Announcement

Collapse
No announcement yet.

Security risk through admin panel ban option

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Jake Bunce
    replied
    I tested this earlier and only banned groups were showing on my unhacked 3.6.8PL2 forum. Make sure all of your groups are not banned. Banned groups are those groups with this option set to No:

    Admin CP -> Usergroups -> Usergroup Manager -> Edit Usergroup -> This Usergroup is not a 'Banned' Group

    That is to say that all of your groups should have this set to Yes except for the banned group.

    Leave a comment:


  • Rukas
    replied
    Originally posted by Jake Bunce View Post
    Only banned groups show there. Banned groups are those groups with this option set to No:

    Admin CP -> Usergroups -> Usergroup Manager -> Edit Usergroup -> This Usergroup is not a 'Banned' Group
    Nope. All of them seem to show for me.

    Leave a comment:


  • Jake Bunce
    replied
    Only banned groups show there. Banned groups are those groups with this option set to No:

    Admin CP -> Usergroups -> Usergroup Manager -> Edit Usergroup -> This Usergroup is not a 'Banned' Group

    Leave a comment:


  • Rukas
    started a topic Security risk through admin panel ban option

    Security risk through admin panel ban option

    When my super mods are allowed to ban people, which I need because of the size of the forum, they are allowed to select what user group to put them in. This allows them to, instead of banning, for example pop them in private usergroups to access parts of the site they shouldnt or set free access to paid subscriptions etc etc.

    Why is this option even there, if they are banning someone shouldnt the banned usergroup be the only one made available?
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X