EasyBlog blog spam attack
By bill on Thursday, 19 February 2015
Posted in Technical Issues
Replies 5
Likes 0
Views 664
Votes 0
Our EasyBlog was hacked this morning. Users were registered and posted blogs that were emailed out to our database.

Is there an update available to stop this from happening again?

Thank you.
Hello Bill,

To stop this from happening, you can disable the registered usergroup from posting a blog in Easyblog>ACL: http://screen.stackideas.com/2015-02-19_2233.png Actually, the spam was able to post a blog because, they are able to register to your site and once they are registered, they can post a blog.
Nik Faris
·
Thursday, 19 February 2015 22:35
·
0 Likes
·
0 Votes
·
0 Comments
·
Same problem here. Registered User made a post and upload files to it´s user-folder.

The stupid thing on this is: the user never was logged in to Joomla. So there maybe there is more than the excepted ACL-settings todo.

KInd regars
Yannick
Yannick
·
Wednesday, 25 February 2015 16:36
·
0 Likes
·
0 Votes
·
0 Comments
·
Hello Yannick,

By right the ACL setting should prevents the user from writing the blog post at any cost. Perhaps you can provide us with Joomla backend and FTP access so we can get figure out why the user can post the blog?
Ezrul Fazwan
·
Wednesday, 25 February 2015 17:08
·
0 Likes
·
0 Votes
·
0 Comments
·
Ah thanks never thought of looking at the ACL settings set all to know NO
Pete Rossetti
·
Thursday, 26 February 2015 02:46
·
0 Likes
·
0 Votes
·
0 Comments
·
You are most welcome Pete
Mark
·
Thursday, 26 February 2015 03:21
·
0 Likes
·
0 Votes
·
0 Comments
·
View Full Post