Moderator's Forum Breach

Advertise with us
shop deals on amazon
Shop deals on ebay
Aussie Pythons & Snakes Forum

Help Support Aussie Pythons & Snakes Forum:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.
Status
Not open for further replies.
A

Administrator

Guest
Hello APS Members,

I am regrettably and apologetically posting about the recent security flaws with our site. After a great deal of investigation and frantic panic we have found the flaw which allowed the contents of the Moderator's forum to be leaked onto the Internet.

The flaw had to do with the way permissions for banned members were handled. Banned members by default have "read only" access on ALL forums. Unfortunately, read only permission is not good enough for the Moderator's forum and for missing this I am deeply sorry. This system is very new to me (as it is to you) and this was a mistake on my part which was simply missed.

I hope all members understand what they have or will read on the aforementioned site - moderators have a tough job patrolling the forums and obviously need a place to voice concerns about members. Moderators do their best to be impartial, but are only human (and as you can see, being human is what has lead to these problems, not to mention the subsequent discussion). They only talk about other members when there are problems and when it is necessary, not for their own amusement or motives.

I would also like to add a thank you to the member who was extracting the posts from the Moderator's forum and placing them on the Internet - your carelessness in doing so was what helped us find this vital security flaw.

Once again, I apologise and hope that you all understand.

Yours
Adam
 
Guess its all a part of moderation. BTW i did happen to have a quick browse over the mentioned leak and is it true that moderators can read our Private Messages?
 
This is not true. Moderators have no access to PMs.
 
Well done Adam. It is always good when people admit their errors. Very easy to be forgiven then.
 
let me just ask, if private messages are spose to remain private why are mods allowed to breach this? i remember months back someone posted a private message sent to them by another member and it was deleted.
 
Yes that IS a very good question. I thought private messages were just that,,, private.
Is that not the case, cause i would be sorely dissapointed if a so called private function was infact public to mods. I moderate other sites online, rep and chat, and have never had access to pm's. Please explaine?????????
 
i have my own solution cos its not a good rumour i dont think ill ever use my address on a pm just in case...ill just use my e-mail :D
 
Like I said, Mods (or even Forum Admins) do not have access to PMs. Directly access to the database would be required for this (which only I have).

I am unaware of the incident you are talking about, but no amount of forum permissions would allow me to let Moderators view other user's PMs.
 
Wise man

Adam for a guy younger than the majority you are wiser than most. :)

Admitting the mistake is brave and you are doing a great job with sorting things out.
There is a lot of confusion however that needs to be sorted out in regards to what can and cannot be veiwed by certain people.:|
 
alright, i'll explain a bit better. i realize that the private messages posted in the mods forum where only to them as another user but they placed a private message on a forum board for the other mods to see and comment on. i dont think this is fair if the writer of the pm is unaware of it being made public to the sites admin and mods. understand??
 
so adam you have access to the pm's???????? therefore they aren't privite are they????????

just an honest question.................
 
OK thanks jr. was just a bit concerned. Well done and keep up the good work son :D
 
steve6610 said:
so adam you have access to the pm's???????? therefore they aren't privite are they????????
Click to expand...

Technically, you are correct. As with any web-based system, there is a database backend which someone needs to have access to, in this case me. That said, I have never read any PMs and don't intend to (it does not interest me).

If you require a secure communications medium, I suggest you look at using encrypted emails.
 
I got sent the link as well and have to ask why a moderator would condem someone without reading prior posts made to find out the context of the topic.The comment made of watch this person ect is unjustified and uneducated because the mod concerned didnt know the base of the subject as was admitted!
One point i would like to make is that no errors would have been admitted to if this link was not exposed.
I love this site and only jack up when attacked without justification as do most others,I admit my language may at time not be correct but Im not the only one guilty of that,and to be honest I thought auto censor dealt with it anyways,my mistake.Its a sad thing that these private messages and disussions were made public,saying not to take any notice is like telling a jury to disregard the evidence just given???
Odie
Adam this is not against you at all congrats on what you have achieved..
 
Last edited:
I imagine the head administrator of any web site could access any information that passes through the site, someone has to have all the keys otherwise noone could fix all the problems
 
Status
Not open for further replies.

Similar threads

Stuart
New Site Rules
Replies
6
Views
3K
CrazyNut
C
Stuart
  • Locked
New Site Rules
Replies
0
Views
2K
Stuart
Stuart
R
  • Locked
Diamond Python Heat & Handling HELP
Replies
7
Views
5K
SKYWLKR
SKYWLKR
Stuart
  • Locked
  • Sticky
New Site Rules
Replies
0
Views
3K
Stuart
Stuart
Stuart
  • Locked
New Site Rules
Replies
6
Views
3K
CrazyNut
C

Latest posts

Back
Top