Possible security hole [Solved]
I’m running a BuddyPress 1.2.8, WordPress Mu 3.1 site and a bot somehow manages to always create accounts, about 5 per day, even though account registration is disabled in /wp-admin/network/settings.php, and for each of my sites.
For example, the last account created had username “ramonlpa” and email “fidankaisageh @gmail.com”, and was not associated with any site (i.e. the site field is blank).
This has been happening for a long time. When I first found out, the bot had created 3000 accounts.
I’m also running bbPress with the WordPress Integration, so the hole might be in bbPress.
- The topic ‘Possible security hole [Solved]’ is closed to new replies.