Topic: Possible security hole [Solved] · BuddyPress.org

Skip to:: Content; Pages; Categories; Search; Top; Bottom

Possible security hole [Solved]

@fizk

Member

14 years ago

I’m running a BuddyPress 1.2.8, WordPress Mu 3.1 site and a bot somehow manages to always create accounts, about 5 per day, even though account registration is disabled in /wp-admin/network/settings.php, and for each of my sites.

For example, the last account created had username “ramonlpa” and email “fidankaisageh @gmail.com”, and was not associated with any site (i.e. the site field is blank).

This has been happening for a long time. When I first found out, the bot had created 3000 accounts.

I’m also running bbPress with the WordPress Integration, so the hole might be in bbPress.

Viewing 8 replies - 1 through 8 (of 8 total)

@pisanojm

Participant

14 years ago

check to see if you have any other “admins” in your users… maybe you have an admin account that has been hacked and they are being generated from the inside?

@djpaul

Keymaster

14 years ago

bbPress is most likely in your setup

@fizk

Member

14 years ago

Pisanojm,

I don’t have any other admin accounts in my system.

@fizk

Member

14 years ago

Paul Gibbs,

Yes, I have a separate bbPress install that integrates with WordPress via the Wordprss Integration.

@fizk

Member

14 years ago

Pisanojm, I just changed the password of every account in case they’ve guessed the password for one of the accounts.

@r-a-y

Keymaster

14 years ago

Disable bbPress registration on your external install:
https://bbpress.org/forums/topic/howto-disable-registration

@fizk

Member

14 years ago

r-a-y,

Thanks, I’ve disabled registration. Hopefully this stops the bots completely.

@fizk

Member

14 years ago

r-a-y,

That seemed to do the trick! Thanks

Viewing 8 replies - 1 through 8 (of 8 total)

The topic ‘Possible security hole [Solved]’ is closed to new replies.