Thread

OK, I’m only running this by you for help composing a reply to respectfully explain why this is not sound thinking. I know the site users can’t be expected to be aware of how everything functions but this seems to be quite a stretch.

Here’s the background…

We have a community events calendar set up in an EEv1.6.8 MSM site. The users need to register for an account using the self-confirmation email method. When registering, we don’t ask for anything more than an email address, username, screen name and password. No personal info. This person signed up maybe a year or less ago and had posted 2 events (entries) using an SAEF that will not show unless you are logged in. After the event is submitted, the poster will receive a confirmation email with the entry details. These entries she’d submitted were for events her choir group was having.

About a week ago, she emailed site support (me) claiming she got an entry confirmation for an event she didn’t post. This posting was under her account, and the subject of this posting was also for a legitimate upcoming event for the same choir group.

HERE’S THE FUN PART!
She’s alleging someone hacked into our database, decoded her password, logged in as her and then posted a legitimate event for her choir group! Dastardly!

This is the actual text of her last email to me:

“Since [our site name] cannot access passwords [I’d told her we don’t have direct access to the passwords within the control panel], that means that the credentials I established must have been discovered by means of hacking.  Whoever did that would only have been interested in that particular account—they wanted to post an event—so it makes sense that you have not received any other alerts to further breaches of security.
    What is your policy on investigating a complaint of hacking?  Will you investigate this at my request?  I would like confirmation that hacking occurred, and also any other information that can be discovered, such as the location of the computer or account from which the illicit activity occurred.”

So is there a technical explanation of why this could not have been a security breach in EE? Any help defusing the situation would be appreciated.

So, she left her browser logged in and someone used it? Danged renegade choir member event hackers anyway.  Let your gaze up for *one second* and suddenly there’s confusion at the church doors….😊

So, she left her browser logged in and someone used it? Danged renegade choir member event hackers anyway.  Let your gaze up for *one second* and suddenly there’s confusion at the church doors….😊

It had been months since she posted prior to this. My guess is that either she uses the same login/password for everything and someone in her group knows it, or, she has the login form info saved in her browser. ...or she has amnesia.

But I know if I just tell her she must have screwed up and spend weeks going back and forth, I’d rather rattle off the reasons ExpressionEngine is an impenetrable fortress.

I’d be professional yet curt and to the point: “I’m sorry, but a cursory review of the server logs turns up no evidence to support that this event is an instance of our server being hacked.”  Maybe stop there, or maybe add your comments “Most likely someone either knows your password or it’s stored locally in your browser.”  Maybe also add something about the costs of the investigation not being worth the potential “damage” done.

Thanks for the assistance, Mike.

Kyle, I agree with you, there’s no way this is a hack. I also agree with Mike, I would do everything I could to avoid getting into it with her over this. If she won’t let it go, however, I would try to reason with her that it doesn’t make sense that a hacker would post a legitimate event to their site. That means that more than likely, it was a simple, honest mistake by another choir member using her computer with a saved password or using another computer after having found her username and password written somewhere (like the front of her choir book).

I’m not sure the technical explanations would garner much here.