside from packet-sniffing that this could happen as well depending on your configuration.

You may want to try the protector module from GIIJOE:
peak.ne.jp/xoops/

GL

Login

Who's Online

240 user(s) are online (161 user(s) are browsing Support Forums)


Members: 0


Guests: 240


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Apr 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits