Need an opinion from a leading member of the community

Get help with installation and running phpBB 3.3.x here. Please do not post bug reports, feature requests, or extension related questions here.
conradp24
Registered User
Posts: 1
Joined: Sun Jan 12, 2020 11:51 am

Need an opinion from a leading member of the community

Post by conradp24 »

Hi All,
The logs for the forum that I run in support of this group demonstrates that particular individuals had access to part of the forum that they should not have had. Rather than inform us they spent time snooping through information that they should not have had access to.

This may become a larger issue, the people involved did not suspect how detailed the logs were and spent a considerable time on there. They have been caught out in a lie, but continue to deny any wrongdoing.

I am reaching out on here, in the hope that a senior member of the community could provide their own perspective on the logs if I tell them what to look for?
Currently, the transgressors are claiming that phpBB's logs are faulty. The issue is fairly serious, so to prove this down the line I need somebody with "credentials" on phpBB that could provide an opinion on:
  • When the person first accessed the private part of the forum.
  • How long did they look at the forum.
  • There is the suggestion that he invited a second person to have a look by sharing a link to a particular part of the forum. Mainly, because the second person went directly to that part of the forum when they logged on, no loading of the home page. Is it possible to confirm this possibility?
Effectively, that is all that is involved. I've already done the work but need it seconded for the Information Commisioners Office in the UK.

Any takers?
Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 28846
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier

Re: Need an opinion from a leading member of the community

Post by Paul »

First of all, let me start that I am no real expert on this :).

phpBB doesn't keep any records on what forum or topic is viewed by which user, only when a post is made you can view specifics about which IP has been used, and when moderator actions are done you can view that in the moderator log.
Using who is online or the sessions table doesn't prove anything. If a user has no permission to view a page, who is online/sessions will still be showing that the user is on that page, but he might have received an error that he/she has no permission. phpBB doesn't log this by default.
Using the webserver access logs also doesn't give a 100% sure answer the user has been able to view a specific forum/topic, for the same reason.
User avatar
KevC
Support Team Member
Support Team Member
Posts: 72536
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK

Re: Need an opinion from a leading member of the community

Post by KevC »

Agreed.
It would be best if you could post a sample of the log (maybe with sensitive info blanked out) so we can explain if the information is actually being misinterpreted.
-:|:- Support Request Template -:|:-
Image
"Step up to red alert. Sir, are you absolutely sure? It does mean changing the bulb"
User avatar
warmweer
Jr. Extension Validator
Posts: 11623
Joined: Fri Jul 04, 2003 6:34 am
Location: Van Allen Bel ... gium

Re: Need an opinion from a leading member of the community

Post by warmweer »

conradp24 wrote: Sun Jan 12, 2020 12:06 pm Hi All,
The logs for the forum that I run in support of this group demonstrates that particular individuals had access to part of the forum that they should not have had. Rather than inform us they spent time snooping through information that they should not have had access to.

This may become a larger issue, the people involved did not suspect how detailed the logs were and spent a considerable time on there. They have been caught out in a lie, but continue to deny any wrongdoing.
If you haven't changed the user's permissions (implying that they are as they were when "having access" to unauthorised parts of the board, use phpBB's features to look at the board using one of those user's permission settings: not by explicitely changing your permissions but by simulating them:
In the ACP /users and groups/ below the username of the user there's a "Test out user’s permissions"... (not 100% sure where, nor about the wording - no access to an ACP at this time) but there is an option to view the board using the user's permission setting.)
Spelling is freeware, which means you can use it for free.
On the other hand, it is not open source, which means you cannot change it or publish it in a modified form.


Time flies like an arrow, but fruit flies like a banana.
User avatar
thecoalman
Community Team Member
Community Team Member
Posts: 6202
Joined: Wed Dec 22, 2004 3:52 am
Location: Pennsylvania, U.S.A.

Re: Need an opinion from a leading member of the community

Post by thecoalman »

conradp24 wrote: Sun Jan 12, 2020 12:06 pm
  • When the person first accessed the private part of the forum.
  • How long did they look at the forum.
  • There is the suggestion that he invited a second person to have a look by sharing a link to a particular part of the forum. Mainly, because the second person went directly to that part of the forum when they logged on, no loading of the home page. Is it possible to confirm this possibility?
Effectively, that is all that is involved. I've already done the work but need it seconded for the Information Commisioners Office in the UK.

Any takers?
If you know the IP's of the users or you can look them up under "IP addresses this user has posted from" on the information link on any post they made. Download the access logs from the server.

Using notepad++ open the logs, using the find panel use the "Mark" tab and put a check next to "bookmark line". Once you have searched for and marked all the lines on upper right tool panel click search >> bookmark >> remove unmarked lines .

You can pare this down further by removing unnecessary lines by searching for and marking styles/prosilver etc. and removing the bookmarked line.

As long as you know the IP this will give all activity for it....


---------------------edit---------------

Just add this will tell you requests made, someone cam make request for topic/forum but that doesn't necessarily mean they got access to it. The server response is in the line, 200 indicates it succeeded.... however you may want to double check with test user to make sure it's in sync with phpBB.
“Results! Why, man, I have gotten a lot of results! I have found several thousand things that won’t work.”

Attributed - Thomas Edison

Return to “[3.3.x] Support Forum”