e107help.org Q&A
0 like 0 dislike
Last night my forum was hacked with a lot of porn entries. There is no user account, so the hacker has found a way to add elements to the database without making a logon. That sounds like a security breach. I'm running the latest release, does anybody have experienced the same, is there something I can do except closing the forum?
e107 version latest from git.
in Plugins by (274 points) 11 21 34
closed by

1 Answer

0 like 0 dislike
Best answer
Sorry, my bad. One of the moderators had made a few forums and forgot to set the rights well. By default the forums are open to anyone, so no account was needed to post. Corrected that, and I expect no issues any more.

(Isn't it a good idea to set the security by default to members or admin instead of anybody?)
by (274 points) 11 21 34
If you use google, you will find the most hatefull article against e107 is exactly because this. Nothing was changed during long time.
If I remember this had been changed since since 2.2.0 but for sure in 2.3.0.
Welcome to e107 Q&A, where you can ask questions and receive answers from other members of the e107 community.
988 questions
1,384 answers
2,511 users