Setting the Record Straight for Susan Boyle Fans: Admin Permissions

What happened to those new member accounts that were created by JudyOkla and Danileo? How did those members end up in the admin control panel? How were those new admin accounts set up? There is information regarding this in the admin log.

The person to whom an action is done is not identified every single time in the extrainfo column, but I have included an action if it occurred in close proximity to other identified actions. All times in Eastern Standard Time.

From 3:26 am until 4:04 am on July 17th, Danileo (user id = 57) worked with the account of EvaMarie (user id = 8036). She updated, edited and modified the user account.

Admin logid	userid	dateline	script	action	extrainfo	ipaddress
47580	57	1279355168 07 /17 /10 @ 3:26:08am EST	user.php	edit	user id = 8036	6x.xxx.xx.xx7 (Danileo)
47581	57	1279355314	user.php	update	user id = 8036	6x.xxx.xx.xx7 (Danileo)
47582	57	1279355317	user.php	modify	user id = 8036	6x.xxx.xx.xx7 (Danileo)
47583	57	1279356049 07/17/10 @ 3:40:49am EST	user.php	modify		6x.xxx.xx.xx7 (Danileo)
47584	57	1279356063 07 / 17 /10 @ 3:41:03am EST	user.php	find		6x.xxx.xx.xx7 (Danileo)
47585	57	1279356063	user.php	edit	user id = 8036	6x.xxx.xx.xx7 (Danileo)
47606	57	1279356986	user.php	edit	user id = 8036	6x.xxx.xx.xx7 (Danileo)
47607	57	1279357024 07 /17 /10 @ 3:57:04am EST	user.php	update	user id = 8036	6x.xxx.xx.xx7 (Danileo)
47608	57	1279357025	user.php	modify	user id = 8036	6x.xxx.xx.xx7 (Danileo)
47609	57	1279357032	user.php	edit	user id = 8036	6x.xxx.xx.xx7 (Danileo)
47615	57	1279357199	user.php	edit	user id = 8036	6x.xxx.xx.xx7 (Danileo)
47619	57	1279357474 07/17/10 @ 4:04:34am EST	user.php	update	user id = 8036	6x.xxx.xx.xx7 (Danileo)
47620	57	1279357475	user.php	modify	user id = 8036	6x.xxx.xx.xx7 (Danileo)
47623	57	1279357497 07/17/10 @ 4:04:57am EST	user.php	edit	user id = 8036	6x.xxx.xx.xx7 (Danileo)

At 5:27 pm on July 18th, JudyOkla (user id = 250) began to modify, edit and update the account for the first kaydaniels (user id = 8101). She continued until 6:15 pm.

Admin logid	userid	dateline	script	action	extrainfo	ipaddress
47768	250	1279492031 07/18/10 @ 5:27:11pm EST	user.php	modify	user id = 8101	9x.xxx.xxx.x7 (JudyOkla)
47863	250	1279493893	user.php	edit	user id = 8101	9x.xxx.xxx.x7 (JudyOkla)
47874	250	1279493992 07 /18 10 @ 5:59:52pm EST	user.php	update	user id = 8101	9x.xxx.xxx.x7 (JudyOkla)
47875	250	1279493993	user.php	modify	user id = 8101	9x.xxx.xxx.x7 (JudyOkla)
47881	250	1279494016	user.php	edit	user id = 8101	9x.xxx.xxx.x7 (JudyOkla)
47918	250	1279494439	user.php	edit	user id = 8101	9x.xxx.xxx.x7 (JudyOkla)
47919	250	1279494480 07/18/10 @ 6:08:00pm EST	user.php	update	user id = 8101	9x.xxx.xxx.x7 (JudyOkla)
47920	250	1279494490	user.php	modify	user id = 8101	9x.xxx.xxx.x7 (JudyOkla)
47921	250	1279494632	user.php	modify		9x.xxx.xxx.x7 (JudyOkla)
47922	250	1279494642	user.php	find		9x.xxx.xxx.x7 (JudyOkla)
47923	250	1279494642	user.php	edit	user id = 8101	9x.xxx.xxx.x7 (JudyOkla)
47929	250	1279494881	user.php	update	user id = 8101	9x.xxx.xxx.x7 (JudyOkla)
47930	250	1279494887	user.php	modify	user id = 8101	9x.xxx.xxx.x7 (JudyOkla)
47936	250	1279494936 07/18/10 @ 6:15:36pm EST	user.php	edit	user id = 8101	9x.xxx.xxx.x7 (JudyOkla)

Starting at 6:21 pm on July 18th, Danileo began to edit and update admin permissions for EvaMarie.

