Gold Posted January 24, 2015 Share Posted January 24, 2015 Hi, I sincerely apologise for posting here, but I need to reach the moderating team over a security risk, but clicking the Moderating Team link gives a 403 forbidden error. Could a moderator please get in touch with me? Thank you and sorry for any inconvenience caused. Link to comment Share on other sites More sharing options...
+theblazingangel MVC Posted January 24, 2015 MVC Share Posted January 24, 2015 Presuming you're not a spammer... send a private message to the devs, and possibly also admins Devs: https://www.neowin.net/forum/index.php?act=members&filter=30 Admins: https://www.neowin.net/forum/index.php?act=members&filter=6 The proper place for a post like this would have been the 'Site & Forum Issues' subforum: https://www.neowin.net/forum/forum/19-site-forum-issues/ I'm sure a mod will move this there for you shortly (if it is not spam). Link to comment Share on other sites More sharing options...
Gold Posted January 24, 2015 Author Share Posted January 24, 2015 Hi, Thank you very much. It is indeed not spam but a genuine request. Link to comment Share on other sites More sharing options...
sc302 Veteran Posted January 24, 2015 Veteran Share Posted January 24, 2015 If you want post here and one of us can answer your question. You can always pm a mod, they are green and dark green. Link to comment Share on other sites More sharing options...
Barney T. Administrators Posted January 26, 2015 Administrators Share Posted January 26, 2015 I suggest a PM as the topic might be sensitive. Posting here is open for all members to see what the issue might be. +Kyle, Raa and +theblazingangel 3 Share Link to comment Share on other sites More sharing options...
The Evil Overlord Posted January 26, 2015 Share Posted January 26, 2015 Might be easier for a mod to pm him and ask him who/what he needs help for/with seeing as he cannot reach the mod using the link supplied on the forum index... Link to comment Share on other sites More sharing options...
+theblazingangel MVC Posted January 26, 2015 MVC Share Posted January 26, 2015 If you want post here and one of us can answer your question. You can always pm a mod, they are green and dark green. Might be easier for a mod to pm him and ask him who/what he needs help for/with seeing as he cannot reach the mod using the link supplied on the forum index... OP couldn't use the 'The Moderating Team' link, which was giving a 403 error when trying to load it (works fine for me, now at least), but didn't state there was a problem using the alternative links I provided, so there's no need for mods to PM him. I presume you're using 'mod' here as referring to basically any staff member, rather than specifically a dev/admin. While mods are given the power to moderate content in the forum, they do not have keys to the kingdom. It is a sensible and deliberate choice to give out to staff only the access privileges that they need, not because they definitely can't be trusted with more privileges, but why take the risk, and because it is also more secure for fewer user accounts to have the more important privileges. We don't know what it is that OP has found, it may be nothing at all, it may be a genuine vulnerability in the website/forum, it may even be a misconfiguration in the server which gives an attacker total access to it. It's not like we're protecting nuclear secrets here, but still, mods, not having been granted total access, should not be handed information on possible means of gaining higher privileges than the site owners have chosen to grant them. Such information should only be given to those at the top of the privilege chain, the devs (who write the code, setup the IPB forum software and configure/maintain the servers) and the owners/admins. The higher up the chain you go, obviously the greater the amount of trust that has been placed in people, but even the supervisors afaik have not been granted total access and so are not really the right group to hand it to. Link to comment Share on other sites More sharing options...
The Evil Overlord Posted January 27, 2015 Share Posted January 27, 2015 OP couldn't use the 'The Moderating Team' link, which was giving a 403 error when trying to load it (works fine for me, now at least), but didn't state there was a problem using the alternative links I provided, so there's no need for mods to PM him. I presume you're using 'mod' here as referring to basically any staff member, rather than specifically a dev/admin. While mods are given the power to moderate content in the forum, they do not have keys to the kingdom. It is a sensible and deliberate choice to give out to staff only the access privileges that they need, not because they definitely can't be trusted with more privileges, but why take the risk, and because it is also more secure for fewer user accounts to have the more important privileges. We don't know what it is that OP has found, it may be nothing at all, it may be a genuine vulnerability in the website/forum, it may even be a misconfiguration in the server which gives an attacker total access to it. It's not like we're protecting nuclear secrets here, but still, mods, not having been granted total access, should not be handed information on possible means of gaining higher privileges than the site owners have chosen to grant them. Such information should only be given to those at the top of the privilege chain, the devs (who write the code, setup the IPB forum software and configure/maintain the servers) and the owners/admins. The higher up the chain you go, obviously the greater the amount of trust that has been placed in people, but even the supervisors afaik have not been granted total access and so are not really the right group to hand it to. There's me thinking he probably just wanted to be reminded which email address he used to join up 13 years ago Link to comment Share on other sites More sharing options...
Raa Posted January 27, 2015 Share Posted January 27, 2015 There's me thinking he probably just wanted to be reminded which email address he used to join up 13 years ago How was he able to post a message using his 13 year old account then? Link to comment Share on other sites More sharing options...
The Evil Overlord Posted January 27, 2015 Share Posted January 27, 2015 How was he able to post a message using his 13 year old account then? probably chance remembered his passwoid?? Raa 1 Share Link to comment Share on other sites More sharing options...
Recommended Posts