Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
how to check logs for "Private Messages" basic headers?
#1
On a small, esoteric forum, for several months, in "Who's Online" we've noticed one unknown zero-posts user logging in regularly (usually once per day), and only using the PM system.

It may be innocuous, or it might be someone evil using the forum as a "dropbox".

We're hoping there's a log file showing just non-invasive headers, including, on a per PM basis:
  • sender & recipient usernames
  • Subject
  • size
  • any file attachments
Ideally it's something that's easily grep'd. Smile

I found the plugin that lets one directly view PMs, however we'd like to start with a non-invasive Sanity Check. Smile
If this unknown is PM-ing known user(s), we'll just ask the known folks.
If it's PM-ing other unknown zero-posters, then we'll consider going invasive.
Reply
#2
(01-24-2019, 03:51 AM)Kaylee Wrote: Ideally it's something that's easily grep'd. Smile

Yeah, you won't get it. There's no headers, because it's not an email. Private Messages are stored in the database.

You could always do some database hackery. SELECT the from id and to id, and JOIN to mybb_users on those ids to give the usernames.
[Image: kAhpvOW.png]
Reply
#3
I've often seen similar behaviour on our forum, and found a bunch of wierd links in the profile pages... We ended this by restricting what fields were available in user profiles, and periodically just searching in ACP for users that had any content in those fields - and if they only had strange content, and no other activity, we deleted the accounts.

You can also create a group similar to Registered, maybe call it Probation, in which you disable PM activity, and put that user in that group as their primary group...

As for messages, the MySQL table contains the metadata (of date, from, to), and yes, also the content of the messages... you can examine the metadata without reading the content (if you avert your eyes from the message field).

If you log in to your cPanel > PHPMyAdmin > your MyBB database > users table, and find that user by name, you'll find their "uid" value. 

Then if you go to the privatemessages table, search the uid or fromid or toid fields for that uid value, and it will return any PMs by or to that user, and you can see what is going on. It will show drafts too - in the event that a PM is never actually sent. You don't have to read the message to see. The dateline is the Unix date - which you can copy and paste in to any conversion tool (just google it). The latest messages are at the end.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)