Hello, I developed my website with K2 and miniK2.
Recently I discovered how new users were created, and used the domain to spam through mail, as I receive returned unknown mails...

I installed SecurityCheck, and at the first scan I see a lot of issues, mostly XSS (possible) attacks...
they all refer to /index.php and module com_k2.

Is there a safe way to delete all these attacks?
Should I remove k2 and reinstall it?? As the web site is strongly based on k2, uninstalling this module would require to recreate all the modules based on k2 content/items??
Should just upgrade to the new version resolve the issue??

I really have few knowledge of xss attacks, and how to eliminate them...

Thank you in advance

Hi. First of all the requests to index.php are not just K2 related. All Joomla! requests go through index.php. Secondly, K2 does not create any new users. If you have registration open without any kind of protection, then this is a matter of setup. Actually K2 was the first extension to include an antispam protection in registrations. You can ( and you should ) enable K2 antispam under K2 parameters. Finally, regarding XSS attacks you need to know that the last ( and the only one XSS issue K2 had until now ) has been resolved four years ago. If you find any specific part of K2 that is vulnerable to XSS, let us know so we fix it as soon as possible.