ok its happened again, starting to wonder about the security of elgg. 2nd time a user has created an account and validated himself on elgg 1.8.8. I dont even have emails setup yet for a user to validate through email, can only be validated through admin, is there something to do different, or some plugin to keep this from happening?
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
interesting & strange... i 'm very curious & interested to study yr apache log(s) and to trace that user's tracks thru your site. if you're acquiescent (wanna get tothe 'bottom' of this) send me PM & you'll have 95% chance that we (I) can get this figured out right. to beat a hacker - you gotta think like a hacker !;-)
sent you a pm dhrup
may be he has logged in using twitter?
dont have a twitter plugin activated
better add a spam loggin filter plugin...
site isnt live, dont know if it will ever be, just screwing around learning a little, just trying to figure out how somebody can create an account and validate it without an email or being an admin
wha?
If the site isn't live how did somebody access your site in the first place?
i can only assume from here, i have posted the address a couple of times to get some feedback and help. I use a dedicated server and have no web address, only the server address
Wait what? Is your site live or not? That's a strange situation, that was solved in elgg 1.8.8 Can you give us your address again?
Rodolfo Hernandez
Arvixe/Elgg Community Liaison
dont know if i am saying this quite right or not.....it is not live as in i dont not have a web address, my brother set me up on his server, i type in a server name and my site pops up. the address is vsc.dyndns.org/cwp/elgg-1.8.3
and it says 1.8.3, but it is running elgg 1.8.8
- Previous
- 1
- 2
- Next
You must log in to post replies.