Hi
I recently had a problem where someone registered and posted a blog with malicious intent. Athough I deleted the 2 users (and now have siteaccess installed) and the blogs and everything else associated as a far as possible, there are a couple of fields that I cannot cannot remember whether they were there and part of the original structure or have been inserted somehow (I just dont remember seeing them before but dont want to delete them if they should be there - maybe I am just getting paranoid!)
in the _api_users table there is a field called 'secret'
the other one is in the _datalists table at the top and is called __site_secret__
Unfortunatley since the hacking there is now a problem with the dates - a new post seems to show as the previous day - even when I have checked the timestamps in the database.
(sorry my q doesnt work unless i really press hard - the title should be database fields query)
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
- Dave@dybedo
Dave - 0 likes
You must log in to post replies.Sorry ignore this Ive found out that they are correct and I am being paranoid.