Xoops Security
  • 2004/2/22 9:39

  • finalfiler

  • Documentation Writer

  • Posts: 111

  • Since: 2002/1/19

A little while ago I reported to this group what seemed like some sort of attack on sites I run using XOOPS - essentially there was a spate of many, many registrations that did not make sense. Canvassing users known to me suggests they have had a dramatic increase in SPAM since the 'attack', but it's difficult to be certain about a correlation between these events.

Anyway, I am currently trying to sift thru these and find if I try to delete them via XOOPS admin I get:

"Admin user cannot be deleted. (User: <some user name>)"

Looking thru the user database table I see that the suspicious registration all have admin rights.

Now, there is no way known that the users were given admin rights by me, the only legitimate administrator for these sites.

I'm worried.

The sites are generally updated with the latest XOOPS on release.

Re: Xoops Security
  • 2004/2/22 12:29

  • Jan304

  • Official Support Member

  • Posts: 520

  • Since: 2002/3/31

Well, don't panic is the first thing I say. Those users are not in the admin group, just a mistake in the core files. The fix is listed here:
https://xoops.org/modules/newbb/viewto ... d=16466&forum=21&start=15

Hope this helps.


Who's Online

50 user(s) are online (25 user(s) are browsing Support Forums)

Members: 0

Guests: 50



Goal: $100.00
Due Date: Aug 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits