malicious user(s) able to see IP of members

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • sub_ubi
    Member
    • Dec 2004
    • 77
    • 3.0.3

    malicious user(s) able to see IP of members

    There are user(s) who are able to see my member's IP's. They are using this information to harass my members.

    1) I've followed the security guides and done basic checks for malware. Admin and mod areas have been hardened with long .htaccess passwords for 2+ years, install folder deleted long ago, all plugins and templates checked for any malicious base64 code, etc.

    2) Only the admin group has access to IP's.

    3) I log the ip of each user who logs in, all admin logins appear normal. No strange IP's.

    4) Running 4.2.2 PL4


    Any ideas?
    Last edited by sub_ubi; Wed 14 Oct '15, 7:29pm.
  • Mark.B
    vBulletin Support
    • Feb 2004
    • 24286
    • 6.0.X

    #2
    An image showing up in the server logs doesn't mean that the IP has been viewed.
    A default vBulletin installation does not give visibility to any user IP unless permissions to see them have been granted.

    How do you know that anyone has taken an IP from your vBulletin installation, and used it to harass your members? What exactly is meant by this anyway? Knowing someone's IP doesn't mean you can harass them....you can find out very little of note from an IP address alone.
    MARK.B
    vBulletin Support
    ------------
    My Unofficial vBulletin 6.0.0 Demo: https://www.talknewsuk.com
    My Unofficial vBulletin Cloud Demo: https://www.adminammo.com

    Comment

    • sub_ubi
      Member
      • Dec 2004
      • 77
      • 3.0.3

      #3
      Originally posted by Mark.B
      An image showing up in the server logs doesn't mean that the IP has been viewed.
      A default vBulletin installation does not give visibility to any user IP unless permissions to see them have been granted.

      How do you know that anyone has taken an IP from your vBulletin installation, and used it to harass your members? What exactly is meant by this anyway? Knowing someone's IP doesn't mean you can harass them....you can find out very little of note from an IP address alone.

      Thanks for the fast response.

      The users are harassed by a game administrator who bans them from the game, because they come to this forum. He uses the IP to identify them.

      Could this be a XSS or CSRF attack? I ask because the
      Code:
      data:image
      are quite rare in our logs, and we have 1000's of active users. They only appear when other odd things happen, like the ip-40.png image being served.

      Comment

      • Mark.B
        vBulletin Support
        • Feb 2004
        • 24286
        • 6.0.X

        #4
        There is no security issue that would allow users to collect IP addresses.

        The type of thing you mention has been seen many times before, the most usual cause is that the game administrator is able to connect a username from your forum with a username on his game platform...or something else (eg avatars, locations, profiles...anything that's visible to guests).

        In effect they take an educated guess, in relatively small community circles they are generally right in a lot of cases.
        MARK.B
        vBulletin Support
        ------------
        My Unofficial vBulletin 6.0.0 Demo: https://www.talknewsuk.com
        My Unofficial vBulletin Cloud Demo: https://www.adminammo.com

        Comment

        widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
        Working...