Cookie question for a nonmember

  • Time
  • Show
Clear All
new posts
  • knigwhil
    New Member
    • Sep 2004
    • 6
    • 3.5.x

    Cookie question for a nonmember

    I am having a problem with an Admin. that runs another vB site. He is not a member on my site. Several of the members that are on mine are also members on his. He says that he gets on my site everyday somehow by using my sites cookies. From what I can gather, when a member leaves my site then goes to his, he then gets the cookie to my site, puts it in his computer and uses that to gain access onto mine.

    Is that possible? If so, what can I do to stop this?

    My forums are not viewable to guests, everyone has to login before they can see anything. I have also removed the archive button. I have this person's IP banned as well.

    I'm not sure what else I can do to stop this person from getting on my site. He is more knowledgeable then I am when it comes to computers and vB.

    I have a licensed copy and am using 3.0.5.

    Any help would be much appreciated, thanks in advance
    Last edited by knigwhil; Mon 17 Jan '05, 1:20am.
  • Andy Huang
    Senior Member
    • Feb 2004
    • 4602

    Theoretically speaking, it may be possible to rewrite a custom php script that sets the cookies for a different domain with the data of his domain, and thus 'login' under a different user. However, since cookied passwords are MD5 encoded with your license number, as well as the user's password hash, unless he's got your license number, AND he somehow manage to get the randomized salt from your database of each user, AND the user uses the exact same password, it shouldn't be possible. So, assuming you are not both using the exact same nulled script, your cookie setters should already prevent such from happening...

    Best Regards,
    Andy Huang


    • Colin F
      Senior Member
      • May 2004
      • 17689

      Just want to mention that simply removing the archive button won't make a difference if he calls it up through the URL.

      Then again, as Alfarin said, I don't think he should be able to log in on your board, because of all the checks he would have to bypass.

      How do you know he is getting onto your forum?
      Best Regards
      Colin Frei

      Please don't contact me per PM.


      • knigwhil
        New Member
        • Sep 2004
        • 6
        • 3.5.x

        Originally posted by Colin F
        How do you know he is getting onto your forum?
        Thank you for the replies.

        My membership list was posted on his forum and he freely admits to doing that and also getting on to read mine everyday. There have also been several times where quotes from my forum have been posted by him on his forum. He does this somehow by using my sites cookies.

        There has to be a way to keep him off since he doesn't have a membership and assuming he isn't using someones user name and password.

        Any more ideas?

        Last edited by knigwhil; Mon 17 Jan '05, 5:15pm.


        widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.