Support Forum
Support Forum
Offline
I had a freaked-out email from a forum member today complaining that ISP addresses are visible to anyone logged into the forum. Here's her description of what she sees (she has full access as a Senior Member):
I discovered this evening that personal information is being given out on the board, by way of a feature that is not locked down. It is giving out our IP addresses and our email addresses. To see what I mean, this is what you do. Go into a post and go see the profile of one of the members. In the profile box, up at the top and to the left, put your mouse over there. It's up at the top near the date. You will see a 'tool' icon appear. Click on the icon and another box will appear. In that box, you can click on the 'email and IP' address and watch what appears? I double checked on the email address I know mine is private and I know another members is private, but it's showing up in this window. With the IP addresses, I have lots of fear of that being hacked! Is there a way to get this feature locked down/shut off immediately? I know Jennie feels the board is pretty safe, but still, this kind of information should not be accessible to anyone, except moderators/Jennie!
This is a pretty serious security breach, as hackers can use ISPs and email addresses to get into personal information on computers that aren't protected by a firewall. How do I turn off the ISP feature to all but admins? I've already turned off the "can view email addresses" in the Full Access permission set.
Thanks,
Jennie
Offline
Only forum admins get to see this data...
 |
YELLOW
SWORDFISH
|
Offline
Nope, she could see it, and she's not a forum admin. Now that I've turned off "can see email addresses," the ISP info isn't showing up, either. But it was definitely visible to her before I turned it off!
Thanks,
Jennie
Offline
There is a permission for allowing users to view email addresses. Asked for many users on closed forums. But we do not enable it in any of our permissions. Didbyoh check to see if you enabled it?
Visit Cruise Talk Central and Mr Papa's World
Offline
I disabled the "allow members to see email addresses" feature, but it would be nice to turn that on without having the ISP information show up alongside it. It's just way too dangerous to allow anyone to see ISP numbers other than admins/mods.
Thanks!
Jennie
Offline
Well I learned something too as I didn't know that permission made the data visible!
And we will discuss your other point.
|
YELLOW
SWORDFISH
|
Offline
Actually - I mis-read this from the top and thought we were talking about the users profile where the email address IS shown to admins only which is why I was surprised the IP address was shown.
I think if there is a flaw here it is in the description of the permission which should mention both email and IP address an I will open a ticket to update that.
|
YELLOW
SWORDFISH
|
All RSS1 Guest(s)