This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.
Please use forum.silverstripe.org for any new questions
(announcement).
The forum archive will stick around, but will be read only.
You can also use our Slack channel
or StackOverflow to ask for help.
Check out our community overview for more options to contribute.
Hm - no answers until 3 days... This is not a good sign.
I even deleted the tables of all members - but I still receive posted spam.
We run several sites on this server - but this is happen only inside one blog.
No ideas how to secure the blog module and how to stop that mess?
Keep Silverstipe save. Please help!
YHmmm...
Only thing I can come up with right now , is that the bot creates HTTP posts immediately to the server. And yes, that would be a security hole.
Try catching the full HTTP-post request from the browser and then manually sending it to the server... (log-out first).
Thanx Fuzz10 - for helping me.
How can I realize this "Try catching the full HTTP-post request from the browser and then manually sending it to the server... "
What should I do exactly?
Wow.. this is really strange. Are you sure you don't have any default username/passwords set up? A bot could just go to /news/post and log in with admin/password. I tried this and it didn't work, so it appears you've deleted the default admin account.
I wonder if you could put an IP restriction on the post() action until you figure out what's going on?
I really do not have an default admin user! I even deleted the Member and Member Password tables temporarily. But the spam posts still are comming in!
Your suggestion "put an IP restriction on the post()" -> can you post an example what to do?
Well, if the user gained access to your website control panel, database or ftp server, then he can easily bypass the SilverStripe security measures. I suggest you do the following, before trying to further shut-down/blame SilverStripe:
Update AFAIK if there's no admin user in the member database, one will automatically be created with username admin and password as password. What do you see in the CMS Security section after running /dev/build?
I really do not have an default admin user! I even deleted the Member and Member Password tables temporarily
This is bad - this will provide a security hole to the site, as the hacker could then run /dev/build?isDev=1 and recreate a dev admin user. If your site has been in dev mode or if your database has gone down then your mysql connection details could have been leaked and this could have access to this.
Make sure you are running SS2.3.2 as this has a security fix for an issue related to this
@willr -> As written above I changed at first all user names and passwords without success (more spam was posted). Then I deleted the Member/MemberPasswords table just for a while to see and check the database if somone is going to create a new member with a trick. But no member was created (!) an we still received spam posts.
Than I re-imported all my members and passwords tables.
I have definitely no default "admin/password" User and you cannot create one by the "dev/build" way.
Guess the problem must be somewhere else.
@banal
Thanks, Im going to check out your instructions tomorrow morning (German time :-)) Hope to find some solution.
