Tuesday, March 29, 2011

An Introduction to the Admin Log

Lchris once told me that when she began helping Dyebat purchase the fansite, she heard stories from and about various people and groups.  Some of these stories were contradictory and she didn’t know whom to believe - until they started telling stories about her.  Those she knew were lies.  She knew she had not done the things of which she was accused.

The same is true for Dyebat, Citroenlady and myself.  Dyebat knew that many of the things said about her were untrue.  They said she was being used.  They said she was mentally incompetent.  They said she was in league with people who wished to take over the fansite.  All nonsense.  Dyebat knew those stories were untrue.

Citroenlady was a member of a site purported to be trying to take over the fansite.  I was a member of two of them.  (Couldn’t they keep their stories straight?  From which site was the takeover supposed to be coming?)  We also knew that those stories were untrue.

So we set out to find out what really did happen. 

When I offered to help with the investigation of the events of last July at susan-boyle.com, I used things that were readily available to anyone.  I searched through the threads for information that could help explain what happened. 

But  the staff at the fansite began removing the older threads from public view.  With no access to the threads anymore, Dyebat and lchris decided to provide me with some of the data they had saved.  These copies of the database were made during the time Dyebat was the legal owner of the site.

The Board had also tasked lchris with looking into what happened.  She carefully saved and protected what she had collected.  Any reasonable person would expect that the board would need an additional neutral investigation, which they did promise, yet did not deliver.

One of the most useful parts of the database has proven to be the admin log.  It tells me what staff member performed what action.  It also tells when they did the action.  Here is an example of an action taken by staff.


adminlogid
userid
dateline
script
action
extrainfo
ipaddress
27803
6
1262175639
user.php
findnames

7x.xxx.xxx.xx1
27804
6
1262175643
banning.php
banuser

7x.xxx.xxx.xx1
27805
6
1262175658
banning.php
dobanuser
username = VIAGRAeus
7x.xxx.xxx.xx1


Admin log id is the unique number given each action recorded.  User id is the member number of the staff person who did the action.  Dateline is the time the action took place.  It is recorded in Unix code, which can be converted to conventional time.  (One of many such conversion sites is unixtimestamp)

Script is the part of the site in which the action took place.  Some examples are user, forum, options, usertools, usergroups, template and so on.  Action is what was done.  Some actions require more than one step, such as banuser and then dobanuser to ban someone.  Extra info sometimes, but not always, identifies the user or thread which was affected by the action.  IP address is the address of the staff member performing the action.  I have substituted Xs for most of the numbers for privacy reasons.

So in this case, it is possible to determine that LonniR (user # 6) banned a member on 12 / 30 / 09 @ 6:20:58am EST.  Given the user name (VIAGRAeus, which is likely a spammer), I think we can all agree that the action was justified.

The adminlog chart can be searched or rearranged, depending on what information I specify.  I can arrange the data by user id, by date, by action or by to whom the action was done. 

What about changing the record?  Can that be done?  Yes, but that too is recorded.  It shows in the admin log as changehistory.  

Another useful part of the data is the user change log.  It shows when a member was changed from one user group to another.  For example, when a new member registers, they must reply to an email to activate their account.  The time they do that is recorded.  Then they must be approved by a staff member and moved into the “registered users” group.  The time and person doing that is recorded, too.

These records have proved very useful.  The Board and/or the "investigator" used by the Board should have requested and examined these records, at the very least.    Lchris made the Board aware that she had collected and protected numerous log files and other data from various sources.  She requested additional data from Hostgator. She fully expected to be asked for them. But no one ever asked her.  

Lchris had shown PT how to access and search these records from the forum software Admin Control Panel on August 2.  PT searched the logs and asked questions.   So, PT was aware that these logs existed.  Yet, the official Board Investigation Report distorted and dismissed this data as irrelevant.  But it was not.