e107help.org Q&A
0 like 0 dislike
Last night my forum was hacked with a lot of porn entries. There is no user account, so the hacker has found a way to add elements to the database without making a logon. That sounds like a security breach. I'm running the latest release, does anybody have experienced the same, is there something I can do except closing the forum?
e107 version latest from git.
in Plugins by (274 points) 9 19 32
closed by

1 Answer

0 like 0 dislike
Best answer
Sorry, my bad. One of the moderators had made a few forums and forgot to set the rights well. By default the forums are open to anyone, so no account was needed to post. Corrected that, and I expect no issues any more.

(Isn't it a good idea to set the security by default to members or admin instead of anybody?)
by (274 points) 9 19 32
If you use google, you will find the most hatefull article against e107 is exactly because this. Nothing was changed during long time.
If I remember this had been changed since since 2.2.0 but for sure in 2.3.0.
Welcome to e107 Q&A, where you can ask questions and receive answers from other members of the e107 community.
962 questions
1,362 answers
2,404 users