! Need to reach moderating team, clicking the MT link gives 403 forbidden

[Gold]

Hi,

I sincerely apologise for posting here, but I need to reach the moderating team over a security risk, but clicking the Moderating Team link gives a 403 forbidden error.

Could a moderator please get in touch with me?

Thank you and sorry for any inconvenience caused.

[+theblazingangel MVC]

Presuming you're not a spammer... send a private message to the devs, and possibly also admins

 

Devs: https://www.neowin.net/forum/index.php?act=members&filter=30

Admins: https://www.neowin.net/forum/index.php?act=members&filter=6

 

The proper place for a post like this would have been the 'Site & Forum Issues' subforum:

https://www.neowin.net/forum/forum/19-site-forum-issues/

 

I'm sure a mod will move this there for you shortly (if it is not spam).

[Gold]

Hi,

Thank you very much. It is indeed not spam but a genuine request.

[sc302 Veteran]

If you want post here and one of us can answer your question. You can always pm a mod, they are green and dark green.

[Barney T. Administrators]

I suggest a PM as the topic might be sensitive. Posting here is open for all members to see what the issue might be.

[The Evil Overlord]

Might be easier for a mod to pm him and ask him who/what he needs help for/with seeing as he cannot reach the mod using the link supplied on the forum index...

[+theblazingangel MVC]

If you want post here and one of us can answer your question. You can always pm a mod, they are green and dark green.

Might be easier for a mod to pm him and ask him who/what he needs help for/with seeing as he cannot reach the mod using the link supplied on the forum index...

 

OP couldn't use the 'The Moderating Team' link, which was giving a 403 error when trying to load it (works fine for me, now at least), but didn't state there was a problem using the alternative links I provided, so there's no need for mods to PM him.

 

I presume you're using 'mod' here as referring to basically any staff member, rather than specifically a dev/admin. While mods are given the power to moderate content in the forum, they do not have keys to the kingdom. It is a sensible and deliberate choice to give out to staff only the access privileges that they need, not because they definitely can't be trusted with more privileges, but why take the risk, and because it is also more secure for fewer user accounts to have the more important privileges. We don't know what it is that OP has found, it may be nothing at all, it may be a genuine vulnerability in the website/forum, it may even be a misconfiguration in the server which gives an attacker total access to it. It's not like we're protecting nuclear secrets here, but still, mods, not having been granted total access, should not be handed information on possible means of gaining higher privileges than the site owners have chosen to grant them. Such information should only be given to those at the top of the privilege chain, the devs (who write the code, setup the IPB forum software and configure/maintain the servers) and the owners/admins. The higher up the chain you go, obviously the greater the amount of trust that has been placed in people, but even the supervisors afaik have not been granted total access and so are not really the right group to hand it to.

[The Evil Overlord]

OP couldn't use the 'The Moderating Team' link, which was giving a 403 error when trying to load it (works fine for me, now at least), but didn't state there was a problem using the alternative links I provided, so there's no need for mods to PM him.

 

I presume you're using 'mod' here as referring to basically any staff member, rather than specifically a dev/admin. While mods are given the power to moderate content in the forum, they do not have keys to the kingdom. It is a sensible and deliberate choice to give out to staff only the access privileges that they need, not because they definitely can't be trusted with more privileges, but why take the risk, and because it is also more secure for fewer user accounts to have the more important privileges. We don't know what it is that OP has found, it may be nothing at all, it may be a genuine vulnerability in the website/forum, it may even be a misconfiguration in the server which gives an attacker total access to it. It's not like we're protecting nuclear secrets here, but still, mods, not having been granted total access, should not be handed information on possible means of gaining higher privileges than the site owners have chosen to grant them. Such information should only be given to those at the top of the privilege chain, the devs (who write the code, setup the IPB forum software and configure/maintain the servers) and the owners/admins. The higher up the chain you go, obviously the greater the amount of trust that has been placed in people, but even the supervisors afaik have not been granted total access and so are not really the right group to hand it to.

There's me thinking he probably just wanted to be reminded which email address he used to join up 13 years ago

[Raa]

There's me thinking he probably just wanted to be reminded which email address he used to join up 13 years ago

How was he able to post a message using his 13 year old account then?

[The Evil Overlord]

How was he able to post a message using his 13 year old account then?

probably chance remembered his passwoid??