Admin logid	userid	dateline	script	action	extrainfo	ipaddress
47967	57	1279495274 07/18/10 @ 6:21:14pm EST	user.php	edit	user id = 8036	6x.xxx.xx.xx7 (Danileo)
47973	57	1279495301	user.php	update	user id = 8036	6x.xxx.xx.xx7 (Danileo)
47974	57	1279495302	user.php	modify	user id = 8036	6x.xxx.xx.xx7 (Danileo)
47975	57	1279495311 07/18/10 @ 6:21:51pm EST	admin permissions.php	edit	user id = 8036 (EvaMarie)	6x.xxx.xx.xx7 (Danileo)
47976	57	1279495343 07/18/10 @ 6:22:23pm EST	admin permissions.php	update	user id = 8036 (EvaMarie)	6x.xxx.xx.xx7 (Danileo)
47977	57	1279495345 07/18/10 @ 6:22:25pm EST	admin permissions.php			6x.xxx.xx.xx7 (Danileo)

From 6:25 pm to 6:27pm on July 18th, JudyOkla updated, modified and edited the account of roseym (user id = 8102).

Admin logid	userid	dateline	script	action	extrainfo	ipaddress
47986	250	1279495502 07/18/10 @ 6:25:02pm EST	user.php	update		9x.xxx.xxx.x7 (JudyOkla)
47987	250	1279495503 07/18/10 @ 6:25:03pm EST	user.php	modify	user id = 8102	9x.xxx.xxx.x7 (JudyOkla)
47988	250	1279495528	user.php	modify		9x.xxx.xxx.x7 (JudyOkla)
47999	250	1279495586	user.php	edit	user id = 8102	9x.xxx.xxx.x7 (JudyOkla)
48000	250	1279495643	user.php	update	user id = 8102	9x.xxx.xxx.x7 (JudyOkla)
48001	250	1279495648 07/18/10 @ 6:27:28pm EST	user.php	modify	user id = 8102	9x.xxx.xxx.x7 (JudyOkla)

At 7:47 pm, Danileo worked on the account of kaydaniels (user id = 8101). She repeatedly edited, updated and modified. She also altered the history of the account.

Admin logid	userid	dateline	script	action	extrainfo	ipaddress
48021	57	1279500465 07/18/10 @ 7:47:45pm EST	user.php	edit	user id = 8101	6x.xxx.xx.xx7 (Danileo)
48024	57	1279500610	user.php	editaccess	user id = 8101	6x.xxx.xx.xx7 (Danileo)
48033	57	1279500807	resources.php	view	usergroup id = 6	6x.xxx.xx.xx7 (Danileo)
48045	57	1279500996	user.php	edit	user id = 8101	6x.xxx.xx.xx7 (Danileo)
48048	57	1279501126	user.php	update	user id = 8101	6x.xxx.xx.xx7 (Danileo)
48049	57	1279501127	user.php	modify	user id = 8101	6x.xxx.xx.xx7 (Danileo)
48050	57	1279501134 07/18/10 @ 7:58:54pm EST	user.php	edit	user id = 8101	6x.xxx.xx.xx7 (Danileo)
48051	57	1279501152	user.php	update	user id = 8101	6x.xxx.xx.xx7 (Danileo)
48052	57	1279501153	user.php	modify	user id = 8101	6x.xxx.xx.xx7 (Danileo)
48053	57	1279501158	user.php	edit	user id = 8101	6x.xxx.xx.xx7 (Danileo)
48054	57	1279501248 07/18/10 @ 8:00:48pm EST	user.php	change history	user id = 8101	6x.xxx.xx.xx7 (Danileo)

At 8:03 pm JudyOkla returned to kaydaniels (8101). She modified, edited and also altered the record of the account.

