Announcement

Collapse
No announcement yet.

Security problem

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Security problem

    I've got a problem at the moment in that the default "Registered User" can access any part of the forum, no matter what I do to the permissions.

  • #2
    That should not happen. Make sure that the permissions are set CORRECTLY here:
    AdminCP -> Forums and Moderators -> View Permissions.
    That's it. If you REALLY can't say ANYTHING nice to me at all on this forum, then I am going to go insanely mad at you. I've had enough of the UNTOLD ABUSE you are all giving me and you should really be CONSIDERATE of other people.

    Comment


    • #3
      Yeah, it says that "Registered Users" is set to know on "Can View Forum", yet a friend of mine testing it with a new account could still access everywhere, even when I Denied All on the permissions.

      Comment


      • #4
        Deny All denies everyone.

        If this is still not resolved, then reupload all the original vB non-image files (except install.php). Make sure you upload these in ASCII format and overwrite the ones on the server. Also be sure to upload the admincp files to whichever directory you have set in your config.php file. Then run 'Suspect File Versions' in Diagnostics to make sure you have all the original files for your version and that none show 'File does not contain expected contents':

        Admin CP -> Maintenance -> Diagnostics -> Suspect File Versions

        [Note: In some cases you may also need to remove any of the listed .xml files in the includes/xml directory.]

        Next, disable all plugins, except the official Blog and Project Tools ones from vB. Also make sure that you are running the latest version for those add-ons if you have them. Now empty your browser cache and try again.
        That's it. If you REALLY can't say ANYTHING nice to me at all on this forum, then I am going to go insanely mad at you. I've had enough of the UNTOLD ABUSE you are all giving me and you should really be CONSIDERATE of other people.

        Comment


        • #5
          Originally posted by spartan1123 View Post
          Yeah, it says that "Registered Users" is set to know on "Can View Forum", yet a friend of mine testing it with a new account could still access everywhere, even when I Denied All on the permissions.
          'Can View Forum' controls only whether a Usergroup can View a Forum, it doesn't 'lock out' them from 'any part of' the forum.
          My Live vB5 Site - NZEating.com
          vBulletin Hosting | vBulletin Services - Need hosting for your vB? Need it installed? Something else? Let me take that hassle off your hands.

          Comment


          • #6
            Can view forum is the first and top most permission. At least if we're talking about the usergroup manager.

            Comment


            • #7
              Originally posted by Zachery View Post
              Can view forum is the first and top most permission. At least if we're talking about the usergroup manager.
              I retract my former statement, I was probably thinking of Forum Permissions. I'd say the OP is too, if setting Can View Forum to No isn't working.

              This permission determines whether or not members of this group can view pages on your forum. If this permission is set to "No" then members of this usergroup will see a "no permission" screen on all of your forum pages. Generally this option is used to deny forum access for banned groups.
              My Live vB5 Site - NZEating.com
              vBulletin Hosting | vBulletin Services - Need hosting for your vB? Need it installed? Something else? Let me take that hassle off your hands.

              Comment


              • #8
                Remember: A Yes permissions ALWAYS overrides a No permission.
                That's it. If you REALLY can't say ANYTHING nice to me at all on this forum, then I am going to go insanely mad at you. I've had enough of the UNTOLD ABUSE you are all giving me and you should really be CONSIDERATE of other people.

                Comment


                • #9
                  I'm pretty rusty with this stuff, but anyway, I use vbAdvanced CMPS and reuploading these files has removed it as the previous homepage, what do I need to do?

                  Sorry for all the questions but i'm really quite bad at this.

                  Comment


                  • #10
                    Originally posted by spartan1123 View Post
                    I'm pretty rusty with this stuff, but anyway, I use vbAdvanced CMPS and reuploading these files has removed it as the previous homepage, what do I need to do?

                    Sorry for all the questions but i'm really quite bad at this.
                    Never mind i've fixed this, it's coming back to me heh.

                    Anyway, are there any permissions I may have missed or in changing settings broken something? Another problem I've had is that underneath peoples member ranks (which i've set) are additional ranks based on post counts that i've turned on by deleting something i'm sure, anyway i've found no way to remove them.

                    Also thanks for the help so far.
                    Last edited by spartan1123; Sat 10 Oct '09, 11:39am.

                    Comment


                    • #11
                      Okay i've learnt something, by changing the permissions of a user to Default in the User Manager > Access Masks it fixes it, but it seems people registering at the moment are set to Yes rather than Default, any idea how to fix this without me doing it manually?

                      Comment


                      • #12
                        I always discourage admins from using Access Masks unless there is no easy way to implement your security methods through Primary and Additional Usergroups. Access Masks can be pretty confusing as they are a master override over all existing Usergroup settings.

                        How many different forums and subforums do you need to restrict (and to how many different types of user)?

                        Comment


                        • #13
                          Originally posted by feldon23 View Post
                          I always discourage admins from using Access Masks unless there is no easy way to implement your security methods through Primary and Additional Usergroups. Access Masks can be pretty confusing as they are a master override over all existing Usergroup settings.

                          How many different forums and subforums do you need to restrict (and to how many different types of user)?
                          The problem was that the Access Mask was set to Yes on all when I checked it, once restored to Default it fixed the problem, it's how it got on all Yes that confuses me.

                          Comment


                          • #14
                            I've solved all my problems now, thanks for the help anyway.

                            Comment

                            widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                            Working...
                            X