Users Banned But I didnt do it Users Banned But I didnt do it
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Users Banned But I didnt do it

Started by scrapgranny, April 14, 2006, 08:45:47 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

scrapgranny

lMy old gallery was hacked so I completely deleted it, downloaded the new version 1.4.4, and created a brand spanking new gallery. All was going well but now I have SOME but not ALL user reporting that they are getting a you have been banned message. I haven't banned anyone! And the user is gone from my user list. Shouldn't they still be in the user list and show up as banned?

I manually created a user for one of the banned users (with the same user name and email they were using before) and now they are back in my list as active. Also, none of the banned users are in the banned user list

Can anyone tell me what is going on now?

Joachim Müller

possible attackers of your site may have been able to see the names of reigstered users (that's easy, as there name is being shown everywhere, from comments to uploads). They might have tried to run a brute-force attack, using the usernames of your users, trying some passwords. After a certain amount of failed log in attempts, a user gets temporarily banned (to stop possible brute-force attacks from being successful). So those users may be banned by the script, not by you as admin. Imo it's better to have some users temporarily locked out instead of seing your site hacked once more. I suggest reviewing your server logs, trying to track a possible attacker and maybe even his IP address.

scrapgranny

So when they are banned by the script like this it just removes them from the user list? I did a test ban on a test user and even that name still appeared in my user list.

Joachim Müller

no, they should not be removed from the list. Did you check the list being logged in as admin or as a user?


scrapgranny

also, is there any way to unban a user who has done this accidentally? I have the time period set to 10 in the config section...does this mean 10 minutes, hours, days, what?

Joachim Müller

try the help icon next to the config entry - it should tell you that it is minutes. Taking a look at the docs, will tell you the same.

There's no method built into coppermine to un-ban, you'll have to do this directly in your database (using a tool like phpMyAdmin) or just wait untill the ban is over.