We hope you enjoy your visit.

You're currently viewing our forum as a guest. This means you are limited to certain areas of the board and there are some features you can't use. If you join our community, you'll be able to access member-only sections, and use many member-only features such as customizing your profile, sending personal messages, and voting in polls. Registration is simple, fast, and completely free.


Join our community!


If you're already a member please log in to your account to access all of our features:

Username:   Password:
Add Reply
Just a follow up
Topic Started: Jan 21 2006, 07:18 PM (470 Views)
The Judge
Member
[ *  * ]
On this thread: http://support.invisionfree.com/index.php?...pic=218171&st=0

What I have found out is this. I was the Root Administrator with a regular Administrator under me. He could not change my password in the Administrtion panel but he could change my E-mail Address.

He changed it to one of his e-mail addresses and then asked for a "Password Recovery" for my account which was sent to his e-mail. He changed my password and got into my account and put himself in the root admin.

Anyway no harm done but I'll give him credit for figureing out a way to do it.
Offline Profile Quote Post Goto Top
 
Billamen
Member Avatar
Member
[ *  *  *  *  * ]
Impossible. A non root admin should not be able to edit a ROOT admin's account.

There must be a glitch in your board.
Offline Profile Quote Post Goto Top
 
The Judge
Member
[ *  * ]
Hostetter
January 21, 2006 06:31 PM
Impossible. A non root admin should not be able to edit a ROOT admin's account.

There must be a glitch in your board.

Geez, don't tell me he lied. That's how he explained it to me. LOL oh well maybe I need to go back and try to get more out of him. On second thought I have a second account at the forum and could test that out myself. I think I'll do that late one night just to see,
Offline Profile Quote Post Goto Top
 
Deleted User
Deleted User

Only the root admin can edit the root admin's account.
If anyone else tries, they'll get an error saying as much.
He either discovered your admin account password or your email account password, or there's the more remote chance that he managed to somehow get you to download a keylogger or other trojan.
I'd suggest immediately changing your email password (and security questions if your email service has them), and scanning your system for trojans, just in case.
Quote Post Goto Top
 
The Judge
Member
[ *  * ]
O.K. I talked to the guy and I think I figured out what happened. I had two accounts in the root administration group. One account was just a test account but I always kept it in the root admin group it was member number 2. My main account was member number 1. He changed the e-mail for member number 2 and kicked that account out of the root admin group. He never tried member number 1 which must be protedted from such stuff. I just assumed if he could do it to one he could do it to both. My mistake.
Offline Profile Quote Post Goto Top
 
1 user reading this topic (1 Guest and 0 Anonymous)
« Previous Topic · zIFBoards Discussion · Next Topic »
Add Reply