- Posts: 98
COMMUNITY FORUM
k2 hacked
- Roman Lipatov
-
Topic Author
- Offline
- Premium Member
Less
More
9 years 5 months ago #149323
by Roman Lipatov
k2 hacked was created by Roman Lipatov
Hi!
First time it happens 1 year ago with old k2 version.
And now it happens again with latest k2 version on another site on Joomla 3.4.5
Hackers creates thousands users accounts with spam.
monosnap.com/file/hhPrWZ2SPLSGp0Ttj3qqBIqySe7Yln.png
monosnap.com/file/hhSZzcA50lZ0XRtiOULqoD7BGwEqNU.png
My site don't have ability to create K2 accounts in frontend.
First time it happens 1 year ago with old k2 version.
And now it happens again with latest k2 version on another site on Joomla 3.4.5
Hackers creates thousands users accounts with spam.
monosnap.com/file/hhPrWZ2SPLSGp0Ttj3qqBIqySe7Yln.png
monosnap.com/file/hhSZzcA50lZ0XRtiOULqoD7BGwEqNU.png
My site don't have ability to create K2 accounts in frontend.
Please Log in or Create an account to join the conversation.
- JoomlaWorks
-
- Offline
- Admin
Less
More
- Posts: 6227
9 years 5 months ago #149335
by JoomlaWorks
Replied by JoomlaWorks on topic k2 hacked
K2 has nothing to do with this as it does not control user creation. You've simply left user creation open without any safety checks and thus bots created accounts in your site.
K2 can actually help in this manner by providing integration with StopForumSpam to "catch" such signups before they occur.
K2 can actually help in this manner by providing integration with StopForumSpam to "catch" such signups before they occur.
Please Log in or Create an account to join the conversation.
- Roman Lipatov
-
- Offline
- Premium Member
Less
More
- Posts: 98
9 years 5 months ago - 9 years 5 months ago #149347
by Roman Lipatov
Yes, users can register on site. But they can't creates K2 profiles.
This is how it looks:
www.joomlaworks.net/component/k2/itemlist/user/107010
I'm sure - this not good page for your site.
This is how they hacks:
maximgroups.net/cms/joomla/kak-ostavit-statyu-ssylku-na-sajtax-na-cms-joomla-s-uyazvimostyu-k2.htm
So, how I can enable joomla registration and disable K2 profiles?
Replied by Roman Lipatov on topic k2 hacked
Fotis wrote: K2 has nothing to do with this as it does not control user creation. You've simply left user creation open without any safety checks and thus bots created accounts in your site.
K2 can actually help in this manner by providing integration with StopForumSpam to "catch" such signups before they occur.
Yes, users can register on site. But they can't creates K2 profiles.
This is how it looks:
www.joomlaworks.net/component/k2/itemlist/user/107010
I'm sure - this not good page for your site.
This is how they hacks:
maximgroups.net/cms/joomla/kak-ostavit-statyu-ssylku-na-sajtax-na-cms-joomla-s-uyazvimostyu-k2.htm
So, how I can enable joomla registration and disable K2 profiles?
Last edit: 9 years 5 months ago by Roman Lipatov.
Please Log in or Create an account to join the conversation.
- Krikor Boghossian
-
- Offline
- Platinum Member
Less
More
- Posts: 15920
9 years 5 months ago #149360
by Krikor Boghossian
Replied by Krikor Boghossian on topic k2 hacked
Hmmm, I don't know Russian, however this is not a hack.
Your data was not compromised nor any passwords.
K2 by default extends the registration form, hence the extra data you see.
Your data was not compromised nor any passwords.
K2 by default extends the registration form, hence the extra data you see.
Please Log in or Create an account to join the conversation.
- Roman Lipatov
-
- Offline
- Premium Member
Less
More
- Posts: 98
9 years 5 months ago #149364
by Roman Lipatov
Replied by Roman Lipatov on topic k2 hacked
Yes, I'm sorry, this is not hack.
But this is way to create spam articles on site using K2 unbeknownst to the administrator.
I'm sure your site have hundreds same articles as I already showed.
But this is way to create spam articles on site using K2 unbeknownst to the administrator.
I'm sure your site have hundreds same articles as I already showed.
Please Log in or Create an account to join the conversation.
- Krikor Boghossian
-
- Offline
- Platinum Member
Less
More
- Posts: 15920
9 years 5 months ago #149377
by Krikor Boghossian
Replied by Krikor Boghossian on topic k2 hacked
There are not articles, these are profile pages.
If you are allowing users to register on your site, some might fill their profile with data such as these.
You can deactivate user registration, activate reCaptcha or you can manually activate your users.
If you are allowing users to register on your site, some might fill their profile with data such as these.
You can deactivate user registration, activate reCaptcha or you can manually activate your users.
Please Log in or Create an account to join the conversation.
- Roman Lipatov
-
- Offline
- Premium Member
Less
More
- Posts: 98
9 years 5 months ago - 9 years 5 months ago #149379
by Roman Lipatov
Replied by Roman Lipatov on topic k2 hacked
Yes, these are profile pages, but they maden for seo spam and looks like articles.
I can't disable registration.
Recaptcha not solves problem.
So, we have only 1 way - disable K2 profiles or description fleld.
How I can disable editing K2 profiles?
I can't disable registration.
Recaptcha not solves problem.
So, we have only 1 way - disable K2 profiles or description fleld.
How I can disable editing K2 profiles?
Last edit: 9 years 5 months ago by Roman Lipatov.
Please Log in or Create an account to join the conversation.