Hide admin status in forum by default?
I was thinking about the security issues currently discussed and am wondering that may be the main reason a thief can steal access to server or database is because he knows that an admin normally has that access.
What if the admin status is hidden in the forum by default? If nobody is known as an admin, the thief need to inspect almost all accounts. Of course they can suspect user profile number 1 as default admin, but the true admin could change that account to regular user or delete it.
Of course, the forum admin may disclose his identity as his own will, but not by default.
Since this is just an idea, I was thinking, may be this can first be made as an addon rather than a feature? Or is it better as a feature?
Re: Hide admin status in forum by default?
Reply #3 –
I don't know how much security would increase with just hiding the group.
Would you leave your car open just because the doors are hidden behind a curtain?
Most of the hacking done nowadays, are based on re-using of passwords and usernames across multiple sites (even very old passwords, because during the recent github attack, the hackers were using an old database of passwords from myspace as far as I understood), so hackers don't really care about the username or the role, they just try out any possible combination they have handy across multiple websites.
Also, from my experience, most of the forum admin wants to be recognized as admin and owners of the forum with a big shiny button screaming "ADMIN", and wants to have the admin interface handy for whatever they want to do.
Re: Hide admin status in forum by default?
Reply #5 –
Don't know if this helps and probably has nothing to do with this topic, but on my board where I am admin, I am using an username which is different from the username displayed on forum. So before anyone can try to login with my account he need to know my real username
Re: Hide admin status in forum by default?
Reply #9 –
Is it possible to hide the admin user and hide all references to user ID 1 too? That would be real hiding of the first (admin) user.
Re: Hide admin status in forum by default?
Reply #10 –
My idea was:
1. You may need to change user ID #1 to non-admin or delete that account.
2. Do not use any admin account for posting or the addon can be used to block it.
3. Faked admin user can be created for posting purposes.
4. May be, additionally or alternatively, make only admin can access any other admin account but not guest or other registered user or error page could not be found or something.
Re: Hide admin status in forum by default?
Reply #11 –
But if I make another user to admin (and delete user with ID=1), the new admin user is in the admin user group and can be found via searching the groups, or not? The admin user group must be hidden too.
Re: Hide admin status in forum by default?
Reply #12 –
That is what I was trying to say in #4. But user #1 will always be the target as he is by default an admin user.
Re: Hide admin status in forum by default?
Reply #14 –
Many people here have to stay awake to watch Euro too. Unfortunately, I do not have high interest in football.