Announcement

Collapse
No announcement yet.

Security/Permissions concerns

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Security/Permissions concerns

    I have a few protected forums on my site. I noticed something strange today right after posting a thread within the protected forum. No more than 10 minutes after I had posted, there was a guest user hitting that thread (and apparently getting an error message). How would someone be able to see that the thread exists without even having access to the forum? Should I be concerned that my permissions aren't set up correctly? Here is a screenshot of who's online:

    http://aciurczak.smugmug.com/photos/43545713-L.jpg

    The Guest user at the bottom, from IP address 66.X.X.X, is attempting to view the thread but apparently getting an error message. I have no user on the board that has ever come in from 66.anything, so I doubt it is a user that just forgot their password a minute after logging in successfully and seeing the thread. Any ideas out there?
    www.montgomerybikers.com / www.ninjette.org / www.cal24.com

  • #2
    Perhaps you have it setup that the forum is visible to guests, but not the thread contents.

    You can use the AdminCP > Forums & Moderators > View Forum Permissions > feature to check the permissions for can view forum and can view thread for all usergroups and see what might be wrong.

    Comment


    • #3
      Hi Floris -

      Thanks for the suggestion; I rechecked the permissions and everything looks fine to me. Here is a picture of the permissions for that particular forum. As far as I can tell, the solid circles mean the groups within have at least some permissions, and the open circles mean that the group has zero permissions. I went into each user group under Clubhouse to confirm this. Strange, isn't it? I guess someone could be looking at a random thread#, and that happens to be in that protected forum, but it's an awful big coincidence, just 10 - 15 minutes after that post was entered.

      http://aciurczak.smugmug.com/photos/43670429-L.jpg
      www.montgomerybikers.com / www.ninjette.org / www.cal24.com

      Comment


      • #4
        That's not what I meant, I meant admincp/resources.php

        Comment


        • #5
          Seems OK:

          www.montgomerybikers.com / www.ninjette.org / www.cal24.com

          Comment

          Loading...
          Working...
          X