IntegraMOD

[HBAndrew]

Go to last posts

Hey guys, recently had a user complaining they were banned, checked the database but no mention of their IP. I then logged out and got the same problem. I am now unable to login because it's constantly saying I am banned and some errors. However I am temporarily logged in on the old site URL which expires in November so like 4 days or so before I am permanently logged out ][flash=,:3ttz1onb]http://img155.imageshack.us/img155/5540/bannedzn4.th.jpg[/flash:3ttz1onb][/url]

Thanks

[CaNNon]

Looks like ctracker is banning everything, you can see it on the top right.
even if i load your page i get banned.

Are you the only admin and only you have FTP access? I would not be so fast to say hacked, usually they are after something or splash some defacing message on the site.

Get lines 125 to 145 from functions_jr_admin.php

Line : 132
File : /home/clanhb2/public_html/includes/functions_jr_admin.php
SQL : SELECT * FROM phpbb_jr_admin_users WHERE user_id =

and post it please.
By going tru JR admin one would pretty high access though.

[HBAndrew]

Got 3 admins including myself, one of which has had no net for over a month.

Only me and the bill payer have FTP/cpanel access.

Here is 125-145.

[code]                 }                 return false;             }             case false]

Only me and the bill payer have access to the admin panel within last month or so, got no JR admins.

When I was trying to unban the user I did go into Maintenance under ctracker and click execute now on some of the bottom options trying to clear any IP related bans or logs, guessing that didn't cause the problem though.

Thanks for helping.

[CaNNon]

I'm going to compare that to mine just in case.

but the problem is in SQL : SELECT * FROM phpbb_jr_admin_users WHERE user_id =

from your hosts login pannel, mysql find "phpbb_jr_admin_users" and sub table "user_id"

get a copy of the values and post them. I know ct but my db skill sux.
do you have any set to jr admin? sorry i see you ansered that. <img>

[CaNNon]

your functions_jr_admin.php file matches mine.

lets compare the db entry.

[HBAndrew]

Went into jr_admin_users, clicked browse but it seems to be empty or something and set to some swedish language, I will check in a month old backup and compare.

EDIT: A backup from end of september only has this for that table.

Code: Select all

---- Table structure for table `phpbb_jr_admin_users`--  DROP TABLE IF EXISTS `phpbb_jr_admin_users`;CREATE TABLE `phpbb_jr_admin_users` (   `user_id` mediumint(9) NOT NULL default '0',   `user_jr_admin` longtext NOT NULL,   `start_date` int(10) unsigned NOT NULL default '0',   `update_date` int(10) unsigned NOT NULL default '0',   `admin_notes` text NOT NULL,   `notes_view` tinyint(1) NOT NULL default '0',   PRIMARY KEY  (`user_id`)) ENGINE=MyISAM DEFAULT CHARSET=latin1;  ---- Dumping data for table `phpbb_jr_admin_users`--  LOCK TABLES `phpbb_jr_admin_users` WRITE;/*!40000 ALTER TABLE `phpbb_jr_admin_users` DISABLE KEYS */;/*!40000 ALTER TABLE `phpbb_jr_admin_users` ENABLE KEYS */;UNLOCK TABLES;  

[CaNNon]

err.... no that would be correct, no JR admin would be a empty table.
Looks fine to me.

[CaNNon]

I'm guessing a table value in ct's control pannel like more admins that allowed.
I don't know enough about the db stuff to help you check it though.


also "à ¢Ã¢â€š ¬Ã‚ ¢ ctracker_gmb_loginlink à ¢Ã¢â€š ¬Ã‚ ¢ Log out [ ]" why would i be loged in?

[HBAndrew]

Yep under Security - Special, admins is set to 3 and mods to 10 to match the proper amount, though they were reset when I upgraded and didn't notice. No idea what happened with the nav bar, just ANYTHING I do when logged out keeps looping the exact same error even trying to login. But if logged in, everything is totally normal.

[tmotley]

http://www.integramod.com/forum/viewtop ... est+banned

That's what's happening, correct? I had this happen to me once and fixed it via phpmyadmin.

[HBAndrew]

-1 was set to 0 under active, set it to 1 and removed all rows from banlist and the site seems fine again. If a guest getting banned can stop pretty much all users getting to the site, that's a huge problem that's been missed. How can I stop this happening again?

Also shouldn't user -1 be user 0?

Thanks guys for the help, something so simple yet I probably never would have found it.

[DjPorkchop]

I had this issue once myself and teelk fixed it up for me and set something in the Ctracker settings in my ACP and I never had that issue ever again. If I can find the info Ill gladly post it for you.

If memory serves me correct it was permissions for guests on site or something like that.......Im off to investigate. brb.

[HBAndrew]

Ok it has happened again, user_id -1 was in the ban list, I'm gonna need help here I can't have my site being closed every few days.

Thanks

[DjPorkchop]

According to Teelk, its spam protection in Cracker Tracker.

This is what he wrote me in a PM when this happened to me on my website.

and I quote

If you do have this happen again, give me a shout and we'll make some changes. This seems to be an isolated incident, and I've narrowed it down to either phpBB Security or CrackerTracker. I'm leaning more towards CrackerTracker as you're 140 installs have phpBB Security installed and you haven't had any issues with them.

If it does happen again I should be able to narrow it down even further, since I've turned off your spam protection for now. If you get spam posts then that's where the problem was and I can probably add some code to prevent the guest account from being banned.

[CaNNon]

Make sure you have closed all places guest accounts could do anything except read.

What helter said here was important:

I think you had a guest who did something CTracker didn't like and it banned him. Of coarse by doing so, it banned all guest's.

CT will keep doing this if you don't. I don't think there is any other way it could stop a guest from messing up your site.

Turning of security sets off alarm bells for me, I don't think teelk meant for

turned off your spam protection

to be a final fix.

[DjPorkchop]

most definately not. <img> Im sure thjats why he layed the disclaimer down right after when he said "for now"


still never got a secure fix and that was as close as i ever got without it ever doing it again. it be real nice if we could come up with something.

gotta split have a good night

[CaNNon]

I don't think we can, I mean as long as guest accounts are allowed to do stuff you must have a way to stop them from abusing your site. Don't forget when this happens your security has gone off for a reason. It's an not arbitrary thing.

The answer could be more in adding that fixing. Something like if guest user gets banned the forum would lift the ban in "X amount of time".

This way if a guest account tried something, the site would kind of close down for a "X min." self protect and then lift the ban.

Writing that is way over my head though. <img>