You need to find the ip address he is using. This should be apart of the posts he is creating. Check the admin panel and look for ips in the users he uses.
Once you have his ip you need to find your sites' access logs. These should be available from your hosts or whatever web panel (eg Cpanel) you use. Once you have your access logs, open then in notepad or smiliar, and find the ip you found. You'll need to send the releveant lines to one of the developers so we can fix the problem. Please don't post them here for all to see.
zaher1988 Wrote:ip ban isn't the fix we look after, we need more info from camron to determine, wether it is a mistake he did, let's say impropriate permissions, or a failure from mybb software side (with i really doubt).
That might be why I said "This would stop him for now at least
until you can figure out how he's doing this."
Of course the problem should be solved, but in the meantime while we're sitting here scratching our heads, his forum is laid bare to a malicious person. Securing his forum should be top priority, by any means. I certainly wouldn't leave my forum vulnerable while I tried to figure out the cause.
I have banned his IP MULTIPLE times, but as it is dynamic (changes right?) he just keeps on coming back. His IP is from malaysia. I can see that because in our staff center chat he logged into my account and edited a another admin account and I say it says edited by me and ip logged, so I see the ip and blocked but he is still coming back. I really don't know what to do. Maybe it is failure of this board although I have no idea. I just don't want him to access admincp and delete all posts. Forum is a good size right now.
Ok, have you had to changed your password because you found that you password isn' the same, and you cannot login ?
Camron, I'm not referring to banning his IP in the software. He could just get a new IP or use a proxy to get around that easily. In your webhosts control panel (for the site, not the one for MyBB), you should have somewhere an option to put a password on a directory. If you use this to password protect the /admin/ folder in MyBB, he won't be able to get into it. Even if he can login to your account, he won't be able to get past that directory level password. This won't stop him from making changes on the forum with your moderator powers, but it can at least prevent him from making drastic changes to the forum (such as deleting forums, altering settings, etc).
This is, of course, only a temporary solution. Someone in this thread suggested that you send your site logs to the devs and I agree that that is a very good idea. In the meantime, would you mind posting your forum URL here? I'd like to try to break into your AdminCP myself to see if I can replicate whatever he's doing.
ok but this is still not solving the problem that he is logging into our admin accounts and posting with it...
You can always change this user's password and see what happens, or delete his account.
Cameron, banning his IP is useless. You can use proxies to bypass that easily. However, the IP is useful because you can get the logs related to that IP. Send the logs with this users' IP to me/one of the devs. Then we can try to fix it.
Other things to do (if not already metioned)
- Add a .htaccess to your admin folder
- Change your admin folder location. Rename it to either a random string, or admin_xxx, changing xxx to a number/string. If you do this, you will need to change the appropriate value in inc/settings.php to make sure it points to the new admin folder
If the user is getting in some other way (than the admin folder), you WILL need to send us your logs to fix the problem.
(Sorry if you have already sent the logs to someone)
And i'm still waitting for carmon to answer my question
I can log in fine. And he isnt a user in our forum! He just keeps on using our accounts in the staff section and editin our post's etc. Its getting crazy! I change the file name, add htacess, nothing, he can still access! WTF...