Recent Topics

1 Apr 02, 2010 06:55    

My b2evolution Version: Not Entered

I'm running version 3.3.1. Somebody posted two messages on my blog as if they came from me, although they don't show in the post list in the admin section. I found them in the email from readers comments. How can I block a repeat of this action?

2 Apr 03, 2010 05:29

Hi Kenblog.

Change your password ASAP! Make sure other CMS in your site is secured from exploits like SQL INjection, RFI and more.

If you have other CMS other than B2evolution example Joomla (unsecured SQL injection), they could get in to your system using SQL Injection and get your admin password in b2evolution.

B2evolution is not using any salt hashes encryption type. just normal md5.

good luck

3 Apr 03, 2010 06:03

Thank you. I changed my password.

4 Apr 03, 2010 06:05

what's your blog site?

6 Apr 04, 2010 19:15

when you say "a hacker posted ... I found them from email" ... did the hacker make a post or did they make a comment/use the message form ?

Jmcausing, md5()++salt() is as safe as any other form of encryption ;)

¥

7 Apr 04, 2010 20:16

I receive email notification each time someone posts a comment to a post so that I can edit or delete or accept the comment. I clicked on the comment line and it opened up a recent post that I had not written and comments to it. The post did not appear on the list of posts in my admin section. I deleted it and changed my password and I have had no repeats. It was a mistake to delete the entry, because it prevent my host from tracing the problem.

8 Apr 04, 2010 21:56

If it happens again, don't delete the post and come back here ... tad hard to help with a deleted post, sorry

¥


Form is loading...

b2evolution CMS – This forum is powered by b2evolution CMS, a complete engine for your website.