Announcement

Collapse
No announcement yet.

Users logged in as another member

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Users logged in as another member

    Some of my members have reported to me that they go to my forums and say they are instead shown as logged in as another member.
    One has also mentioned that he clicked on the pm portion and can see the pms of that user.

    Now the board i am using is hacked, but only with basic hacks like template editting and some modified files but nothing is touched in the db ( no tables etc added ).
    Was previously from phpbb after which i imported all the user db and posts across.
    Was totally unaware of these 'security errors' i am facing till it was happened to be brought up by 3 of my members with different systems and different locations.

    My board is hosted on a unix server, php version 4.1.1 , mysql version 3.23.54.
    vbb version 2.2.9

    Is there anyone who has faced this problem and/or can help me out here ?
    Am pretty puzzled at this , cos i personally have not experienced this and am not sure also how many other members could be facing this problem which i may not know of.

    Any kind of help would be greatly appreciated !
    vbArticles.com, now open!
    Content Management for vBulletin, made easy

  • #2
    This only happens when they are accessing your forums from behind the same proxy server as the other member. To solve this, have them set both these options to 'yes':

    - Automatically login when you return to the site? (uses cookies)
    - Browse the board with cookies
    Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
    Change CKEditor Colors to Match Style (for 4.1.4 and above)

    Steve Machol Photography


    Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


    Comment


    • #3
      Originally posted by Steve Machol
      This only happens when they are accessing your forums from behind the same proxy server as the other member. To solve this, have them set both these options to 'yes':

      - Automatically login when you return to the site? (uses cookies)
      - Browse the board with cookies

      Hi Steve, thanks for the reply

      Have asked those members and apparently they have both those options set at YES.

      So what other options are there ?
      Have happened to come across other cases of similiar problems here .. could it be possible its a vb problem ?
      Anyone reported this on a nonhacked board ?

      Btw if its a known problem about using the same proxy server, its quite a serious flaw dont you think ? Cos where i come from , we only have a few ISPs which most people connect to , either on dialup or on broadband. So most would probably be using the same proxys for http.
      vbArticles.com, now open!
      Content Management for vBulletin, made easy

      Comment


      • #4
        Then have them try changing those settings to see if they can find a combination that works. There's not a lot we can control when users are accessing from behind the same proxy.
        Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
        Change CKEditor Colors to Match Style (for 4.1.4 and above)

        Steve Machol Photography


        Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


        Comment


        • #5
          Originally posted by Steve Machol
          Then have them try changing those settings to see if they can find a combination that works. There's not a lot we can control when users are accessing from behind the same proxy.
          And thats the best solution there is ????
          vbArticles.com, now open!
          Content Management for vBulletin, made easy

          Comment


          • #6
            That's the only one I can offer. Maybe one of the Developers would have another idea but for now this is the only thing I can suggest.
            Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
            Change CKEditor Colors to Match Style (for 4.1.4 and above)

            Steve Machol Photography


            Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


            Comment


            • #7
              Originally posted by cinq
              And thats the best solution there is ????
              Afraid so.... This problem was reported a year ago.
              http://www.vbulletin.com/forum/showt...5&pagenumber=1

              Apparently, you'll have to learn to live with it.
              Last edited by banjolawyer; Tue 17th May '05, 2:55pm.

              Comment


              • #8
                Originally posted by banjolawyer
                Afraid so.... This problem was reported a year ago.
                http://www.vbulletin.com/forum/showt...5&pagenumber=1

                Apparently, you'll have to learn to live with it.

                Man, doesnt that make vb highly insecure in a way....

                banjolawyer, was/is your board hacked ?

                No response from the developers on this issue ?
                Steve, i know you are trying your best to support all threads in here, is it possible to get them to look into this ?
                vbArticles.com, now open!
                Content Management for vBulletin, made easy

                Comment


                • #9
                  Actually I have an answer. Backup your database, then run these queries:

                  UPDATE user SET cookieuser=1;
                  UPDATE user SET nosessionhash=1;

                  And clear the session table:

                  DELETE FROM session;

                  Then set no-cache header On in your Admin CP:

                  Admin CP -> vBulletin Options -> HTTP Headers and output -> Add No-cache headers -> Yes
                  Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
                  Change CKEditor Colors to Match Style (for 4.1.4 and above)

                  Steve Machol Photography


                  Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


                  Comment


                  • #10
                    I had two people complaining about it as well in my board. The problem appeared to be with their ISP though -- the cheap bastards cache PHP pages, which is really wrong! Nothing you can do to fix it, unless you want to plant a random tag in all the URL's...
                    My hacks: [ Remove redirection pages ] [ Add static counter to each post ] [ Forum jump depth level ] [ Add attachment on edit post ] [ Update user title on ban ] [ Override cache when viewing attachments ] [ Search templates by title ] [ Rename thread on reply ] [ Forum introduction ]

                    Comment


                    • #11
                      Hence is it safe to assume that ALL installations of vB should face this problem should there be any 2 users behind the same proxy at any one time ?

                      Please revert on this anyone , so that i know its not a fault on my part.
                      Or if otherwise, might have to find some kind of solution for this.

                      Its bugging me and my users out to be logged in as someone else.......really need some clarification on this..

                      Many thanks
                      vbArticles.com, now open!
                      Content Management for vBulletin, made easy

                      Comment


                      • #12
                        Did you follow the instructions I posted above?
                        Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
                        Change CKEditor Colors to Match Style (for 4.1.4 and above)

                        Steve Machol Photography


                        Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


                        Comment


                        • #13
                          Originally posted by Tommy Boy
                          I had two people complaining about it as well in my board. The problem appeared to be with their ISP though -- the cheap bastards cache PHP pages, which is really wrong! Nothing you can do to fix it, unless you want to plant a random tag in all the URL's...
                          How would you go about doing this?
                          vBulletin - Sometimes, I'm just like, Wow, and then I'm like, Whoa, and then I'm like, Damn.

                          vBulletin.org's ol' Moderator

                          I have a lifetime terrorist hunting permit - #091101

                          chmod a+x /bin/laden -- Allows anyone the permission to execute /bin/laden

                          Comment


                          • #14
                            Hi cinq, having the same problem as you....
                            did you try the solution as suggested by steve and what was the outcome?

                            Comment


                            • #15
                              Originally posted by banjolawyer
                              Afraid so.... This problem was reported a year ago.
                              http://www.vbulletin.com/forum/showt...5&pagenumber=1

                              Apparently, you'll have to learn to live with it.
                              Live with it???

                              I just had 2 different users telling me they are viewing one another's PM and one of them is a moderator, meaning the normal member is able to view the moderator Forums!

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...
                              X