Forums / Cotonti / Bugs / Not sure if bug or hack

singh336
#1 2013-11-24 00:13

Not sure how this happened, or when. 

I have had a pretty big problem recently when out of nowhere, our news feed went missing, completely invisable. It seems like the tag parsed but isn't outputting the news feed articles on home page.

 

So I looked around and I found a random user was setting permisions , but is it true? or is this a bug in the admin panel?

 

http://i43.tinypic.com/15dmbgk.jpg

This user is not a moderator or administrator and only had "user" rghts, which don't let you edit any content on the site.

 

Now I see under other sections this user is listed under the "set by" colum for user rights on the news cat too... WTF???

 

Anyone have this issue? Because of this I was trying to just upgrade from Genoa all together to Siena, which went HORRIBLY, the upgrade script just wasn't working. If you can help me on this issue, or the upgrade issue, or think the issues could be related, that is awesome let me know.

 

my other topic regarding update issue. http://www.cotonti.com/forums?m=posts&q=7593&n=last#bottom

 

<a href="http://www.streetlegalmods.com/">http://www.streetlegalmods.com/</a>
This post was edited by singh336 (2013-11-24 00:32, 10 years ago)
Trustmaster
#2 2013-11-24 07:40

Hi Singh,

It seems like your site got hacked. It seems to be running 0.6.22 and there were a few security flaws reported since that release so I recommend updating to 0.6.25 as soon as possible and then setting a comfortable schedule to upgrade your site to Siena, because Genoa support will soon be over.

May the Source be with you!
singh336
#3 2013-11-24 20:20

Thank you, 

 

and we are , since yesterday at least running 6.25, the footer of our wesite says 6.22 but that was hand typed there, is there another place in admin panel where I can see the version? I dropped the files for 6.25 in the root and as well as ran the sql for the upgrade, i updated one by one from 6.22 btw, and when i ran the sql they said some things already existed which led to believe we already updated.

 

anyways we will proceed with the siena update, is there anything I should do to fix this hack before i update to siena?

<a href="http://www.streetlegalmods.com/">http://www.streetlegalmods.com/</a>
Trustmaster
#4 2013-11-24 20:56

You need to revoke any access given to that user and/or remove that attacker account completely. Then make sure you change all the important passwords that the attacker may have got.

May the Source be with you!
singh336
#5 2013-11-24 21:18

Sounds good I will do so now, I already banned them when I saw that but I will remove the account completely.


This is probably why our news section is screwed.

 

I am going to do what you suggested in the other thread for upgrading, wish me luck I hope we can get this to siena today.

<a href="http://www.streetlegalmods.com/">http://www.streetlegalmods.com/</a>
Trustmaster
#6 2013-11-25 09:11

What happens if you add more news? Is it also invisibile for superadmins?

May the Source be with you!