Bug IP whitelisting no longer taking effect

Status
Not open for further replies.
Ever since we upgraded to PHP 7, the IP whitelist function no longer works, in that anyone can access the AdminCP regardless of if their IP is actually whitelisted or not. I have not seen any errors listed in the error log relating to this.
 
The only way this could happen is if another system like CloudFlare is messing with the REMOTE_ADDR server variable. Can you please double check you have not enabled CloudFlare, or any new settings within CloudFlare, recently?
 
The only way this could happen is if another system like CloudFlare is messing with the REMOTE_ADDR server variable. Can you please double check you have not enabled CloudFlare, or any new settings within CloudFlare, recently?

We've always had CloudFlare's CDN enabled - I would think this would prevent logging into the AdminCP if it was reporting a different IP though, no?


There have been some settings modified, but nothing that would effect the REMOTE_ADDR variable I don't believe. I did do a quick test to ensure that it was reporting the correct IP in the variable however.
 
Did you change anything else on your forum or your server other than upgrading to PHP 7?
 
Assuming you don't have the "Exclude Super Administrators" option enabled and only tested it with your own Super Administrator account, can you let me know the exact steps you took to test this?

In other words, did you simply try to have them visit the AdminCP, or did you also have them try to login to the AdminCP?
 
Assuming you don't have the "Exclude Super Administrators" option enabled and only tested it with your own Super Administrator account, can you let me know the exact steps you took to test this?

In other words, did you simply try to have them visit the AdminCP, or did you also have them try to login to the AdminCP?

I did disable the 'exclude Super Administrator' option, but even with or without it enabled it was having no effect regardless of if someone is a Super Admin (we have ~50 people with Forum Admin; I don't necessarily agree with that number but I digress...)

It doesn't prevent them from accessing or logging into the AdminCP. I did test this myself by attempting to connect via a VPS that isn't whitelisted.
 
In that case, have you tried disabling all other modifications? It sounds like you have a mod conflict.
 
Hello Devin Lee Clark,

This ticket has now been closed with the status Cannot Reproduce.

We hope your issue or question has been addressed to your satisfaction. If not, please feel free to re-open it by clicking this link.

If you have any further issues or questions, please feel free to start a new support ticket via the button at the top of every page.

Thank you!
 
Could you please create and PM me with a temporary FTP and AdminCP account?

For security reasons, we recommend you create a new FTP account only for DBTech support, then disable or delete it after we have both confirmed the issue has been solved and there are no further issues.

The same applies to AdminCP accounts; they should ideally be temporary accounts created for us only. If we have created an account on your site already, you can optionally boost that account to Administrator and then de-admin this account once the issue has been solved.

If you use a .htaccess password protection for your AdminCP directory, it is recommended that you create a new authorised user for DBTech and remove this user once the issue has been solved.

Please test any temporary accounts you create to ensure that the FTP account has access to the forum files, and that the AdminCP account can access the administrative controls for the product we are assisting you with.

Ensuring this is all in order before submitting the information will significantly speed up the process of assisting you. We will alert you via PM if there's any issues with the login information you have provided.

When sending the PM, for your security you should also un-tick the "Save a copy in my Sent Items folder" checkbox. When the access details have been received, we will delete the PM from our inbox. Ensuring you have not kept a copy of the PM reduces the risk of security breaches.

Thank you for helping us debug our products and allowing us to assist you, we appreciate it :D
 
Sorry, I am massively swamped with contractual obligations so I haven't been able to address this yet. I've not forgotten, and I'll get to it as soon as I can.

Sorry for the delay :(
 
An issue wherein no code in one of the Global Initialisation plugins wasn't being executed at all. That check had changed in my local copy which is why I couldn't replicate it at first.
 
Hello Devin Lee Clark,

This ticket has now been closed with the status Fixed.

We hope your issue or question has been addressed to your satisfaction. If not, please feel free to re-open it by clicking this link.

If you have any further issues or questions, please feel free to start a new support ticket via the button at the top of every page.

Thank you!
 
Status
Not open for further replies.

Legacy vBSecurity

vBulletin 3.8.x vBulletin 4.x.x
Seller
DragonByte Technologies
Release date
Last update
Total downloads
810
Customer rating
0.00 star(s) 0 ratings
Back
Top