Admin logid	userid	dateline	script	action	extrainfo	ipaddress
48056	250	1279501435 07/18/10 @ 8:03:55pm EST	user.php	modify		9x.xxx.xxx.x7 (JudyOkla)
48057	250	1279501448	user.php	find		9x.xxx.xxx.x7 (JudyOkla)
48058	250	1279501448	user.php	edit	user id = 8101	9x.xxx.xxx.x7 (JudyOkla)
48059	250	1279501460 07/18/10 @ 8:04:20pm EST	user.php	change history	user id = 8101	9x.xxx.xxx.x7 (JudyOkla)

Danileo revisited EvaMarie at 8:05 pm. This time her actions included a history change and modification of forum permissions.

Admin logid	userid	dateline	script	action	extrainfo	ipaddress
48063	57	1279501504 07/18/10 @ 8:05:04pm EST	user.php	edit	user id = 8036	6x.xxx.xx.xx7 (Danileo)
48064	57	1279501521 07/18/10 @ 8:05:21pm EST	user.php	change history	user id = 8036	6x.xxx.xx.xx7 (Danileo)
48065	57	1279501587 07/18/10 @ 8:06:27pm EST	forum permission.php	modify		6x.xxx.xx.xx7 (Danileo)

From 8:07 pm until 8:15 pm, JudyOkla continued working with the account of kaydaniels (8101). She edited, edited access and modified the account.

Admin logid	userid	dateline	script	action	extrainfo	ipaddress
48068	250	1279501659 07/18/10 @ 8:07:39pm EST	user.php	edit	user id = 8101	9x.xxx.xxx.x7 (JudyOkla)
48069	250	1279501739	user.php	editaccess	user id = 8101	9x.xxx.xxx.x7 (JudyOkla)
48070	250	1279502136 07/18/10 @ 8:15:36pm EST	user.php	modify		9x.xxx.xxx.x7 (JudyOkla)

By 8:29 pm, EvaMarie (user id = 8036) had successfully been given admin permissions. EvaMarie now appears in the admin log as the admin, rather than as the subject of an action. EvaMarie proceeded to “kill” the account of the apparently unsuccessful first kaydaniels. This action was performed from the IP address of Danileo.

Admin logid	userid	dateline	script	action	extrainfo	ipaddress
48090	8036	1279502992 07/18/10 @ 8:29:52pm EST	user.php	modify		6x.xxx.xx.xx7 (Danileo)
48091	8036	1279503005	user.php	find		6x.xxx.xx.xx7 (Danileo)
48092	8036	1279503005	user.php	edit	user id = 8101	6x.xxx.xx.xx7 (Danileo)
48093	8036	1279503027	user.php	remove	user id = 8101	6x.xxx.xx.xx7 (Danileo)
48094	8036	1279503037 07/18/10 @ 8:30:37pm EST	user.php	kill	user id = 8101	6x.xxx.xx.xx7 (Danileo)

From 8:34 pm to 9:21pm, JudyOkla again worked with the account of roseym (user id = 8102). She edited, updated and modified the account, including editing and updating admin permissions.

Admin logid	userid	dateline	script	action	extrainfo	ipaddress
48101	250	1279503296 07/18/10 @ 8:34:56pm EST	user.php	edit	user id = 8102	9x.xxx.xxx.x7 (JudyOkla)
48102	250	1279503321 07/18/10 @ 8:35:21pm EST	user.php	update	user id = 8102	9x.xxx.xxx.x7 (JudyOkla)
48103	250	1279503322	user.php	modify	user id = 8102	9x.xxx.xxx.x7 (JudyOkla)
48104	250	1279503332	admin permissions.php	edit	user id = 8102 (roseym)	9x.xxx.xxx.x7 (JudyOkla)
48105	250	1279503452 07/18/10 @ 8:37:32pm EST	admin permissions.php	update	user id = 8102 (roseym) (0 » 94208)	9x.xxx.xxx.x7 (JudyOkla)
48106	250	1279503453	admin permissions.php			9x.xxx.xxx.x7 (JudyOkla)
48132	250	1279505800	user.php	edit	user id = 8102	9x.xxx.xxx.x7 (JudyOkla)
48140	250	1279505927	usertools.php	doips	user id = 8102	9x.xxx.xxx.x7 (JudyOkla)
48145	250	1279505988 07/18/10 @ 9:19:48pm EST	user.php	edit	user id = 8102	9x.xxx.xxx.x7 (JudyOkla)
48146	250	1279505988 07/18/10 @ 9:19:48pm EST	user.php	edit	user id = 8102	9x.xxx.xxx.x7 (JudyOkla)
48151	250	1279506116 07/18/10 @ 9:21:56pm EST	user.php	edit	user id = 8102	9x.xxx.xxx.x7 (JudyOkla)

At 9:20 pm, EvaMarie turned her attentions to the newly established account of the second kaydaniels (user id = 8106). She edited and modified the account from the IP of Danileo.

Admin logid	userid	dateline	script	action	extrainfo	ipaddress
48150	8036	1279506048 07/18/10 @ 9:20:48pm EST	user.php	modify	user id = 8106	6x.xxx.xx.xx7 (Danileo)
48152	8036	1279506125 07/18/10 @ 9:22:05pm EST	user.php	edit	user id = 8106	6x.xxx.xx.xx7 (Danileo)

Apparently EvaMarie’s permissions still needed some work. Returning to her own account at 9:24 pm, Danileo edited, modified and updated EvaMarie once again. At 9:29 pm, Danileo edited access for the second kaydaniels account.

Admin logid	userid	dateline	script	action	extrainfo	ipaddress
48155	57	1279506248 07/18/10 @ 9:24:08pm EST	user.php	edit	user id = 8036	6x.xxx.xx.xx7 (Danileo)
48156	57	1279506294	resources.php			6x.xxx.xx.xx7 (Danileo)
48157	57	1279506343	resources.php	view	usergroup id = 6	6x.xxx.xx.xx7 (Danileo)
48158	57	1279506370 07/18/10 @ 9:26:10pm EST	forum permission.php	modify		6x.xxx.xx.xx7 (Danileo)
48159	57	1279506377 07/18/10 @ 9:26:17pm EST	forum permission.php	quickedit		6x.xxx.xx.xx7 (Danileo)
48160	57	1279506459	user.php	modify		6x.xxx.xx.xx7 (Danileo)
48161	57	1279506471	user.php	find		6x.xxx.xx.xx7 (Danileo)
48162	57	1279506472	user.php	edit	user id = 8036	6x.xxx.xx.xx7 (Danileo)
48163	57	1279506491	user.php	update	user id = 8036	6x.xxx.xx.xx7 (Danileo)
48164	57	1279506493 07/18/10 @ 9:28:11pm EST	user.php	modify	user id = 8036	6x.xxx.xx.xx7 (Danileo)
48165	57	1279506498	user.php	edit	user id = 8036	6x.xxx.xx.xx7 (Danileo)
48166	57	1279506538 07/18/10 @ 9:28:58pm EST	user.php	modify		6x.xxx.xx.xx7 (Danileo)
48168	57	1279506559 07/18/10 @ 9:29:19pm EST	user.php	edit	user id = 8106	6x.xxx.xx.xx7 (Danileo)
48170	57	1279506580	user.php	edit access	user id = 8106	6x.xxx.xx.xx7 (Danileo)
48172	57	1279506592	user.php	update access	user id = 8106	6x.xxx.xx.xx7 (Danileo)
48174	57	1279506593 07/18/10 @ 9:29:53pm EST	user.php	edit	user id = 8106	6x.xxx.xx.xx7 (Danileo)

At the same time, JudyOkla was working on the account of roseym to update and modify the account. At 9:36, JudyOkla switched her attention to kaydaniels (8106). She edited, modified and updated that account. JudyOkla edited, modified and updated admin permissions for both kaydaniels and EvaMarie.

Admin logid	userid	dateline	script	action	extrainfo	ipaddress
48169	250	1279506568 07/18/10 @ 9:29:28pm EST	usertools.php	doips (do ip search)	user id = 8102	9x.xxx.xxx.x7 (JudyOkla)
48171	250	1279506590 07/18/10 @ 9:29:50pm EST	user.php	update	user id = 8102	9x.xxx.xxx.x7 (JudyOkla)
48173	250	1279506592	user.php	modify	user id = 8102	9x.xxx.xxx.x7 (JudyOkla)
48185	250	1279507005 07/18/10 @ 9:36:45pm EST	user.php	edit	user id = 8106	9x.xxx.xxx.x7 (JudyOkla)
48186	250	1279507016	user.php	edit access	user id = 8106	9x.xxx.xxx.x7 (JudyOkla)
48187	250	1279507031	user.php	modify		9x.xxx.xxx.x7 (JudyOkla)
48193	250	1279507067	user.php	edit	user id = 8106	9x.xxx.xxx.x7 (JudyOkla)
48194	250	1279507070	user.php	edit access	user id = 8106	9x.xxx.xxx.x7 (JudyOkla)
48195	250	1279507078 07/18/10 @ 9:37:58pm EST	user.php	Update access	user id = 8106	9x.xxx.xxx.x7 (JudyOkla)
48196	250	1279507079	user.php	edit	user id = 8106	9x.xxx.xxx.x7 (JudyOkla)
48213	250	1279507277	user.php	edit	user id = 8106	9x.xxx.xxx.x7 (JudyOkla)
48228	250	1279507406	user.php	edit	user id = 8106	9x.xxx.xxx.x7 (JudyOkla)
48229	250	1279507533 07/18/10 @ 9:45:33pm EST	admin permissions.php	modify		9x.xxx.xxx.x7 (JudyOkla)
48230	250	1279507560	admin permissions.php	edit	user id = 8106 (kaydaniels)	9x.xxx.xxx.x7 (JudyOkla)
48231	250	1279507590 07/18/10 @ 9:46:30pm EST	admin permissions.php	update	user id = 8106 (kaydaniels)	9x.xxx.xxx.x7 (JudyOkla)
48232	250	1279507591	admin permissions.php			9x.xxx.xxx.x7 (JudyOkla)
48233	250	1279507597 07/18/10 @ 9:46:37pm EST	admin permissions.php	edit	user id = 8036 (EvaMarie)	9x.xxx.xxx.x7 (JudyOkla)
48234	250	1279507612	admin permissions.php	edit	user id = 8106 (kaydaniels)	9x.xxx.xxx.x7 (JudyOkla)
48235	250	1279507650	admin permissions.php	update	user id = 8106 (kaydaniels)	9x.xxx.xxx.x7 (JudyOkla)
48236	250	1279507651 07/18/10 @ 9:47:31pm EST	admin permissions.php			9x.xxx.xxx.x7 (JudyOkla)

JudyOkla resigned from her staff position at 11:12 pm on July 18th. Danileo posted her resignation at 11:20 pm. Thirteen minutes later, EvaMarie appeared with a proxy IP address. EvaMarie proceeded to update, modify and edit the account of Looie (user id = 8108). (Because it would not involve revealing a private IP address, I have not masked the numbers of this IP in order to show that it is a proxy. Check IP)

Admin logid	userid	dateline	script	action	extrainfo	ipaddress
48298	8036	1279514026 07/18/10 @ 11:33:46pm EST	user.php	update		67.159.44.51
48299	8036	1279514029	user.php	modify	user id = 8108	67.159.44.51
48300	8036	1279514065	user.php	edit	user id = 8108	67.159.44.51
48301	8036	1279514088	user.php	edit access	user id = 8108	67.159.44.51
48302	8036	1279514103	user.php	update access	user id = 8108	67.159.44.51
48303	8036	1279514107 07/18/10 @ 11:35:07pm EST	user.php	edit	user id = 8108	67.159.44.51

At 8:29 pm, EvaMarie had used the IP address of Danileo. At 11:33 pm, EvaMarie began using the IP address of a known proxy in Woodstock, IL. At 12:18 am on July 19, just 43 minutes later, EvaMarie began using an IP address located in the UK. There are three possible explanations for that. She had given the account information to someone in the UK, who had then logged on to the account. Or she had invented teleportation and could move around the globe with ease. Or, most likely, that was also a proxy.

EvaMarie continued to work on the account of Looie (8108). She edited access, updated and modified the account.

Admin logid	userid	dateline	script	action	extrainfo	ipaddress
48320	8036	1279516684 07/19/10 @ 12:18:04am EST	user.php	edit	user id = 8108	9x.xxx.xxx.xx2 (suspected proxy)
48321	8036	1279516703	user.php	edit access	user id = 8108	9x.xxx.xxx.xx2 (suspected proxy)
48322	8036	1279516737	user.php	update access	user id = 8108	9x.xxx.xxx.xx2 (suspected proxy)
48323	8036	1279516739 07/19/10 @ 12:18:59am EST	user.php	edit	user id = 8108	9x.xxx.xxx.xx2 (suspected proxy)
48327	8036	1279517231	user.php	update	user id = 8108	9x.xxx.xxx.xx2 (suspected proxy)
48328	8036	1279517233	user.php	modify	user id = 8108	9x.xxx.xxx.xx2 (suspected proxy)
48329	8036	1279517408 07/19/10 @ 12:30:08am EST	user.php	edit	user id = 8108	9x.xxx.xxx.xx2 (suspected proxy)

The second kaydaniels (8106) account was more successful than the first. She was given admin powers and modified, updated and edited access for Looie (8108) from 12:56 am until 1:04 am on July 19th. At 1:58 am, she began to work on the account of jayme(8109). She edited, modified and updated access for jayme. After a break, kaydaniels returned to the account of jayme at 12:13 pm to edit, update and modify. The IP address used by kaydaniels (8106) was that of JudyOkla.

Admin logid	userid	dateline	script	action	extrainfo	ipaddress
48330	8106	1279519018 07/19/10 @ 12:56:58am EST	user.php	modify		9x.xxx.xxx.x7 (JudyOkla)
48331	8106	1279519038	user.php	find		9x.xxx.xxx.x7 (JudyOkla)
48332	8106	1279519038	user.php	edit	user id = 8108	9x.xxx.xxx.x7 (JudyOkla)
48333	8106	1279519168	user.php	edit access	user id = 8108	9x.xxx.xxx.x7 (JudyOkla)
48334	8106	1279519426 07 /19 /10 @ 1:03:46am EST	user.php	edit access	user id = 8108	9x.xxx.xxx.x7 (JudyOkla)
48335	8106	1279519441	user.php	update access	user id = 8108	9x.xxx.xxx.x7 (JudyOkla)
48336	8106	1279519442 07/19/10 @ 1:04:02am EST	user.php	edit	user id = 8108	9x.xxx.xxx.x7 (JudyOkla)
48348	8106	1279522692 07/19/10 @ 1:58:12am EST	user.php	modify	user id = 8109	9x.xxx.xxx.x7 (JudyOkla)
48349	8106	1279522724	user.php	modify	user id = 8109	9x.xxx.xxx.x7 (JudyOkla)
48350	8106	1279522728	user.php	edit	user id = 8109	9x.xxx.xxx.x7 (JudyOkla)
48351	8106	1279522780	user.php	update	user id = 8109	9x.xxx.xxx.x7 (JudyOkla)
48352	8106	1279522781 07/19/10 @ 1:59:41am EST	user.php	modify	user id = 8109	9x.xxx.xxx.x7 (JudyOkla)
48374	8106	1279559587 07/19/10 @ 12:13:07pm EST	user.php	find		9x.xxx.xxx.x7 (JudyOkla)
48375	8106	1279559587 07/19/10 @ 12:13:07pm EST	user.php	edit	user id = 8109	9x.xxx.xxx.x7 (JudyOkla)
48376	8106	1279559601	user.php	update	user id = 8109	9x.xxx.xxx.x7 (JudyOkla)
48377	8106	1279559603 07/19/10 @ 12:13:23pm EST	user.php	modify	user id = 8109	9x.xxx.xxx.x7 (JudyOkla)

Pickled Tink wrote in the Board report of these incidents that “these accounts had no admin permissions attached to them and were fully visible in the admin panel and were never “secret.” I will take her word that the accounts were not secret to her. But the admin log shows that some of the new accounts were given admin permissions.

Note: If you are having trouble viewing the tables, it might help to try another browser. The tables do not always post correctly on Internet Explorer, but are okay with Firefox or Google Chrome.

Wednesday, April 6, 2011

Admin Permissions