**** MY ENVIRONMENT INFOS ***
Remote SSD 2 VPS, running distro Ubuntu 18.04 LTS
Server.Control Panel : ISPConfig 3 (last version)
I am totaly a newbie to e107 CMS that I installed yesterday on a test environment (details hereafter), and I wish to have the community word about what I observed that seems to be a security lack (screenshots here below) :
While manipulating to e107 CMS to discover the “admin area“ functionalities, I observed that in the “Website status“ sub-pan, the “online“ tab was showing 2 connected users. I then clicked the tab to view the user list : one was the main admin member (myself) and the other connected one was labelled as a guest !!!!
Until now I did not inform any one yet about the domain name that allow to connect my website performed with e107 CMS, so how can this be, and how can I prevent it ?
Consequently, and for security reason as explained here on the web, I feel not confident to disable “Curl“ and “allow_url_fopen“, as suggested in the warning message that appeared on top of the PHPInfo page.
Awaiting for some help regarding these above, in the purpose to secure my CMS.