- Forums
- Support and Presales
- Professional Members Support
- Profile logger showing password changes from user id 0, no username
Profile logger showing password changes from user id 0, no username
- akasharkbow
- OFFLINE
-
Premium Member
- Posts: 107
- Thanks: 11
- Karma: 2
I'm using CB / CBSubs and the latest Profile Logger. I've recently received a few notifications of password changes with this information:
Id of user making change: 0
Username of user making change:
Changes made from: frontend
The IP is logged, and the same IP is associated with a few password changes on different accounts.
I'm not sure if this is a hack, or a security hole, or if there is something wrong with my settings. But if you could possibly advise me on how to troubleshoot this so that I can protect our site's users accounts, I'd be very grateful.
Thanks so much.
Please Log in to join the conversation.
nant
Team Member- OFFLINE
- Posts: 25531
- Thanks: 1834
- Karma: 877
akasharkbow wrote: Hi there
I'm using CB / CBSubs and the latest Profile Logger. I've recently received a few notifications of password changes with this information:
Id of user making change: 0
Username of user making change:
Changes made from: frontend
The IP is logged, and the same IP is associated with a few password changes on different accounts.
I'm not sure if this is a hack, or a security hole, or if there is something wrong with my settings. But if you could possibly advise me on how to troubleshoot this so that I can protect our site's users accounts, I'd be very grateful.
Thanks so much.
Ha - looks like the password reset is causing this.
Nothing to be alarmed with.
I will open a ticket to imporove message if possible in next release.
--
Nick (nant)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Tutorials + Search the forums
For more add-ons and support: Upgrade your membership
Links: Community Builder - Languages - Adv/Pro/Dev membership - CBSubs Paid Subscriptions - GPL Templates - Hosting
Visit my CB Profile - Send me a Private Message (PM)
Please Log in to join the conversation.
- akasharkbow
- OFFLINE
-
Premium Member
- Posts: 107
- Thanks: 11
- Karma: 2
Just to be clear - most password changes actually come through with a notification that makes sense (correct username and user id). So, if this is a system error, it is not consistent...
Please Log in to join the conversation.
- nant
- Team Member
- OFFLINE
- Posts: 25531
- Thanks: 1834
- Karma: 877
akasharkbow wrote: Thanks for your reply, nant.
Just to be clear - most password changes actually come through with a notification that makes sense (correct username and user id). So, if this is a system error, it is not consistent...
If a logged in user changes his password from the update profile menu then everything is normal.
However if someone does not remember his password (and thus cannot login) and he does a password reset request then the profile logger identifies the password change but cannot identify the user requesting the change (since there is no logged in user).
So in this case the IP is in fact useful.
As I said there is no reason to be alarmed and we will improve on this if possible in next release.
--
Nick (nant)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Tutorials + Search the forums
For more add-ons and support: Upgrade your membership
Links: Community Builder - Languages - Adv/Pro/Dev membership - CBSubs Paid Subscriptions - GPL Templates - Hosting
Visit my CB Profile - Send me a Private Message (PM)
Please Log in to join the conversation.
- Forums
- Support and Presales
- Professional Members Support
- Profile logger showing password changes from user id 0, no username
-
You are here:
- Home
- Forums
- Support and Presales
- Professional Members Support
- Profile logger showing password changes from user id 0, no username