This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.
Please use forum.silverstripe.org for any new questions
(announcement).
The forum archive will stick around, but will be read only.
You can also use our Slack channel
or StackOverflow to ask for help.
Check out our community overview for more options to contribute.
Hi!
We have a problem with the blog module. Since 1 week we have some spam as blog posts.
Someone hacked our blog and is able to post spam as a full BlogEntry.
Does anybody know what to do or has similar problems? Are there som security patches or something?
Pleas help and discuss this.
Hmm... strange ?
At what site ?
The Site is http://nestbau.info/news
We receive every day a few spam posts!
(I deleted them - but there are still coming some more)
How is this possible?
Hacking user passwords or the script?
Did you tried to figure out what user-account has been used to create these posts? Maybe change all passwords and have a look if you're still getting SPAM posts?
Change your default username and passwords and see if that makes a difference.
As Administrator users I have only my Admin account and 2 other users. I changed right now all passwords and even the usernames.
The blog entries show no Member as Author (BlogEntry - > AuthorID = 0).
I'm going to wait what will happen today and post my results here.
(But I guess someone is able to post in a strange way.)
Oh no - half an hour after changing the Passwords still received a spam post!!!
I changed the post date backwards to 2008 to bann it from the homepage -> and you can see the new spam post here:
http://nestbau.info/your-comment-local-excelente-um-bom-tipojhge-o-o37/
How can this be possible? Is there a security gap somewhere?
Another idea - is there any possibility for other registerd members to post?
I have a few more Users as "Member" without any rights just for saving the game score and uploading images
(http://www.nestbau.info/game)
But I checked their access to the blog post script! They are not able to post or get access to the blog.
There must be some way for the spammer to get access to the blog. And I'm sure it is a script (not a real member) posting these things.
Some ideas what to do?
My problem is still alive and really grave!
Does anybody know how to stop this spam posts? I don't want to disable the whole blog module.
Guess I'm not the only one using Silverstripe and having this problem.
Is there any other experience?
