Catching The Mole

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Scam Warning
Post Reply
War Horse
Registered User
Posts: 67
Joined: Sat Oct 04, 2008 6:53 pm

Catching The Mole

Post by War Horse » Tue Oct 25, 2011 5:33 pm

If unregistered person X is logging into your forum with registered person Y's account what is the best way to find out who is user Y? Forum requires admin activation for all accounts. Person X may also be using an IP mask. Motivation for X's constant hacking is unknown but it probably stems from not being hugged enough as a child.

War Horse
Registered User
Posts: 67
Joined: Sat Oct 04, 2008 6:53 pm

Re: Catching The Mole

Post by War Horse » Tue Oct 25, 2011 5:42 pm

If there is no way to catch the mole then is there a way to allow certain users to log in with certain IP's?

User avatar
Lumpy Burgertushie
Registered User
Posts: 66928
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Catching The Mole

Post by Lumpy Burgertushie » Tue Oct 25, 2011 5:54 pm

if user x is logging in with user y's login and posting crap, then you know who user y is already.

I am not sure what the problem is that you are trying to solve.

please explain better.

also, I do not believe there is a way to allow a user to login using a specific IP,
restrictin logins via IP does not even work because people get a new IP all the time and the one you ban today could be someone else's tomorrow that you do not want to ban.


robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.2 Styles by PlanetStyles.net

If a tree falls in the forest and nobody is there, does it make a sound?

War Horse
Registered User
Posts: 67
Joined: Sat Oct 04, 2008 6:53 pm

Re: Catching The Mole

Post by War Horse » Tue Oct 25, 2011 6:38 pm

Lumpy Burgertushie wrote:if user x is logging in with user y's login and posting crap, then you know who user y is already.

I am not sure what the problem is that you are trying to solve.

please explain better.

also, I do not believe there is a way to allow a user to login using a specific IP,
restrictin logins via IP does not even work because people get a new IP all the time and the one you ban today could be someone else's tomorrow that you do not want to ban.


robert
Person X is not posting with Y's account. X is only lurking to gather information they have no business reading. We are trying to find out who X is, the user who is selling out.

Pony99CA
Registered User
Posts: 4783
Joined: Thu Sep 30, 2004 3:13 pm
Location: Hollister, CA
Name: Steve
Contact:

Re: Catching The Mole

Post by Pony99CA » Tue Oct 25, 2011 9:37 pm

War Horse wrote:Person X is not posting with Y's account. X is only lurking to gather information they have no business reading. We are trying to find out who X is, the user who is selling out.
Earlier you said that you wanted to find out who user Y was (but I figured that you meant X). You could check the IP address of user Y and see where they're coming from.

However, the problem is probably bigger than that. If user Y allowed user X to share an account, I'd warn Y that isn't acceptable and tell him that you'll ban him if it doesn't stop. If user Y has no knowledge of user X using the account, then user X probably cracked the password and I'd deactivate user Y and let him reactivate the account.

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.

User avatar
tbackoff
Former Team Member
Posts: 7022
Joined: Thu Jun 04, 2009 1:41 am
Location: cheerleading practice
Name: Tabitha Backoff

Re: Catching The Mole

Post by tbackoff » Tue Oct 25, 2011 11:01 pm

Pony99CA wrote:If user Y has no knowledge of user X using the account, then user X probably cracked the password and I'd deactivate user Y and let him reactivate the account.
Keep in mind that if this is the problem, then phpBB is probably not the culprit. User Y is probably using "password" as his password (or some other easy-to-guess password).
Flying is the second best thrill to cheerleaders; being caught is the first.

Pony99CA
Registered User
Posts: 4783
Joined: Thu Sep 30, 2004 3:13 pm
Location: Hollister, CA
Name: Steve
Contact:

Re: Catching The Mole

Post by Pony99CA » Wed Oct 26, 2011 7:26 am

t_backoff wrote:
Pony99CA wrote:If user Y has no knowledge of user X using the account, then user X probably cracked the password and I'd deactivate user Y and let him reactivate the account.
Keep in mind that if this is the problem, then phpBB is probably not the culprit. User Y is probably using "password" as his password (or some other easy-to-guess password).
I thought that went without saying. ;)

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.

War Horse
Registered User
Posts: 67
Joined: Sat Oct 04, 2008 6:53 pm

Re: Catching The Mole

Post by War Horse » Fri Oct 28, 2011 3:13 am

Pony99CA wrote:However, the problem is probably bigger than that. If user Y allowed user X to share an account, I'd warn Y that isn't acceptable and tell him that you'll ban him if it doesn't stop. If user Y has no knowledge of user X using the account, then user X probably cracked the password and I'd deactivate user Y and let him reactivate the account.

Steve
Right but we don't know who user Y is this time. We have caught user X on two prior occasions with IP matches but is now using an IP mask to browse the forum undetected through someone's account.
t_backoff wrote:
Pony99CA wrote:If user Y has no knowledge of user X using the account, then user X probably cracked the password and I'd deactivate user Y and let him reactivate the account.
Keep in mind that if this is the problem, then phpBB is probably not the culprit. User Y is probably using "password" as his password (or some other easy-to-guess password).
It's safe to say that Y and X know each other in reality. X allowed Y to use the account. We know that Y accessed the forum because he confessed but he won't disclose who's account he used (I know this sounds like a bad episode of Maury). What we don't know is who X is. Changing passwords won't help because Y will just get it again from X.

User avatar
Freitag
Registered User
Posts: 143
Joined: Mon Jul 11, 2005 10:17 pm

Re: Catching The Mole

Post by Freitag » Fri Oct 28, 2011 4:05 am

If you deactivate Y and force reactivation, then the first log after reactivation will probably be the real Y. The next login will probably be X

Then traceroute/whois the IP address. Unless it's coming from a known anonymizing service it may be that he is either using his work or his hosting service as a proxy. Unless he has a dedicated server, most hosts don't want you using a proxy because it eats up bandwidth. And companies sure don't wan their employees using their hardware to violate the TOS on a public (private?) website. You ight get some help from the IT department of the company/hosting service if you say "at 18:35 IP address z.z.z.z on your network contacted my server at domain/ip with a hacked ID. Can you help me identify the person?"

Good luck.
No clever .sig here

Pony99CA
Registered User
Posts: 4783
Joined: Thu Sep 30, 2004 3:13 pm
Location: Hollister, CA
Name: Steve
Contact:

Re: Catching The Mole

Post by Pony99CA » Fri Oct 28, 2011 7:10 am

War Horse wrote: Right but we don't know who user Y is this time.
War Horse wrote: What we don't know is who X is.
So either your story has completely confused you or you don't know who either user is.... :?

As I said, tell user Y that you don't condone sharing accounts or using anonymous proxies and that you'll ban him if it doesn't stop immediately. Let him deal with user X.

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.

Post Reply

Return to “phpBB Discussion”