Jump to the post that solved this thread.
Solved: 2 Years, 11 Months, 1 Week ago Cookie / Cache problem, forum is mixing users
#1
Solved: 2 Years, 11 Months, 1 Week ago
Hi everyone,

I've ran into a problem with my forum yesterday.
There are 1600 users in total, 5-10 active at a time. It seems that when people access the forum they appear logged in as other user (probably one that was recently online too). Forum was working fine for almost whole year.

Link to the forum: http://forum.district-rp.pl
I'm using the newest MyBB version (1.8.15).


I thought it was a cookie problem, so I've changed the settings and tried many configurations - that didn't fix anything. Then I thought it has something to do with the database so I copied it and installed fresh MyBB on my localhost machine and imported the database.

Everything works fine on localhost after importing the whole database (except from template, it shows an error in index.php file and cannot continue), I can log in / log out of accounts and there is no problem with mixed user sessions.

I've recounted & rebuild everything, rebuild the forum's cache and problem still persists.
I've also truncated mybb_sessions table.
Thought this might be to a wrong SSL config, so I've disabled it too..

Situation got worse today, users can't log in because they get an error message saying that username or password is incorrect. When I switch templates, they switch back and forth every couple clicks. Same thing happens in ACP, every couple clicks I have to log in again, and I have to save settings few times so they actually save.

Can anyone tell me what might be the problem?
Is it possible that the database got corrupted? Maybe the hosting is to blame for some sort of caching? Or is it possible that when I was upgrading the forum I've made some mistake in template that can cause these problems?

I'm really confused right now, especially because the problem came out of nowhere, there was no changes made to forum templates / styles or settings recently.

Forum is now blocked by .htaccess because it seems like a big issue, but if anyone is willing to help I can either give your IP access in .htaccess or simply open the forum for some time.


I'd really appreciate any help!
Reply
#2
Solved: 2 Years, 11 Months, 1 Week ago
1. You have cloudflare?
2. If it's cookie or cache problem try following this.
https://community.mybb.com/thread-42123.html
3. Could be host related happened to me once then I found out my host servers were kinda down.

You could try contacting your host but first try following this..
https://community.mybb.com/thread-42123.html
Do NOT PM me for support unless I ask you on your support thread.
Reply
#3
Solved: 2 Years, 11 Months, 1 Week ago
(2018-05-24, 06:04 PM)Livewire Wrote: 1. You have cloudflare?
2. If it's cookie or cache problem try following this.
https://community.mybb.com/thread-42123.html
3. Could be host related happened to me once then I found out my host servers were kinda down.

You could try contacting your host but first try following this..
https://community.mybb.com/thread-42123.html

Thanks for the answer. 

There is Cloudfare in my cPanel, but once I open it it tells me I have to make an account or login, so I assume it is disabled. 

I've went through the thread you've posted couple of times with many cookie configurations and I've removed settings.php, let it recover and it's still not working. Even tried to change settings manualy through phpMyAdmin

I've contacted my host but it always takes 2-3 days to get a response.. taking that into consideration and the fact my host is kinda cheap they might have switched on some kind of "Cache Mode" due to some bandwidth peaks or amount of queries the forum makes. Amount of active users raised just recently. 

Other strange thing I've noticed is that even if I close the forums, they remain open for some users and for some partially open, depending where they navigate.

Anyway, if anyone has any ideas let me know.
Plenty of time before I hear from my host so..
Reply
#4
Solved: 2 Years, 11 Months, 1 Week ago
Hello!

I also went through this attack in the last two days.

Here is my discussion:

https://community.mybb.com/thread-217711.html

Try changing the security question to a better one ,enable recaptcha and using cloudflare,i also activated .

You need to make an account on cloudflare and then you can activate it via Cpanel.

I made this account when i bought the hosting and they helped me in making it.Yesterday i just activated it and till then things are running better.

I have never faced similar things before.

