Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Users Banned But I didnt do it  (Read 4215 times)

0 Members and 1 Guest are viewing this topic.

scrapgranny

  • Coppermine newbie
  • Offline Offline
  • Posts: 8
Users Banned But I didnt do it
« on: April 14, 2006, 08:45:47 pm »
lMy old gallery was hacked so I completely deleted it, downloaded the new version 1.4.4, and created a brand spanking new gallery. All was going well but now I have SOME but not ALL user reporting that they are getting a you have been banned message. I haven't banned anyone! And the user is gone from my user list. Shouldn't they still be in the user list and show up as banned?

I manually created a user for one of the banned users (with the same user name and email they were using before) and now they are back in my list as active. Also, none of the banned users are in the banned user list

Can anyone tell me what is going on now?
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Users Banned But I didnt do it
« Reply #1 on: April 14, 2006, 08:51:41 pm »
possible attackers of your site may have been able to see the names of reigstered users (that's easy, as there name is being shown everywhere, from comments to uploads). They might have tried to run a brute-force attack, using the usernames of your users, trying some passwords. After a certain amount of failed log in attempts, a user gets temporarily banned (to stop possible brute-force attacks from being successful). So those users may be banned by the script, not by you as admin. Imo it's better to have some users temporarily locked out instead of seing your site hacked once more. I suggest reviewing your server logs, trying to track a possible attacker and maybe even his IP address.
Logged

scrapgranny

  • Coppermine newbie
  • Offline Offline
  • Posts: 8
Re: Users Banned But I didnt do it
« Reply #2 on: April 14, 2006, 08:56:56 pm »
So when they are banned by the script like this it just removes them from the user list? I did a test ban on a test user and even that name still appeared in my user list.
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Users Banned But I didnt do it
« Reply #3 on: April 14, 2006, 08:59:22 pm »
no, they should not be removed from the list. Did you check the list being logged in as admin or as a user?
Logged

scrapgranny

  • Coppermine newbie
  • Offline Offline
  • Posts: 8
Re: Users Banned But I didnt do it
« Reply #4 on: April 14, 2006, 09:05:10 pm »
admin
Logged

scrapgranny

  • Coppermine newbie
  • Offline Offline
  • Posts: 8
Re: Users Banned But I didnt do it
« Reply #5 on: April 14, 2006, 09:11:25 pm »
also, is there any way to unban a user who has done this accidentally? I have the time period set to 10 in the config section...does this mean 10 minutes, hours, days, what?
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Users Banned But I didnt do it
« Reply #6 on: April 14, 2006, 09:17:56 pm »
try the help icon next to the config entry - it should tell you that it is minutes. Taking a look at the docs, will tell you the same.

There's no method built into coppermine to un-ban, you'll have to do this directly in your database (using a tool like phpMyAdmin) or just wait untill the ban is over.
Logged
Pages: [1]   Go Up
« previous next »
 

Page created in 0.017 seconds with 15 queries.