Hey Tim,

I am really sorry for the delay of this reply as it is a weekend for us here. Is it possible for you to provide us with the back end and FTP access to your site to check on this issue?

What level of access do you require?

Having recently had my website compromised due to an issue with Easyblog 3.9 which, out of the box, allowed some Muppet to set themselves up as a blogger on my site and create a load of spam-my content that I am still struggling to expunge the junk from my SERPS; I am more than a little nervous about giving anyone access to the site.

I am happy to provide whatever information you might need, or perhaps we could arrange a remote session where I can at least see what is being done? It is nothing personal, but the hacking incident has taken me literally hours to try and remedy...and it is still ongoing some 8 weeks after the fact.

Hey Tim,

I am really sorry for the delay of this reply as it is a weekend for us here. Your site was not compromised because of EasyBlog 3.9. Your ACL settings in EasyBlog 3.9 most likely allowed "Registered" users to post and publish blog posts and since you did not configure Joomla to disallow users from registering on the site, anyone could register and post / publish blog posts on the site

We would require the Joomla super admin access and FTP access to the site. You can place them in the "Site Details" tab below as you can see from my screen shot here, http://screencast.com/t/c3J5vZuV2

These information will only be visible to us and nobody else.

Thanks Mark. Not gonna get into a bun fight over this but the reality is that, out of the box, Easyblog 3.9 ACL is configured in such a way that, when coupled with a Joomla mis-config, enables these spam-tards to compromise a website. I might have finally got rid of most of the crap content from my site, but I have back-links from a significant number of other websites (I can send you the disavow list if that helps, which continues to grow).

My view is simple, prior to implementing Easyblog 3.9 there were no issues with my site, then there were. I am glad to see that Easyblog 5 has closed the loop which is why I made the switch; and I have also made the appropriate Joomla config changes.

With regards to the Facebook thing, I think I can get around this for now as I have added AddThis share buttons beneath the blog posts; If you have a manual for Easyblog 5 I will happily work through that to ensure that (the current on-line manual seems to be for Easyblog 3.9).

Hey Tim,

Being compromised is a different level altogether compared to a combination of misconfiguration Thanks for updating, if you still need me to check on your issues, let me know