1835 Posts in 1139 Topics by 554 members
|Go to End||Next >|
2 July 2009 at 9:03pm
We have a problem with the blog module. Since 1 week we have some spam as blog posts.
Someone hacked our blog and is able to post spam as a full BlogEntry.
Does anybody know what to do or has similar problems? Are there som security patches or something?
Pleas help and discuss this.
2 July 2009 at 9:54pm
Hmm... strange ?
At what site ?
3 July 2009 at 5:01am
Did you tried to figure out what user-account has been used to create these posts? Maybe change all passwords and have a look if you're still getting SPAM posts?
3 July 2009 at 8:56am
Change your default username and passwords and see if that makes a difference.
3 July 2009 at 6:50pm Last edited: 3 July 2009 7:02pm
As Administrator users I have only my Admin account and 2 other users. I changed right now all passwords and even the usernames.
The blog entries show no Member as Author (BlogEntry - > AuthorID = 0).
I'm going to wait what will happen today and post my results here.
(But I guess someone is able to post in a strange way.)
3 July 2009 at 8:27pm Last edited: 4 July 2009 8:20am
Oh no - half an hour after changing the Passwords still received a spam post!!!
I changed the post date backwards to 2008 to bann it from the homepage -> and you can see the new spam post here:
How can this be possible? Is there a security gap somewhere?
Another idea - is there any possibility for other registerd members to post?
I have a few more Users as "Member" without any rights just for saving the game score and uploading images
But I checked their access to the blog post script! They are not able to post or get access to the blog.
There must be some way for the spammer to get access to the blog. And I'm sure it is a script (not a real member) posting these things.
Some ideas what to do?
4 July 2009 at 8:17am Last edited: 4 July 2009 8:18am
My problem is still alive and really grave!
Does anybody know how to stop this spam posts? I don't want to disable the whole blog module.
Guess I'm not the only one using Silverstripe and having this problem.
Is there any other experience?
|Go to Top||Next >|