Geeklog Forums

Hi all,

I am still running v1.4.0sr3. Yesterday my site was hacked by a phishing operation, who installed a fraudulent site under /backups in GeekLog. My ISP wants me to look for a security fix for GL. Is anyone aware of known vulnerabilities like this? Would upgrading to the new v1.4.1 help?

My GL has definitely been under attack. I was getting a lot of users who were posting spam to the blog, so I had to stop allowing legitimate users to post. Then they started posting spam in the comments, & since there was no way to approve comments individually, I disabled all comments (and trackbacks). Now I'm the only authorized poster on a somewhat de-functionalized site.

Any suggestions would be appreciated!

Thanks
--ChrisN

I am not sure if there are any known security vulnerabilities in your version of geeklog but it is always best to upgrade to the latest version. My geeklog site got defaced a while ago but the hackers actually got in through a security flaw in another web site that was running on the same server.

To stop SPAM, I would install 1.4.1, it has support for the captcha plugin which helped greatly in reducing spam for me.

---

One of the Geeklog Core Developers.

Which means that you were two security fixes behind. Especially the fixes in 1.4.0sr4 were really important, unless you removed FCKeditor's file manager manually yourself.

bye, Dirk