New user has superuser available to them?

[Boofo]

I just had a new user enter the game tonight, and I saw this in their Edit User info (under Misc Info --> Allowed Navs) and wasn't sure what to make of it. The superuser.php is what has me concerned as they are still in the Isle of Wen. Is this anything to be worried about? I know the person and she is not a hacker or anything.

array(29) {
'superuser.php' = '1'
'user.php' = '1'
'taunt.php' = '1'
'creatures.php' = '1'
'configuration.php' = '1'
'badword.php' = '1'
'armoreditor.php' = '1'
'bios.php' = '1'
'donators.php' = '1'
'referers.php' = '1'
'retitle.php' = '1'
'stats.php' = '1'
'viewpetition.php' = '1'
'weaponeditor.php' = '1'
'village.php?refresh=1&c=12-191905#village-newbie' = '1'
'village.php?refresh=1&c=12-191905' = '1'
'forest.php?c=12-191905' = '1'
'login.php?op=logout&c=12-191905' = '1'
'train.php?c=12-191905' = '1'
'runmodule.php?module=newbieisland&op=leave&c=12-191905' = '1'
'runmodule.php?module=tutor&op=helpfiles&c=12-191905' = '1'
'weapons.php?c=12-191905' = '1'
'armor.php?c=12-191905' = '1'
'bank.php?c=12-191905' = '1'
'petition.php?op=faq&c=12-191905' = '1'
'news.php?c=12-191905' = '1'
'list.php?c=12-191905' = '1'
'prefs.php?c=12-191905' = '1'

[Afkamm]

Check the game settings page in the grotto. The "account creation" section allows you to give new accounts superuser flags. Make sure the top 4 boxes are unticked.

[Boofo]

That was the first thing I checked when I noticed that. I just checked it again to make sure, though. That are all unchecked. I didnlt notice it before this user. Maybe I should have been paying more attention. Is there any way to track it down to a certain mod maybe?

[kickme]

It's expected behaviour. It gives them "access" to the superuser pages (but not links. Notice how they don't end in ?c=12-191905) so that they can try to "hack" the superuser pages by visiting the URLs manually and get kinda destroyed for it. You can see what happens by creating a new account, going to a village and manually going to superuser.php

[Boofo]

Thank you very much for that explanation. I was getting kind of nervous. I know this lady so she wasn't a problem, but I figured someone else might be later on. So, it is kind of a  bait and hook in a good way? It let's them get it out of their system right off the bat, those that would try it?

I had another user test the SU backdoor login mod by giving her the link and she wasn't a superuser. She got badnaved right off, so I knew that worked. Thank you again for easing my mind, what little there is left of it.