investigating Reports that users are accidentally getting logged in as different users?

Zachary Moonshine
Zachary Moonshine
@zachary-moonshine
7 years ago
824 posts
it happened the other day i was in chat with some people and noticed when i wasnt typing my name posted a smiley in chat so i went to look at users online to see if i was logged in somewhere else and sure enough i had a diff ip address and was showing as looking at a different profile than what i was actually looking at here on my computer so i changed all passwords and emails and everything in fear that i had been hacked. Then today i see in a conversation between other people on site in chat they they experienced the same thing one guy says he was accidentally logged in as me and then another person so he restarted logged out and back in ? How do i fix this
updated by @zachary-moonshine: 08/14/17 05:58:50AM
paul
@paul
7 years ago
4,331 posts
Hi Zach - There's a new version of the User module in the Marketplace that may fix this. Can you update to that and let us know if you still see an issue?
Thanks
Paul


--
Paul Asher - JR Developer and System Import Specialist
Zachary Moonshine
Zachary Moonshine
@zachary-moonshine
7 years ago
824 posts
i dont see an update available for users module but i see a system core update?
Zachary Moonshine
Zachary Moonshine
@zachary-moonshine
7 years ago
824 posts
ohh wait i updated the system core now i see many other updates will update everything now and let you know
paul
@paul
7 years ago
4,331 posts
Yes - If there's a later Core module, that needs to be updated first.


--
Paul Asher - JR Developer and System Import Specialist
Zachary Moonshine
Zachary Moonshine
@zachary-moonshine
7 years ago
824 posts
well its been a few days and no signs of that happening anymore knock on wood
paul
@paul
7 years ago
4,331 posts
That's good Zach, but do let us know if it happens again.
Thanks
Pa


--
Paul Asher - JR Developer and System Import Specialist
Zachary Moonshine
Zachary Moonshine
@zachary-moonshine
7 years ago
824 posts
i will man that would be horrible if it was someone with malicious intent as i guess they could delete my entire site lmao
so far so good though cheers paul
Zachary Moonshine
Zachary Moonshine
@zachary-moonshine
7 years ago
824 posts
I am getting reports of this happening again?
Strumelia
Strumelia
@strumelia
7 years ago
3,603 posts
Hey Paul- do you remember when this was happening to me, right around the time when my FOTMD site was going live like around June 2015? I remember vaguely it had something to do with user/profile IDs, and something to do with the fact that my imported member profiles had not logged in yet and maybe had to do with I had not done the final member import yet...somehow ID #s were getting mixed up...can't quite remember why though... dang! Wish I could remember exactly what happened back then and why. But I do remember we got either Michael's or Brian's input on why it happened on several occasions, and you saying to me that once we went live the problem would correct itself.... and it did.
Sorry if this is rambling, but I do recall having the same issue long ago right before I went live from my ning migration. Then again, maybe that prob i had long ago was due to some other issue and has no bearing on this. Not much help, sorry!


--
...just another satisfied Jamroom customer.
Migrated from Ning to Jamroom June 2015
paul
@paul
7 years ago
4,331 posts
Hi Strum - Yes, I do remember the conversation, but like you, I can't remember the details. Let me try to remember.
Zach - Do you have any more details? Which user logged in, and which account he ended up on? Can you find the login on the Activity Log? If so, what does it say? Also check the '?' icon on the right for more Activity details.
Thanks
Paul


--
Paul Asher - JR Developer and System Import Specialist
Zachary Moonshine
Zachary Moonshine
@zachary-moonshine
7 years ago
824 posts
Lady Kat Chaos signed in a few nights ago and said it showed her logged in as me (my master admin account), she said she tried to refresh but it stayed the same so she logged out? I dont have an exact time and date i just found out about it yesterday.
Does this mean someone could completely erase my site if they wanted to, by somehow logging in as me?
Zachary Moonshine
Zachary Moonshine
@zachary-moonshine
7 years ago
824 posts
it would have been late at night could have been during system maint possibly ?
paul
@paul
7 years ago
4,331 posts
Hi Zach - We have an update to the User module that we're hoping will fix this, but as it involved some low level changes we're thoroughly testing the module before releasing it. Please note, however, that we have never seen this happen ourselves so are working blindly and trying to make assumptions on what might be happening on very rare occasions.


--
Paul Asher - JR Developer and System Import Specialist
Strumelia
Strumelia
@strumelia
7 years ago
3,603 posts
Paul, the most I can recall is that it had something to do with either user ID#s or Profile ID#s getting used by a duplicate or wrong other person. It had to do with the fact that those members from ning (who got assigned imported user #s) had not yet logged into the site themselves. Maybe I had visited their pages and thus 'assumed' their identity while on their profile page? I do know that this logging in as the wrong person only happened to me and my moderators (profile admins)- for my site it never occurred between regular quota members- only occurred for admins. Maybe I'll get a brain flash and remember more. I don't have our email about this from back then- maybe you do?- it was June 2015 that much I do know.


