Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: 3.0.8
    • Fix Version/s: 3.1.0-b1
    • Component/s: None
    • Labels:
      None
    • Environment:
      PHP 5.3.2, MySQL 5.1.47, Apache/2.2.3 (CentOS)

      Description

      When 'Post Settings > Limit editing time' is disabled with value 0, phpBB does not log the IP address used to edit a post.

      Recently a user on our forum from Russia had his credentials stolen after using a WiMax network, The imposter did not create any posts however edited all his existing posts over a few hours. Our forum is hosted on Sourceforge and we do not have access to server logs, only the IP logs created when a user posts (Logs via the Moderator Control Panel).

      I recommend either changing the MCP logs to record the users IP on logon instead of only logging IP at post creation as there are many operations a user can preform without creating a post that can harm a forum, especially if that user was a moderator.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                nickvergessen Joas Schilling [X] (Inactive)
                Reporter:
                dmex dmex
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: