
Originally Posted by
Alcazar
What poisonpanik wanted to say is you should check the following permissions of your groups:
* i_group_needed_member_add_power
* i_group_needed_member_remove_power
If they're not set or to a lower value than someones "i_group_member_add_power" and "i_group_member_remove_power" value, a user can add himself to that group.
Also, check if there not any unused tokens left, that may grant user certain privileges or if any of them were use recently by users you dont know.
Also check who has these permissions:
* b_virtualserver_token_list
* b_virtualserver_token_add
* b_virtualserver_token_delete
Btw, nice new avatar poison, looks better than the old one...