peregrine · ☯ · MVP

@businessdad

To make an absurd comparison, you would have been burned on the stake if you invented a mobile phone in the Middle Age. Find me one person who doesn't use them, nowadays. ;)

-I have found that person. :) As a businessman, what do you consider a fair price for the finder's fee.

yadbu - yet another difference between us! Ananchronisms do exist. So do long broad sweeping statements.

If you are looking for a person who doesn't use facebook, skype, linked in, or twitter as well as cable tv - I think i can find you one. I can also find you a person who never ate a "Big Mac",

I would run through the permissions table again and

assuming there is no flaw in the approval process.

1) see who has admin privs.
2) change all the passwords for admins.
3) change the password for your vanilla database users.
4) verify permissions on all directories
5) remove all plugins and download new versions.
6) look for any strange code or programs in your directories.
7) check your plugins against any known hacks.
8) http://vanillaforums.org/discussion/19285/security-vulnerability-flagging-plugin-2-0-18-2-and-earlier
9) do you have custom applications
10) what theme are you using.
11)

and you might want to list your plugins

check for vulnerable plugins: http://www.google.com/search?q=site:vanilla.org+xss

if for some reason you db tables are a bit suspect. easier than a visual check

you could run this in mysqladmin

  SELECT `RoleID`
    FROM `GDN_Permission`
    WHERE (
    `Garden.Users.Add` > '0'
    OR `Garden.Users.Edit` > '0'
    )


for all the role ids that are returned with those privs.

e.g. if 16 and 33 are returned, the use

SELECT `UserID` FROM `GDN_UserRole` WHERE RoleID = "16"   
SELECT `UserID` FROM `GDN_UserRole` WHERE RoleID = "33"   

this will give you the userids with those permissions.