Not Solved [Security] Users can login to admin account?
#1
Not Solved
Hello,

I just been contacted by a user who don't know my password then after that I was randomly logged into his account as a user??

Whats going on here and they refresh the page, and they are logged into another user account out of the blue
Reply
#2
Not Solved
most probably the issue is related to cache / cookies configuration set by your web server.
you may PM me temporary access to forum admin panel & files (FTP) to check it
Reply
#3
Not Solved
What's your host name!

how lame of such hosting company
Developing Plugins [font=Courier New]開発プラグイン[/font]
Reply
#4
Not Solved
(2016-05-28, 03:59 AM)Donald_Duck Wrote: how lame of such hosting company

Oh ferchrissake. 

It's not a host fault. The host provides the server - and in a lot of cases has *no* control over the content. It's not their fault. Think before you post.
Reply
#5
Not Solved
hosting providers don't have access to change cookie URL or any other settings, they can change the IP to the server or the whole server but not the specific setting of the board so it can't be from hosting provider, it can be caching issue or maybe something else.
[Image: cafaf18ba2.gif]
FileSquid is under development
[Image: trk1]
Reply
#6
Not Solved
(2016-05-28, 03:59 AM)Donald_Duck Wrote: What's your host name!

how lame of such hosting company

OVH, it's not the hosting fault because I've always used them, but for some reason its just start doing this..

It could be this proxy service I bought called sucuri not too sure...
Reply
#7
Not Solved
If you mean anyone can login to admin, regardless  of the password, Then I had this exact problem. You will have to make a new database or clear your current one and repeat the installation process. This fixed my problem. I dont know how inconvenient  it is for you though


Reply
#8
Not Solved
users appear as logged in with other users' accounts due to some weird cache from the web server / proxy server.

as I noticed many times, it happens only at the front end (forum)
a normal user cannot easily log into forum admin panel without proper credentials
(though user might appear as a admin)
Reply
#9
Not Solved
I agree it may be a common issue, this happened due to me reinstalling without clearing the DB first in phpmyadmin . I use Godaddy for my hosting plans and FTP via filezilla. So instead of going through the site, I deleted it off my server and reinstalled it thinking I could keep my old DB. Note that everything you have done will be scrapped because you would need to clear the DB and do a clean install, unless M can advise a way of backing up and installing/re-installing?

Oh and I logged into admin with no password m :/


Reply
#10
Not Solved
(2016-05-30, 06:09 AM).m. Wrote: users appear as logged in with other users' accounts due to some weird cache from the web server / proxy server.

as I noticed many times, it happens only at the front end (forum)
a normal user cannot easily log into forum admin panel  without  proper credentials
(though user might appear as a admin)

Reminds me of the April Fools Day joke a couple of years ago where everyone could see the MCP here. It shows, but can't be accessed.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)