Last User IP not showing in database or user info

New Member Joined: May 28, 2006 Posts: 23

Hi,

I'm haveing a strange issue, and I don't know if I've been hacked or what. Maybe someone here can explane whats going on.

When I'm logged in as an admin, and I view a users information via:
http://www.mywebsite.com/modules.php?name=Your_Account&op=userinfo&username=whatever

, It shows the last user IP as my IP address. In our database, in the nuke_users table 2nd colum from the end, I am no longer getting IP addresses saved. They are showing up as zero. There are users who have IP addresses instead of zeros, but they are users who created accounts months ago. The last 15 users are not showing last IP address information other than zero. I am thinking that this started happening after I installed CNBYA, but I could be wrong because I just noticed it about a week ago. (Many weeks after installing CNBYA)

Does anyone know if installing CNBYA could have affected the last user IP address?

Is it a bug, or have I been hacked?

Server Info:
Website: www.seceight.com
PHP-NUKE v7.6 / patched 1.3
Apache2Triad version 1.4.4
Apache version 2.0.55
MySQL version 4.0.26
PHP version 4.4.2
CNB Your Account version 4.4.0

Thanks,
Slappy

Posted: Sun Jun 25, 2006 1:13 am

ive seen this on others site..but it had sentinel installed and tracked ips listed...and in sentinels tracked ips it was correct but in your_accunt it wasnt.

its definitley a weird issue but never resolved.

Posted: Sun Jun 25, 2006 2:14 am

Hmm,

Well, I have looked over the index.php of the CNBYA and the origional index.php that is default with Nuke, and I am seeing several differances in the area's where last_ip is written. In the origional file last_ip is written in 4 different places.

Here are the first 3:

Code:




if (is_admin($admin)) {


       echo "<br>";


          OpenTable2();


          if ($userinfo['last_ip'] != 0) {


              echo "<center>"._LASTIP." <b>".$userinfo['last_ip']."</b><br><br>";


           echo "[ <a href='".$admin_file.".php?op=ipban&amp;ip=".$userinfo['last_ip']."'>"._BANTHIS."</a> | <a href=\"".$admin_file.".php?op=modifyUser&amp;chng_uid=".$userinfo['username']."\">"._EDITUSER."</a> ]</center>";


          } else {


           echo "<center>[ <a href=\"".$admin_file.".php?op=modifyUser&amp;chng_uid=".$userinfo['username']."\">"._EDITUSER."</a> ]</center>";


       }

And then here:

Code:




docookie($setinfo['user_id'], $username, $new_pass, $setinfo['storynum'], $setinfo['umode'], $setinfo['uorder'], $setinfo['thold'], $setinfo['noscore'], $setinfo['ublockon'], $setinfo['theme'], $setinfo['commentmax']);


       $uname = $_SERVER['REMOTE_ADDR'];


       $db->sql_query("DELETE FROM ".$prefix."_session WHERE uname='$uname' AND guest='1'");


          $db->sql_query("UPDATE ".$prefix."_users SET last_ip='$uname' WHERE username='$username'");


   }

In the CNBYA index.php file, last_ip is only written once:

Code:




docookie($setinfo['user_id'], $username, $new_pass, $setinfo['storynum'], $setinfo['umode'], $setinfo['uorder'], $setinfo['thold'], $setinfo['noscore'], $setinfo['ublockon'], $setinfo['theme'], $setinfo['commentmax']);


       $uname = $_SERVER['REMOTE_ADDR'];


       $db->sql_query("DELETE FROM ".$prefix."_session WHERE uname='$uname' AND guest='1'");


          $db->sql_query("UPDATE ".$prefix."_users SET last_ip='$uname' WHERE username='$username'");


   }

I am not that great with code, so if someone could look this over and lend a hand. I am pretty sure that last_ip address's were being saved, and if the index.php of the origional Your_account is responsible for doing this function, then theres gotta be a way to incorporate the origional code into the new CNBYA index.php.