| Author |
 Topic Search  Topic Options
|
KnightBurner 
Newbie
Joined: 11 January 2004
Location: United States
Status: Offline
Points: 3
|
 Post Options
 Thanks(0)
 Quote  Reply
 Topic: Security Question
Posted: 11 January 2004 at 12:40am |
I have the forums on my website, the 7.6 version, and I think there is a flaw in the quick login, anyone that types in a username and password on there gets logged in, even if they have no account, and when you click on the name of them on the active users list at the bottom, it comes up "no user profile available", DUNGNGUYEN is the name of the main person that has done it several times now, even though as far as I can tell they have not been able to access anything, it still seems like a security problem.
Any questions, or comments you can give me as to this?
|
 |
WebWiz-Bruce
Admin Group
Web Wiz Developer
Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844
|
Post Options
Thanks(0)
Quote Reply
Posted: 11 January 2004 at 4:30pm |
|
This should not be possible, if it where there would be a flood of posts on this issue within hours.
Check that you don't have corrupted files, that your security settings
for forums are correct (eg. you don't have guest posting enabled,
etc.), and that you are not running a modded file that is corsing this.
|
|
|
|
WebWiz-Bruce
Admin Group
Web Wiz Developer
Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844
|
Post Options
Thanks(0)
Quote Reply
Posted: 11 January 2004 at 4:32pm |
|
Also please note that if you are suing a free web host the active users
list needs to be disabled in the admin area as it won't work correctly.
The reason for this is that on free hosts you share the ASP application
with other sites on the server, so if someone else is running the forum
then the active users list will show data that is for their forum.
|
|
|
|
KnightBurner
Newbie
Joined: 11 January 2004
Location: United States
Status: Offline
Points: 3
|
Post Options
Thanks(0)
Quote Reply
Posted: 13 January 2004 at 11:00pm |
|
Well I am using a free host, but this problem has not arisen at all, and guest permissions are all off, I have it set that you must be registered to view any part of the forums, all I know is that over a period of about 15 minutes, this name was on the active users list, and said to be logged in, and then it dissapeared, so I don't know, nothing on the forums has a modded file except a few changes I made in the skin file.inc to change some of the colors and images around, that was all.
|
|
WebWiz-Bruce
Admin Group
Web Wiz Developer
Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844
|
Post Options
Thanks(0)
Quote Reply
Posted: 14 January 2004 at 5:54am |
You need to follow the install instructions for free web hosts:-
http://www.webwiz.net/web_wiz_forums/docs_free_host_in stall.asp
The active users feature needs to be disabled on free web hosts, this
is because free web hosts share application veraibles between all users
on the server, so if someone else is using web wiz forums on their site
on the same server you will also see active users for that persons
forum.
This doesn't effect security.
Edited by -boRg-
|
|
|
|
KnightBurner
Newbie
Joined: 11 January 2004
Location: United States
Status: Offline
Points: 3
|
Post Options
Thanks(0)
Quote Reply
Posted: 15 January 2004 at 11:04pm |
It's ok, I am getting a new server now, so I am going to end up moving all the files and starting the forums from scratch, thanks for your time though, I really appreciate it. 
|
|
