Today my client called me and claim some of his business client names were changed to some strange names. I have verified and found what he is saying is true.
I went to an (ADMIN page) I made to create profiles that contains the name of page user are routed to when sign in and other details (payment, logos list of users assign to this profile) .
From that page you can set users to a profile or create new Profiles. Now general rule I have workflow redirecting to index if a user is not logged in or if profile page doesn’t match the current user profile that I have assigned him to.
Some admin pages can be logged in if a user has an admin privilege’s so I created new text field on the user type called privilege this text by default is client. If that user is an admin for that profile I go to My administrator page (ADMIN) and change his privilege to admin.
For my administrator page (ADMIN) I am redirecting the users to index using workflow go to index if the user is not logged in or if SuperAdmin is no. (SuperAdmin is YES/No field. Field in USER datatype.
The issue was unauthorized access to ADMIN page:
I found two profiles has a new email assigned to them. Which means that the Funny guy (or like this I will call him) has created two email and assign each email to a profile and entered to that profile page and did the changes. The question is HOW DID HE STAYED IN THE ADMIN PAGE! If he was not SuperAdmin.
This SuperAdmin is not set to anything by default.
However I have tried with new user and I was redirected to profile page.
I have tried to press escape on browser when page was loading before it redirected if you keep pressing the loading will stop and you stay in admin page.
What I have done:
A. I made all elements on the ADMIN page invisible.
Until I know how did he stayed on the ADMIN page and made the changes.
B. I have changed Password policy. It was min 4 length nothing else required. I have changed them to 6 length all required
C. I have removed signup from index. I don’t allow random users anyways.
D. I capture last time logged in when a user press ENTER profile. From there I was able to retrieve the correct data to the time before he logged in and did the changes.
To be honest I was in panic trying to identify the right time to retrieve client data so I have not taking any backup to analysis further is there a way to retrieve that live data at the time to my development environment or have it sent to me without disturbing live data so I can check it further
I have not seen guidelines on how to protect Admin page. There is an option to limit access to app by username and password. But do we have something similar for individual page?
what i have done i put all element on the page in one group and i made it invisible and i put show workflow after the redirection workflow… so upon redirect workflow condition fulfillment the content of the page shows… is this enough? Or do i have to make popup password?