Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We're retiring the forums!

The SilverStripe forums have passed their heyday. They'll stick around, but will be read only. We'd encourage you to get involved in the community via the following channels instead:

Blog Module /

Discuss the Blog Module.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

Posted Spam -> Blog module hacked!

Go to End

35 Posts   6417 Views


Community Member, 75 Posts

2 July 2009 at 9:03pm

We have a problem with the blog module. Since 1 week we have some spam as blog posts.
Someone hacked our blog and is able to post spam as a full BlogEntry.

Does anybody know what to do or has similar problems? Are there som security patches or something?

Pleas help and discuss this.


Community Member, 791 Posts

2 July 2009 at 9:54pm

Hmm... strange ?

At what site ?


Community Member, 75 Posts

3 July 2009 at 3:29am

The Site is
We receive every day a few spam posts!

(I deleted them - but there are still coming some more)
How is this possible?

Hacking user passwords or the script?


Community Member, 904 Posts

3 July 2009 at 5:01am

Did you tried to figure out what user-account has been used to create these posts? Maybe change all passwords and have a look if you're still getting SPAM posts?


Forum Moderator, 5523 Posts

3 July 2009 at 8:56am

Change your default username and passwords and see if that makes a difference.


Community Member, 75 Posts

3 July 2009 at 6:50pm

Edited: 03/07/2009 7:02pm

As Administrator users I have only my Admin account and 2 other users. I changed right now all passwords and even the usernames.

The blog entries show no Member as Author (BlogEntry - > AuthorID = 0).

I'm going to wait what will happen today and post my results here.

(But I guess someone is able to post in a strange way.)


Community Member, 75 Posts

3 July 2009 at 8:27pm

Edited: 04/07/2009 8:20am

Oh no - half an hour after changing the Passwords still received a spam post!!!

I changed the post date backwards to 2008 to bann it from the homepage -> and you can see the new spam post here:

How can this be possible? Is there a security gap somewhere?

Another idea - is there any possibility for other registerd members to post?

I have a few more Users as "Member" without any rights just for saving the game score and uploading images


But I checked their access to the blog post script! They are not able to post or get access to the blog.

There must be some way for the spammer to get access to the blog. And I'm sure it is a script (not a real member) posting these things.
Some ideas what to do?


Community Member, 75 Posts

4 July 2009 at 8:17am

Edited: 04/07/2009 8:18am

My problem is still alive and really grave!
Does anybody know how to stop this spam posts? I don't want to disable the whole blog module.

Guess I'm not the only one using Silverstripe and having this problem.
Is there any other experience?

Go to Top