hack of E107 forum [closed]

Question 1

Last night my forum was hacked with a lot of porn entries. There is no user account, so the hacker has found a way to add elements to the database without making a logon. That sounds like a security breach. I'm running the latest release, does anybody have experienced the same, is there something I can do except closing the forum?

Question 2

Sorry, my bad. One of the moderators had made a few forums and forgot to set the rights well. By default the forums are open to anyone, so no account was needed to post. Corrected that, and I expect no issues any more.

(Isn't it a good idea to set the security by default to members or admin instead of anybody?)

Question 3

If you use google, you will find the most hatefull article against e107 is exactly because this. Nothing was changed during long time.

Question 4

If I remember this had been changed since since 2.2.0 but for sure in 2.3.0.

aducom · Answer 1 · 2020-09-18T07:10:39+0000

Sorry, my bad. One of the moderators had made a few forums and forgot to set the rights well. By default the forums are open to anyone, so no account was needed to post. Corrected that, and I expect no issues any more.

(Isn't it a good idea to set the security by default to members or admin instead of anybody?)

If you use google, you will find the most hatefull article against e107 is exactly because this. Nothing was changed during long time. — Jimako, Sep 22, 2020
If I remember this had been changed since since 2.2.0 but for sure in 2.3.0. — Moc, Dec 5, 2020

hack of E107 forum [closed]

Please log in or register to add a comment.

1 Answer

Please log in or register to add a comment.