Page 1 of 1

is there a way to monitor current IP addresses of users as an admin?

Posted: Tue Feb 06, 2018 3:04 pm
by menz01
Hello,
I know in the ACP there are pages and logs to see when admins log on, what their IP addresses are at that time and what they did (if they did something). are there any logs or pages (or extensions) that will log users when they log in and their current IP address?

The reason i am asking. we are coming from another BB System (not sure if i am allowed to mention names, so i won't) that had that capability. I was not the admin of that system, nor was i the admin of this system when it was installed and deployed. However that admin has left our club and is very disgruntled about it. I was appointed admin along with a few past admins from both systems. These other admins are not IT people and i am, so that is why i was appointed an admin as well. So these other admins are concerned that the ex-member created backdoors to get back in. i have done what i can to ensure that the "founder" account and other admin accounts are secure. we even changed passwords in the databases as well. so the other admins are concerned that this ex member may have remembered a users password or perhaps created a user account to get back in. Apparantly on the "other system" they could just go to this page and look at the logs of users logons day by day and determine info from that. So now they are looking for something similar in PHPBB 3.2 and other that the admin logging i don't see user logging. is this possible to do?

Re: is there a way to monitor current IP addresses of users as an admin?

Posted: Tue Feb 06, 2018 3:17 pm
by KevC
This might help
viewtopic.php?f=456&t=2407761

You can also look in the database at the users table user_type column and see who is type 3. They will be founder accounts.
This person will not be able to know someone elses email address but you're right in that they might have a normal account with founder status.

Re: is there a way to monitor current IP addresses of users as an admin?

Posted: Tue Feb 06, 2018 4:11 pm
by stevemaury
You can also force a password change in User registration settings.

Also, clicking the "i" icon will give you the IP address from which a post was made, as well as all IPs that user has posted from.

Re: is there a way to monitor current IP addresses of users as an admin?

Posted: Tue Feb 06, 2018 4:59 pm
by stevemaury
This intrigued me, so I thought about it some more. There are only two way to get admin or moderator permissions - groups and users. Groups are easy to check, just look at the members of the Admin and Global moderators groups and make sure you know who all their members are. Then, to make sure no other groups have been given admin or moderator permissions:

Code: Select all

SELECT group_id FROM phpbb_acl_groups WHERE auth_option_id IN(SELECT auth_option_id FROM phpbb_acl_options WHERE auth_option LIKE '%a_%' OR auth_option_id LIKE '%m_%') OR auth_role_id IN(SELECT role_id FROM phpbb_acl_roles WHERE role_type = 'a_' OR role_type = 'm_')
(Change the table prefix if yours is not phpbb_)

That will give you all groups which have any admin or moderator permissions or admin or moderator Roles.

Second way is user permissions. All admin user permissions are in the acl_options table, and begin with a_. Likewise, the moderator permissions begin with m_. Each permission has a unique auth_option_id. So, to get a list of the ids of all users with admin or moderator permission ids:

Code: Select all

SELECT user_id FROM phpbb_acl_users WHERE auth_option_id IN(SELECT auth_option_id FROM phpbb_acl_options WHERE auth_option LIKE '%a_%' OR auth_option_id LIKE '%m_%')
You now have a list of all user_ids with admin or Moderator user permissions.

Re: is there a way to monitor current IP addresses of users as an admin?

Posted: Tue Feb 06, 2018 5:04 pm
by menz01
KevC wrote:
Tue Feb 06, 2018 3:17 pm
This might help
viewtopic.php?f=456&t=2407761

You can also look in the database at the users table user_type column and see who is type 3. They will be founder accounts.
This person will not be able to know someone elses email address but you're right in that they might have a normal account with founder status.
Thank you for the suggestion. I installed it and waited a little bit to allow some users to log on and i am seeing the information. this appears to be what i needed. should i be concerned using this on a live board since it seems it is is still in "Release Candidate"? i hope not cause i am liking what i am seeing so far
stevemaury wrote:
Tue Feb 06, 2018 4:59 pm
This intrigued me, so I thought about it some more. There are only two way to get admin or moderator permissions - groups and users. Groups are easy to check, just look at the members of the Admin and Global moderators groups and make sure you know who all their members are. Then, to make sure no other groups have been given admin or moderator permissions:

Code: Select all

SELECT group_id FROM phpbb_acl_groups WHERE auth_option_id IN(SELECT auth_option_id FROM phpbb_acl_options WHERE auth_option LIKE '%a_%' OR auth_option_id LIKE '%m_%') OR auth_role_id IN(SELECT role_id FROM phpbb_acl_roles WHERE role_type = 'a_' OR role_type = 'm_')
(Change the table prefix if yours is not phpbb_)

That will give you all groups which have any admin or moderator permissions or admin or moderator Roles.

Second way is user permissions. All admin user permissions are in the acl_options table, and begin with a_. Likewise, the moderator permissions begin with m_. Each permission has a unique auth_option_id. So, to get a list of the ids of all users with admin or moderator permission ids:

Code: Select all

SELECT user_id FROM phpbb_acl_users WHERE auth_option_id IN(SELECT auth_option_id FROM phpbb_acl_options WHERE auth_option LIKE '%a_%' OR auth_option_id LIKE '%m_%')
You now have a list of all user_ids with admin or Moderator user permissions.
very interesting!!! i am going to look at all this as well

Re: is there a way to monitor current IP addresses of users as an admin?

Posted: Tue Feb 06, 2018 5:22 pm
by canonknipser
And to be sure, don't forget the base system:
  • database userid and password
  • ftp userid and password
  • hosting account userid and password
Make sure you change them to disable access from outside from phpBB - if you change the database credentials, you need to change config.php also!

Re: is there a way to monitor current IP addresses of users as an admin?

Posted: Tue Feb 06, 2018 5:35 pm
by menz01
canonknipser wrote:
Tue Feb 06, 2018 5:22 pm
And to be sure, don't forget the base system:
  • database userid and password
  • ftp userid and password
  • hosting account userid and password
Make sure you change them to disable access from outside from phpBB - if you change the database credentials, you need to change config.php also!
LOL!!! i already found that out, cause i did exactly that. luckily a little google-fu told me what to do and i corrected it but not before i got a few angry users calling me

Re: is there a way to monitor current IP addresses of users as an admin?

Posted: Thu Feb 08, 2018 3:25 am
by Furball Zen
Am i missing something? When you log into the ACP, at the bottom is lists all of the Admin activity and the IP address they logged in from. So if they were doing something, it would tell you.

Code: Select all

Logged administrator actions

This gives an overview of the last five actions carried out by board administrators. A full copy of the log can be viewed from the appropriate menu item or following the link below.

Re: is there a way to monitor current IP addresses of users as an admin?

Posted: Thu Feb 08, 2018 3:37 am
by stevemaury
What you are missing is that he is concerned about people who may have the ability to do something, but have not yet done it. He wants to know who might have that ability.

Re: is there a way to monitor current IP addresses of users as an admin?

Posted: Thu Feb 08, 2018 12:27 pm
by ToiX3
For test purpose I run this query:

Code: Select all

SELECT group_id FROM phpbb_acl_groups WHERE auth_option_id IN(SELECT auth_option_id FROM phpbb_acl_options WHERE auth_option LIKE '%a_%' OR auth_option_id LIKE '%m_%') OR auth_role_id IN(SELECT role_id FROM phpbb_acl_roles WHERE role_type = 'a_' OR role_type = 'm_')
This is the result:
shot.png
Group 1 (Guests). What? That's just not possible.