spirogg
commented
4 years ago ok i see know this photo you uploaded this is weird - he logged out of your account then he logged into his account correct 1 min interval
Closed liviufox closed 4 years ago
spirogg
commented
4 years ago ok i see know this photo you uploaded this is weird - he logged out of your account then he logged into his account correct 1 min interval
spirogg
commented
4 years ago @liviufox
can you check this in your admincp click >members then >user group settings now select in dropdown (user) under apps then select drop down (registered user) under groups then scroll down the settings and see if the setting: Can members of this user group log in as another user without entering a password? is this ON or OFF ?? This setting should be OFF for all usergroups other than admin if you want it on. or OFF for admin also.
also double check all user groups - to make sure this is off for all.
see photos below
liviufox
commented
4 years ago I can confirm that I have only one admin account. I can confirm that for registered users that setting is set to NO. I can confirm that I never logged in his account from admin or so. He was using chrome.
spirogg
commented
4 years ago @liviufox just wondering - were you logged in at the same time he was logged in ? how long before you logged out was he able to login to your account? or what did he do or how did he posted to your timeline. was he in a pages, groups, feed section. you need to ask him if he can remember so maybe some of us can check on our end to see if we can find this loophole
thanks
liviufox
commented
4 years ago We could be logged in at the same time. I will try to find out this. I am not sure if I was logged out of my account when this happened. What I seen it was that we both reacted to one of the other ones's post few hours before. That link post was posted at 7:25 pm. And logged out one or two minutes after when he realized he is in my account.
I have another photo i took with my phone before the screenshot i posted with some more details:
harrison05
commented
4 years ago Hi @liviufox
You should change the password of your account, then check your friend's account, and make sure it's belonging to Registered User group (Staff and Administrator can access AdminCP). You can use our Single Device Login app to manage login history and block IP which you don't allow.
Regards.
One of my member was logged in on another account. I have my admin account on one pc and I access it through Chrome. On the same pc I access my personal account from mozila. And I also access it from 3 other test accounts from mozila too. So I access my site as an admin through Chrome and as other accounts through mozila through same IP address. This IP is in Romania. One of my friends created an account on my website and is accessing the site from Chicago. Yesterday I saw a post on timeline posted from my personal account which wasn't posted my me. But after I saw the caption for that link post I thought this is my friend's style. So I asked him if he posted that and he confirmed that he did and he saw that when he posted he was logged in with my account. I never shared any details with him. I checked the login details from the IP he was logged in now and on the login list was my personal account there also. How can he be looged in in my personal account ?
Phpfox version is 4.7.10 (pro licence) with no other 3rd party app, I had before some apps installed but no app now. I am using 2 languages : english and romanian
These are the apps that were at one point installed on the site:
Server details:
https://prnt.sc/s77sns