Hello Edward,

If you are on the latest version of EasyBlog, you shouldn't be hitting such issues. Your hosting provider needs to provide some detailed report as to why they have thought that it is related to EasyBlog

I'm up to date (see attached). Serviced provider traced the ip address and tracked its activity to the Blog section. The security logs showed access through the front end of easy blog. Also showed the hackers weren't able to access the site through the admin back end.

One other thing to note, the hackers targeted easy blog and were able to corrupt it some how so that images/galleries don't display, just the gallery code itself.

Hello Edward,

If your blog is publicly accessible, anyone can view the blogs on the front end and the report is a little vague I am not sure what you meant by targeting the images/galleries. Any samples?

Any one can view them, yes, that's the point of the blog. As I said, security logs showed that the hackers logged in through easy blog. They also targeted easy blog in some way and deleted some images and changed some of the code, i don't know what parts got changed, my priority is is getting my site back. I have re-installed easy blog and corrupted code appears to have been reverted to its oriignal state.

As I said, I kept the version up to date. Easy Blog was clearly targeted to gain access to my site.

Hello Edward,

Firstly I do understand your frustrations here but please provide us with the logs so that we can review this. Without any evidance of these hacking / hackers activities, I am afraid there is nothing we can do because there could be other means of hacking your website since you have other extensions installed as well.

I have reported the matter to out local and federal authorities who deal with hacking. The log files are with them and until they finish their investigations I cannot send them on to anyone.

Hello Edward,

Hm, what are the available logs that I can see or perhaps any trails that you have? You need to understand that we need to reverse engineer whatever that came in if it was really EasyBlog and locate where did the user came in from. If you are unable to provide us with any logs, there's really nothing we can do

Forgive me jumping in here, but surely, if your host is pointing the finger at EasyBlog, the sensible thing is to not only give Mark the logs, but also give him FTP and back end access so that this can be investigated. IF the hackers did use EasyBlog as a means of entry, then wouldn't the only logical thing to do is let the stack guys investigate? After all, who knows their code better than them?

If you've been hacked once, you'll probably get hacked again, unless preventative action is taken and IF EasyBlog has a vulnerability, let the guys look at it and fix it. There are 1001 ways your site could have been hacked and I wouldn't be so quick to point the finger at any one area or extension without a thorough investigation.

Thanks for understanding Mark

The site was hacked through EasyBlog. That has been proven. The logs are the subject of an investigation. This has been advised. No one is getting them until the investigation is done, this also is clear. Even when complete, I won't be handing over a full set of logs to anyone. And yes, steps should be taken to stop this happening again. I will be taking down EasyBlog. Not only is this not the first security issue they've had, but other than ask for logs, all they;'ve done is give an empty denial that its their fault. Useless.

Thanks for understanding Mark.

You do know this is like saying to Mercedes-Benz that an inherent fault with your car caused it to crash, but I won't let you investigate it

Just to add, remember NO software is immune to bugs or hacking. Thinking this is the case is counterproductive, as is accusing a company in an open forum of not doing anything about it is frankly ridiculous.

If you won't give over the logs, you won't give Mark access, then what do you expect them to be able to effectively to?

The logs are ESSENTIAL if they are to look into this and I wouldn't take the word of ANY host on face value.

Believe me, investigating and fixing security holes is the No. 1 priority of any respected software developer, so it is in yours and their interest to let them investigate. What if there are other vulnerabilities with your site that cause this?

Good luck.

No Mark, it really isn't. If they were serious, the first thing they would have asked is, can you send us a copy of the hack files, or possibly, can we have a look at the site and see for ourselves. But no. Logs and denial. As I said, useless.

Hello Edward,

Firstly, I do apologize if I did not sound serious but we are taking very serious measures especially with security related issues. The last security advisory which came off was addressed 30 minutes after we figured it out.

As to your point about us denying, I am sorry but I think you may have misunderstood me as there hasn't been any denials since the first post. I have been trying to get the logs to verify over what your hosting provider has claimed that the attacker came through EasyBlog and the logs would then show how the attackers came in.

You are only under the assumption that this was caused by EasyBlog because you were being informed by your hosting provider as mentioned in your first post. I do not know what really happened at your site and for us to blindly believe what your hosting provider said would be a silly thing to do because without providing any logs to us, we will never know what really happened.

When you mentioned "hacked files", there are no way to know how your hacker gained access to the files. Even if you provided the hacked files to us, we can't know what really happened. There are more than 100 different possibilities how the hacker got access to the files

1. Was your ftp user / password secure?
2. Was your hosting company doing anything to secure the server?
3. If you are on a shared hosting environment and your hosting provider has a bad file permission, was the script being injected from another customer's domain?
4. Was this really coming through EasyBlog?
5. Was this coming from another 3rd party extension?

The only answer to all the questions above is to look at your log files.

Hello,

I have also tried viewing through your page and noticed that when you scroll to the bottom of the page there is a very weird looking CB Login module. I am not sure if that is what you meant by hackers are attempted to login through EasyBlog page but take a look at my screen shot here, http://screencast.com/t/UYoW6XMp . I don't see any other login forms on EasyBlog apart from the module does look abnormal from what I can see here.

This module is available when you scroll down to the bottom of your page at the footer.