Welcome to Geeklog Thursday, April 22 2021 @ 09:43 am EDT

Geeklog Forums

Multiple Admin


Status: offline

etegration

Forum User
Full Member
Registered: 20/02/02
Posts: 179

I don't know this is a bug with IP Plot or Geeklog or my broadband connection itself. My site is @ http://www.itcow.com whenever i logged in as Admin and click on a few admin links like going to add a static page, then create a poll etc This only happens when i uses aSingnet Broadband connection (ADSL connection) here in Singapore. While using aMaxonline connection (Cable connection), it has no such problems.

I have IP Plot installed and it shows that each Admin account is with a different IP address with a difference of just 1, as in 202.166.126.229, 202.166.126.230, 202.166.126.231, 202.166.126.232 and so on...also please seehttp://www.itcow.com/temp/ma.gif for a screenshot.

I don't know if there is any security flaw around, with this problem. Anyone can enlighten me?


http://www.etegration.com.sg http://www.itcow.com http://www.ministryofhosting.com
 Quote

Status: offline

isol8

Forum User
Regular Poster
Registered: 14/05/02
Posts: 73
sounds like a proxy issue, not really a bug or a security issue
 Quote

Anonymous

Anonymous
I think it's some sort of bug. He shouldn't be showing up eight times with the same login.
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 12/01/02
Posts: 13073
Location:Stuttgart, Germany
I agree with isol8 - this looks like a proxy issue or something like that. What's probably happening is that the original poster is assigned a new IP every time he clicks on a link on his site. So Geeklog will start a new session for this supposedly "new" visitor (identified as the Admin by the cookies). The old sessions are now useless and will stay around until they expire. Since noone can pick up those "dangling" sessions it shouldn't pose a security problem either. bye, Dirk
 Quote

Anonymous

Anonymous
That may be the cause, but it's still a software bug. The block shouldn't be showing multiple log ins for the same alias. In his particular case, I agree it's probably not a security problem. However, if someone obtained another person's password, he could easily log in and pose as that person at the exact same time because there doesn't seem to be any checking for this.
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 12/01/02
Posts: 13073
Location:Stuttgart, Germany
Well, if someone gets hold of your Admin password, then you're lost, obviously. Blocking someone when he tries to log in with a stolen password while the real Admin is still online won't really help here - he can always come back later. Actually, it's not a good idea to block a second log-in attempt from another IP. Consider being disconnected by your ISP and trying to log into the site again (usually from a different IP) - now you have two legitimate(!) sessions from two different IPs. You certainly don't want to wait until the old session expires. All in all, this is nothing more than a cosmetic issue. bye, Dirk
 Quote

All times are EDT. The time is now 09:43 am.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content