--
...just another satisfied Jamroom customer.
Migrated from Ning to Jamroom June 2015
Zachary Moonshine
Zachary Moonshine
@zachary-moonshine
7 years ago
824 posts
nothing on my site is imported from ning or anything else its all new though @strumelia ?
Zachary Moonshine
Zachary Moonshine
@zachary-moonshine
7 years ago
824 posts
it happened again and this time last night another user changed my account photo, this is extremely dangerous someone could change anything on my site by doing this?
Zachary Moonshine
Zachary Moonshine
@zachary-moonshine
7 years ago
824 posts
this user signed up and logged in last night around midnight right before system maint started and all the other times seem to be around that same time it never happens in the day ? sending a screen shot in a support ticket of the log
brian
@brian
7 years ago
10,148 posts
Zachary Moonshine:
this user signed up and logged in last night around midnight right before system maint started and all the other times seem to be around that same time it never happens in the day ? sending a screen shot in a support ticket of the log

I follow up on your ticket - thanks.


--
Brian Johnson
Founder and Lead Developer - Jamroom
https://www.jamroom.net
Zachary Moonshine
Zachary Moonshine
@zachary-moonshine
7 years ago
824 posts
happening now some other user is in chat room commenting as me?
michael
@michael
7 years ago
7,746 posts
can you ask them what they logged in as? Any useful info from them?
Strumelia
Strumelia
@strumelia
7 years ago
3,603 posts
When this used to happen to me on CometChat, it was due to the chat 'reading' people as their user numbers by a differnt number than the rest of JR was- when in fact it was supposed to be seeing people by their other number. User # and profile #s are differnet, and the chat was ID'ing people by the wrong one. Just a thought..


--
...just another satisfied Jamroom customer.
Migrated from Ning to Jamroom June 2015
Zachary Moonshine
Zachary Moonshine
@zachary-moonshine
7 years ago
824 posts
it was one of my friends he logged in as himself but the system made him me so we are chatting and it looked like i was talking to myself when i realised it was him i asked him to log out and back in and that fixed it when he came back in after that he was himself it was at 11:00pm seems to always happen around 11 or 12 at night when it does happen? maybe something to do with updates or something i dont know?
Zachary Moonshine
Zachary Moonshine
@zachary-moonshine
7 years ago
824 posts
looks like it happened again last night same time area during maintenance
Capture.PNG.png
Capture.PNG.png  •  26KB

Zachary Moonshine
Zachary Moonshine
@zachary-moonshine
7 years ago
824 posts
pretty embarrassing scrolling back through the chat i see that person carried conversations with people in chat as ME for almost an hour :(
alt=
K_K
@k-k
7 years ago
95 posts
This is pretty scary, damage could be bad if a malicious person happened to log in as admin.

Have the occurrences been solely in the chat or can it happen in the normal site too?
Zachary Moonshine
Zachary Moonshine
@zachary-moonshine
7 years ago
824 posts
im not sure what they can see when they do it, i mean most everybody knows me so it freaks em out when it happens and they log out usually and back in and they are fine then but yes the potential for disaster. so far i have not seen any blogs or things posted on my behalf that are not me so its possible all they can do is chat but i really dont know. its hard to say since the majority of my community comes just to chat with the djs?
Zachary Moonshine
Zachary Moonshine
@zachary-moonshine
7 years ago
824 posts
Happened again last night while I was logged in even
brian
@brian
7 years ago
10,148 posts
We had one other site report this to us a bit back - I believe the problem lies in the "session sync" function in the User module, but we've never been able to actually replicate here. However, Users 2.2.0b2 has all new session sync functions, so updating to Jamroom Core 6.1.0b2 and the latest beta modules can hopefully help this.

I know it's a beta release, so if you'd like to do that let me know your site login in a ticket and I can make sure you get updated correctly.

Hope this helps!


--
Brian Johnson
Founder and Lead Developer - Jamroom
https://www.jamroom.net
Zachary Moonshine
Zachary Moonshine
@zachary-moonshine
7 years ago
824 posts
brian:
We had one other site report this to us a bit back - I believe the problem lies in the "session sync" function in the User module, but we've never been able to actually replicate here. However, Users 2.2.0b2 has all new session sync functions, so updating to Jamroom Core 6.1.0b2 and the latest beta modules can hopefully help this.

I know it's a beta release, so if you'd like to do that let me know your site login in a ticket and I can make sure you get updated correctly.

Hope this helps!

support ticket sent with login details brian thanks hope this works
blindmime
@blindmime
7 years ago
772 posts
I believe I'm seeing similar behavior on one of my sites. At least evidently by way of my admin profile page's bio was changed by a spammer. Just by the way it looks, I don't think they knew they were putting the bio on the main profile page. Just FYI. I don't have any more details than that.