I have just installed MyBB1
The installation went fine! But when I was looking one of my friends was able to get assses to my forum admin panel by just typing in
http://mysite.com/admin And the panel came up for him!
It said he was logged in as admin!
What can I do? Is this a problem with the software?
Help needed!
hello there,
is he a registred member, or does he belongs to any group in ur forums?
regards
No, no user has signed up! All he types in is
http://mysite.com/admin and he can change all the settings! I have had to add password protection on thr admin folder
Could that be a cookie problem?
Btw, this forum software creates cookies at client's PC without informing him about that. That is a great security leak. Think about public PCs (such as internet-cafe PCs).
I have not enabled the cookie on the forum
Quote:Btw, this forum software creates cookies at client's PC without informing him about that. That is a great security leak. Think about public PCs (such as internet-cafe PCs).
As do the majority of other discussion systems. It is NOT a security leak/problem either. If you expect any decent web application to be compatible with the majority, and retain logged in users over a period of time, you can expect to use some sort of cookie based system.
ipodman, the only thing I can think of, if it said he was logged in as 'admin' was that he:
- Guessed your password
- Has existing cookies for that copy of MyBB as an admin on that machine.
No, my friend has nenver been on the site and has never signed up!
Are you able to provide me with a link so I can take a look myself?
You can send it in a private message if you don't want it publicly disclosed.
Regards,
Chris