No announcement yet.

New Member Became Administrator

  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Two logos? Where, in the forum?


    • #17
      He's back. He's has been posting all of this time without incident but just today he became an administrator again. Any suggestions?


      • #18
        Check your control panel log to see if anyone has made changes to the user, might need to do a little search.

        If you have his IP you can also go through access logs within Apache and track his progress through the site that might narrow down what scripts he accessed.

        It could be anything from he's another user on your server and is exploiting you that way, there is a flaw in a plugin you may be using or there is a promotion that you've missed.

        Did you add a HTTP Authentication prompt to your admin panel?
        Scott MacVicar

        My Blog | Twitter


        • #19
          Thanks for your help. I'll check those out.

          I didn't know what you meant by, "Did you add a HTTP Authentication prompt to your admin panel?" so I assume I did not do that.


          • #20
            That's .htaccess. I'm pretty sure I suggested it
            Best Regards
            Colin Frei

            Please don't contact me per PM.


            • #21
              Maybe I did it then. I just don't know what that means. I'll go back and check the suppport ticket.


              • #22
                It's back.

                And this time a new person joined in. The new guy joined on May 3, wrote 3 innocent posts, is listed as Awaiting Email Confirmation with an additional Administrators usergroup. (I since updated user to registered with no additional usergroup).

                The log looks innocent enough. 5 action entries. 2 are viewuser, 1 avator, 3 updateavator.

                The original problem member was also back to Administrator as an additional usergroup.

                Again, it does not appear to be malicious, but rather they don't even appear to notice anything. Some other members notice the "Administrator" title and let me know. I have done very little in the way of modifications to the original templates, etc.

                Strange. No one else has seen this?



                • #23
                  You can .htaccess password protect the admincp directory for extra security until you figure out the problem.

                  Edit: Woops seems it was already suggested.


                  • #24
                    You can open a support ticket and give me access to your server and I'll try and trace the path they took.

                    I'll need the users IP address, access to server logs, and all files on your domain.
                    Scott MacVicar

                    My Blog | Twitter


                    • #25

                      i have send you an pm how to solve this issues, i have seen what the problem is.
                      Dutch vBullletin users social group!


                      • #26
                        The problem is that you have a Publicly Joinable group named: Administrators

                        I suggest removing this group ASAP.
                        Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
                        Change CKEditor Colors to Match Style (for 4.1.4 and above)

                        Steve Machol Photography

                        Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


                        • #27
                          Thanks guys! I don't know how that happened.


                          widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.