Text only | Text with Images

coppermine-gallery.com/forum

Support => cpg1.4.x Support => Older/other versions => cpg1.4 permissions => Topic started by: scrapgranny on April 14, 2006, 08:45:47 PM

Title: Users Banned But I didnt do it
Post by: scrapgranny on April 14, 2006, 08:45:47 PM
lMy old gallery was hacked so I completely deleted it, downloaded the new version 1.4.4, and created a brand spanking new gallery. All was going well but now I have SOME but not ALL user reporting that they are getting a you have been banned message. I haven't banned anyone! And the user is gone from my user list. Shouldn't they still be in the user list and show up as banned?

I manually created a user for one of the banned users (with the same user name and email they were using before) and now they are back in my list as active. Also, none of the banned users are in the banned user list

Can anyone tell me what is going on now?
Title: Re: Users Banned But I didnt do it
Post by: Joachim Müller on April 14, 2006, 08:51:41 PM
possible attackers of your site may have been able to see the names of reigstered users (that's easy, as there name is being shown everywhere, from comments to uploads). They might have tried to run a brute-force attack, using the usernames of your users, trying some passwords. After a certain amount of failed log in attempts, a user gets temporarily banned (to stop possible brute-force attacks from being successful). So those users may be banned by the script, not by you as admin. Imo it's better to have some users temporarily locked out instead of seing your site hacked once more. I suggest reviewing your server logs, trying to track a possible attacker and maybe even his IP address.
Title: Re: Users Banned But I didnt do it
Post by: scrapgranny on April 14, 2006, 08:56:56 PM
So when they are banned by the script like this it just removes them from the user list? I did a test ban on a test user and even that name still appeared in my user list.
Title: Re: Users Banned But I didnt do it
Post by: Joachim Müller on April 14, 2006, 08:59:22 PM
no, they should not be removed from the list. Did you check the list being logged in as admin or as a user?
Title: Re: Users Banned But I didnt do it
Post by: scrapgranny on April 14, 2006, 09:05:10 PM
admin
Title: Re: Users Banned But I didnt do it
Post by: scrapgranny on April 14, 2006, 09:11:25 PM
also, is there any way to unban a user who has done this accidentally? I have the time period set to 10 in the config section...does this mean 10 minutes, hours, days, what?
Title: Re: Users Banned But I didnt do it
Post by: Joachim Müller on April 14, 2006, 09:17:56 PM
try the help icon next to the config entry - it should tell you that it is minutes. Taking a look at the docs, will tell you the same.

There's no method built into coppermine to un-ban, you'll have to do this directly in your database (using a tool like phpMyAdmin) or just wait untill the ban is over.
Text only | Text with Images