Announcement

Collapse
No announcement yet.

malicious user(s) able to see IP of members

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • malicious user(s) able to see IP of members

    There are user(s) who are able to see my member's IP's. They are using this information to harass my members.

    1) I've followed the security guides and done basic checks for malware. Admin and mod areas have been hardened with long .htaccess passwords for 2+ years, install folder deleted long ago, all plugins and templates checked for any malicious base64 code, etc.

    2) Only the admin group has access to IP's.

    3) I log the ip of each user who logs in, all admin logins appear normal. No strange IP's.

    4) Running 4.2.2 PL4


    Any ideas?
    Last edited by sub_ubi; Wed 14 Oct '15, 7:29pm.

  • #2
    An image showing up in the server logs doesn't mean that the IP has been viewed.
    A default vBulletin installation does not give visibility to any user IP unless permissions to see them have been granted.

    How do you know that anyone has taken an IP from your vBulletin installation, and used it to harass your members? What exactly is meant by this anyway? Knowing someone's IP doesn't mean you can harass them....you can find out very little of note from an IP address alone.
    MARK.B | vBULLETIN SUPPORT

    TalkNewsUK - My vBulletin 5.6.2 Demo
    AdminAmmo - My Cloud Demo

    Comment


    • #3
      Originally posted by Mark.B View Post
      An image showing up in the server logs doesn't mean that the IP has been viewed.
      A default vBulletin installation does not give visibility to any user IP unless permissions to see them have been granted.

      How do you know that anyone has taken an IP from your vBulletin installation, and used it to harass your members? What exactly is meant by this anyway? Knowing someone's IP doesn't mean you can harass them....you can find out very little of note from an IP address alone.

      Thanks for the fast response.

      The users are harassed by a game administrator who bans them from the game, because they come to this forum. He uses the IP to identify them.

      Could this be a XSS or CSRF attack? I ask because the
      Code:
      data:image
      are quite rare in our logs, and we have 1000's of active users. They only appear when other odd things happen, like the ip-40.png image being served.

      Comment


      • #4
        There is no security issue that would allow users to collect IP addresses.

        The type of thing you mention has been seen many times before, the most usual cause is that the game administrator is able to connect a username from your forum with a username on his game platform...or something else (eg avatars, locations, profiles...anything that's visible to guests).

        In effect they take an educated guess, in relatively small community circles they are generally right in a lot of cases.
        MARK.B | vBULLETIN SUPPORT

        TalkNewsUK - My vBulletin 5.6.2 Demo
        AdminAmmo - My Cloud Demo

        Comment

        widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
        Working...
        X