phpBB "Who is Online" feature

[Emdek]

..nexus kinda looks like my dad...

Hope that his surname is not Reed...

[Maedhros]

...uh oh

[KukY]

...uh oh

[Roux Le Corps]

im must be out of the loop i dont get it ~noob skillz~

[Desolator4u]

Surprised that hasn't been locked lol!

Nuff Respeck
~Des

[Zarel]

We don't lock threads for no reason, especially not in Lounge, which is the equivalent of Off Topic.

[Maedhros]

yeah...its a talent, only i could go off topic in an off topic board lol

[cybersphinx]

Yeah, those nicks are "Niki", "totala" and "Kufbufbiv".
It is a real mystery...

To clear the mystery a bit, they identify as:

• Niki: "Mozilla/5.0 (compatible; Yahoo! Slurp/3.0; http://help.yahoo.com/help/us/ysearch/slurp)"
• totala: "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
• Kuvbufbib: "msnbot/2.0b (+http://search.msn.com/msnbot.htm)"

And as a bonus we have

• Suprano: "Baiduspider+(+http://www.baidu.com/search/spider.htm)"

All accessing the site from the indicated company's IP. But now we have a new mystery: Why do the search engine spider bots use real forum accounts, and how did they get access to them? Especially, why does Baidu, a Chinese Search engine, use the account of a user from Germany?

[macuser]

And to make thing even more complicated, Why do they send/recieve private messages (i've seen them doing so on viewing who's online)

[cybersphinx]

That might be just accessing the pages while spidering, without doing any actual sending of messages.

Edit: Also, linux is "msnbot-media/1.1 (+http://search.msn.com/msnbot.htm)".

[macuser]

Funny name for a microsoft bot

Also some of them have actually posted for instance suprano has posted 31 times

[EvilGuru]

I do not believe that these bots/spiders are creating forum accounts.

They are instead doing what they are designed to do: follow links from other parts of the internet. In these cases it is likely that the above users posted links to the forum while having cookies disabled. A consequence of this is that the PHP session ID was passed via the URL. Hence, anyone clicking on those URLs shortly after would gain access to their session.

Doing this not only keeps the session active but also causes these bots to appear to be logged in as a given user.

Polemically yours, Freddie.

[macuser]

Ah, that makes sense . Now the question remains: Should we notify the actual account holder about the situation?

[KukY]

Ah, that makes sense . Now the question remains: Should we notify the actual account holder about the situation?

I would just delete those accounts.

[cybersphinx]

If EvilGuru's theory is right, it should be enough to block them until the session times out.