Jump to:

1851 Posts in 1606 Topics by 561 members

Blog Module

SilverStripe Forums » Blog Module » Posted Spam -> Blog module hacked!

Discuss the Blog Module.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1 2 3 4 5
Go to End
Author Topic: 4658 Views
  • cliersch
    Avatar
    Community Member
    75 Posts

    Posted Spam -> Blog module hacked! Link to this post

    Hi!
    We have a problem with the blog module. Since 1 week we have some spam as blog posts.
    Someone hacked our blog and is able to post spam as a full BlogEntry.

    Does anybody know what to do or has similar problems? Are there som security patches or something?

    Pleas help and discuss this.

  • Fuzz10
    Avatar
    Community Member
    787 Posts

    Re: Posted Spam -> Blog module hacked! Link to this post

    Hmm... strange ?

    At what site ?

  • cliersch
    Avatar
    Community Member
    75 Posts

    Re: Posted Spam -> Blog module hacked! Link to this post

    The Site is http://nestbau.info/news
    We receive every day a few spam posts!

    (I deleted them - but there are still coming some more)
    How is this possible?

    Hacking user passwords or the script?

  • banal
    Avatar
    Community Member
    901 Posts

    Re: Posted Spam -> Blog module hacked! Link to this post

    Did you tried to figure out what user-account has been used to create these posts? Maybe change all passwords and have a look if you're still getting SPAM posts?

  • Willr
    Avatar
    Forum Moderator
    5497 Posts

    Re: Posted Spam -> Blog module hacked! Link to this post

    Change your default username and passwords and see if that makes a difference.

  • cliersch
    Avatar
    Community Member
    75 Posts

    Re: Posted Spam -> Blog module hacked! Link to this post

    As Administrator users I have only my Admin account and 2 other users. I changed right now all passwords and even the usernames.

    The blog entries show no Member as Author (BlogEntry - > AuthorID = 0).

    I'm going to wait what will happen today and post my results here.

    (But I guess someone is able to post in a strange way.)

  • cliersch
    Avatar
    Community Member
    75 Posts

    Re: Posted Spam -> Blog module hacked! Link to this post

    Oh no - half an hour after changing the Passwords still received a spam post!!!

    I changed the post date backwards to 2008 to bann it from the homepage -> and you can see the new spam post here:

    http://nestbau.info/your-comment-local-excelente-um-bom-tipojhge-o-o37/

    How can this be possible? Is there a security gap somewhere?

    Another idea - is there any possibility for other registerd members to post?

    I have a few more Users as "Member" without any rights just for saving the game score and uploading images

    (http://www.nestbau.info/game)

    But I checked their access to the blog post script! They are not able to post or get access to the blog.

    There must be some way for the spammer to get access to the blog. And I'm sure it is a script (not a real member) posting these things.
    Some ideas what to do?

  • cliersch
    Avatar
    Community Member
    75 Posts

    Re: Posted Spam -> Blog module hacked! Link to this post

    My problem is still alive and really grave!
    Does anybody know how to stop this spam posts? I don't want to disable the whole blog module.

    Guess I'm not the only one using Silverstripe and having this problem.
    Is there any other experience?

    4658 Views
Page: 1 2 3 4 5
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.