You may try reparing your database via cpanel.

On my forum, when i saw the attack, wanted to post something on shoutbox on my forum and what i saw that i was posting with some other username and not with mine.I reloaded the cache then it was ok.

Regards!
Reply
#5
Solved: 2 Years, 11 Months, 1 Week ago
This user has been denied support. This user has been denied support.
You should change your password, and change all user passwords, too.

Delivering content meant for another user is sensitive, it contains the post key which could be used to perform actions such as deleting posts without your consent.

Unfortunately post keys are very static in MyBB, it never changes unless you change your password (changing to the same password you're already using, works too).

They should be rotated by the hour or something, even if that means clicking on a delete post link in a tab that has been opened for too long won't work for you anymore.



Get rid of that cache even if it means switching hosts.
Reply
#6
Solved: 2 Years, 11 Months, 1 Week ago
For mixed sessions see https://community.mybb.com/thread-208648...pid1265640 and https://community.mybb.com/thread-210779...pid1275204
devilshakerz.com/pgp (DF3A 34D9 A627 42E5 BC6A 6750 1F2F B8AA 28FF E1BC) ▪ keybase.io/devilshakerz
Reply
#7
Solved: 2 Years, 11 Months, 1 Week ago
(2018-05-24, 10:47 PM)Devilshakerz Wrote: For mixed sessions see https://community.mybb.com/thread-208648...pid1265640 and https://community.mybb.com/thread-210779...pid1275204

I have set No Cache Headers and user's IP adress in HTTP to Yes. No more problems with password mismatch or pages showing up as not found, but users still log in as others.

I guess it has something to do with Varnish. It actually looks like it.
After I hear from my host I will let you guys know what they said.

Thanks for all answers.
Reply
#8
Solved: 2 Years, 11 Months, 1 Week ago
Yup, sounds like another Varnish configuration issue.

It's similar to an issue Steam had a while back - it was caching the account page when someone logged in, and serving the same page to everybody, then the cache would expire after 1 second, 60 seconds or whatever, then cache someone else's account page, and serve that to everybody.

Essentially if it caches a page based on the URL, and doesn't have any awareness that page isn't always going to be the same for everybody despite being on the same URL, then this issue happens, and it'll just show the page of whichever user happened to load the page at the right time to refresh the cache.

A lot of hosting companies add this sort of thing for performance - if whole pages are being cached, it means fewer requests to the web server, which means there's more resources available to cram more hosting accounts on it. It's an issue when hosting companies roll this out to their servers but they're not set up to cater for sites like forums where every user will see something different on the same URL, it may work fine for static pages but on a forum, pretty much no page is exactly the same for two users.
MyReactions - All Plugins

Can you still feel the butterflies?

Free never tasted like pudding.
Reply
#9
Solved: 2 Years, 11 Months, 1 Week ago
Thanks for your answers guys, helped a lot.

I haven't heard from my host since I've created a support ticket regarding cache issues, so I've decided to change hosts - when I did so it turned out that my new host doesn't accept remote database connections which I need (they told me once I've already bought the host and created a database...), so I've decided to never use any hosting provider ever!

So I took the matter into my own hands, bought a VPS server and installed MyBB on it. Took me whole night because I'm a noob when it comes to linux but I've finally configured it to almost work perfect.

https://forum.district-rp.pl

Forum works great since then and way faster - so yeah, it was due to bad hosting.
Thank you all for help!
Reply
#10
Solved: 2 Years, 11 Months, 1 Week ago
This user has been denied support. This user has been denied support.
Out of curiosity, what remote database connections are involved there?

Ideally database and webserver should be on the same machine, which makes it a local connection...

Database remotely over some network... you have network lag, per query, so it adds up. You might have bandwidth issues too. Application that run on distributed server clusters require different optimization than single server.
Reply
Jump to the post that solved this thread.


Forum Jump:


Users browsing this thread: 1 Guest(s)