unauthorised user registrations

  • Resolved aussiesapphire

    (@aussiesapphire)


    18 years, 2 months ago

    Had an instance recently where someone registered a user account without authorisation on my http://www.grasslandnsw.com.au/blog site. This one is 2.1.2 but also had the same thing on my aussie sapphire site which is 2.2.2

    In both cases, the box for “anyone can register” is not ticked. I deleted both users immediately but then later had a situation where someone (presumably same person) added links to the sidebar (to buy viagra and the like).

    How do I prevent this from happening again. Should I upgrade both blogs to latest version? I plan to anyway but will this fix this issue of people mucking around with the sites behind my back. Is there another option I should be checking?

    Advice gratefully received.

    cheers
    Leah

Viewing 2 replies - 1 through 2 (of 2 total)
  • Len

    (@lenk)

    18 years, 2 months ago

    You need to upgrade to 2.3.3. A vulnerability was discovered in the XML-RPC implementation of older versions.

    Thread Starter aussiesapphire

    (@aussiesapphire)

    18 years, 2 months ago

    thanks – got some more spam links this morning so have just upgraded and hopefully that will fix the problem. Unfortunately did the automatic upgrade and went to 2.5 instead of the version you suggest. My fault for being slack and just doing the one-click upgrade but it looks to be working ok so far.

    I’ll see how this one goes for a few days and then upgrade the other to 2.5 if I dont see any issues. Thanks for the answer to my question.

    cheers
    Leah

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘unauthorised user registrations’ is closed to new replies.