Hello I am on MyBB 1.6.10 and I am having an issue with a user who is using proxies to evade bans and harass other members. While that in itself is troubling the most distressing part of this situation is the user is somehow figuring out the IPs of other users and the harassing member has been using said geolocation information combined with general internet sleuthing to dig up personal information to use in his harassment.
In taunting posts against the forum staff he has called our forums security "pathetic". In one example he found out what school one of our members through the university IP he was on, googled the username to find the person's real name, and when combining the two was able to pull a photo of the person off the school website to make fun of her with.
While the last bit can't be prevented he claims to be able to see user IP addresses. Is there any setting on MyBB that we might have mis-configured that might be leaking one user's IP to another?
Please verify that the member is not part of any user group that has moderator or higher ability. You can see this in the ACP when you view/edit the user. Check both user group, additional groups and display group.
Also, create a new user with the same group he is in and then browse your forums with that to see if you have a template issue where IPs are being posted.
Otherwise, it is possible that this user has simply googled the username of the other person and found her on other sites listing her school or other personal details.
There are ways to get user IPs, they exist in every modern forum software though.
(2013-11-20, 07:42 PM)Rymax99 Wrote: [ -> ]There are ways to get user IPs, they exist in every modern forum software though.
but only if that user insets or quotes an image or otherwise uses a track-able item from the malicious users server or someplace they can view logs, etc.. there is always the email thing but that is not related to the forum
(2013-11-20, 06:06 PM)Ariolander Wrote: [ -> ]Hello I am on MyBB 1.6.10 and I am having an issue with a user who is using proxies to evade bans and harass other members. While that in itself is troubling the most distressing part of this situation is the user is somehow figuring out the IPs of other users and the harassing member has been using said geolocation information combined with general internet sleuthing to dig up personal information to use in his harassment.
In taunting posts against the forum staff he has called our forums security "pathetic". In one example he found out what school one of our members through the university IP he was on, googled the username to find the person's real name, and when combining the two was able to pull a photo of the person off the school website to make fun of her with.
While the last bit can't be prevented he claims to be able to see user IP addresses. Is there any setting on MyBB that we might have mis-configured that might be leaking one user's IP to another?
could this be someone you know ?? it is simple to preport to be someone else (If have known moderators/admins abuse their power & hide behind a proxy). This means your site security may be spot on, the user is abusing their privs, getting there ip information from your site then using the proxy to hide their real identity to cause havoc why not remove certain privs from members who can access the mod and/or admin cp so only you can see ip's etc.
I am not sure if this is a coincidence but on certain threads, where the suspicious members have posted I have seen strange text appearing before the <!DOCTYPE html of the page.
Example:
http://utaforum.net/thread-please-read-b...hat?page=2
There is a "hi" appearing before the page starts and I am not seeing it as part of my theme.
Was I somehow compromised and said user injecting code into MyBB?
(2013-11-20, 07:50 PM)pavemen Wrote: [ -> ] (2013-11-20, 07:42 PM)Rymax99 Wrote: [ -> ]There are ways to get user IPs, they exist in every modern forum software though.
but only if that user insets or quotes an image or otherwise uses a track-able item from the malicious users server or someplace they can view logs, etc.. there is always the email thing but that is not related to the forum
Yeah, pretty much. The theoretical approach to finding another users IP would be for you (attacker) to send the other person (victim) a PM with an image embedded in it that the attacker hosts. When the victim opens the message the image is loaded the their IP is now logged on the attackers server. So the only real thing that can be done is disabling all image embeds and externally hosted avatars.
(2013-11-21, 06:56 AM)Ariolander Wrote: [ -> ]I am not sure if this is a coincidence but on certain threads, where the suspicious members have posted I have seen strange text appearing before the <!DOCTYPE html of the page.
Was I somehow compromised and said user injecting code into MyBB?
Try running file verification form the admin panel.
(2013-11-21, 10:18 AM)Cameron:D Wrote: [ -> ] (2013-11-20, 07:50 PM)pavemen Wrote: [ -> ] (2013-11-20, 07:42 PM)Rymax99 Wrote: [ -> ]There are ways to get user IPs, they exist in every modern forum software though.
but only if that user insets or quotes an image or otherwise uses a track-able item from the malicious users server or someplace they can view logs, etc.. there is always the email thing but that is not related to the forum
Yeah, pretty much. The theoretical approach to finding another users IP would be for you (attacker) to send the other person (victim) a PM with an image embedded in it that the attacker hosts. When the victim opens the message the image is loaded the their IP is now logged on the attackers server. So the only real thing that can be done is disabling all image embeds and externally hosted avatars.
Yep. Though I don't think it's a good idea to say that around here, just gives attackers the know how to do it.