UBB.Developers Forums UBB.threads 7 Development How Do I? Question about a security issue I'm having

I admin a gaming related board that has several private sections for members. We're using UBB 6.3.0.1. We suspect a member of sharing their login name and password with a non-member who merely lurks with it, but we can't prove it or stop it.

What I'm looking for is a way to trace the IP used by that user to even read the board. Right now, I can only trace his posting IP which doesn't help much. I found the IP logging mod on the other board and we're installing it later today, but my understanding is that it only captures IP's when a user logs in or posts. I'm sure that both the authorized user and the lurker have cookies set and won't log in fresh for a long time.

So, I went to the control panel, lo and behold there is no way to force a login cookie timeout that I could find. I'm perfectly willing to make every user login fresh every 3 days or so just so I can capture their IP's, is there a mod that allows Admins to set this option? Hell, even a way to manually expire all login cookies would work for me and I'd just do it once, catch this guy and then ban him.

Any other suggestions are welcome as well, thanks in advance for your help.

Have you checked out the Admin View of Recent Visitors?

Enable Recent Visitors if not already enabled, Click on the Recent Visitors link and then look for the Admin View link kind tucked in the middle on the right hand side.

Thanks for the quick reply. Yes, I've used the admin view before, but it only shows the last 20 minutes right? I want to be able to record the IP's that a certain user views the board from to a log file.

What you're looking at doing is a potentially high load operation. Just want to make sure you know that before going in head first.

The upcoming 6.7 release includes some tools that will help you get to the goal you want... while it won't track every single IP a user ever uses, it does track more than that old 6.3 you're using.

Our board has about 100 active users with an average of 25 on it at a time. We were planning on either upgrading to 6.7 when it comes out or going with a different board package that would have the kind of security we want. Can you elaborate on what IP information is captured in 6.7 as it might have a direct bearing on whether we upgrade to it or not. Thanks again for your replies fellas.

The user IPs are captured when the user logs in (clicks the login link), and once per day on the first request of the day. The new IP takes the place of the previous IP.

All of these IPs are then indexed in a new file called act_index, along with the registration IP and last post IP.

While there's no UI to search all of the IPs at once, you can search a particular category of IP in the control panel.

In addition, the user post history file also stores all of the IPs for all of the user's posts. While there is no UI to search for IPs for these history files, they can be found in the Members/user_posts/ directory, named after the user numbers. I think that the IPs might be present in the 6.3 that you're using, but I don't recall. In any case, as of 6.6 (and thus 6.7), the admin can get a snapshot view of all the user's unique IP addresses by viewing the user post history in the control panel.

Okay, one last question. Is there a hack that allows the admin to force expiration of the user's login cookie. By default it doesn't seem to ever expire or is an obscenely long expiration. I'd like to set it, even if it has to be hardcoded, to expire every 48 hours. This way, we could capture the IP when the unauthorized user logs in. Thanks again guys.

This would be tough in 6.3... in 6.7 there are a few blocks of code in ultimatebb.cgi that could be hijacked to invalidate a user login. The new storage hash in profile index 42 could also be used to do that. Wouldn't be too hard... the hardest part would be putting a UI for the feature in the control panel. Look for a hack following 6.7 beta.