I've had my XOOPS site running for a month or so now and have come across something strange.

I have it set up so that I have to personally activate all accounts. I received an email notice yesterday regarding an account activation, which is normal.

However, today I was checking out my "Webmaster" group for an unrelated issue and noticed that the user from the most recent activation request showed up in this list! I hadn't yet even activated the account.

Any ideas? I just deleted the account via phpadmin, since I was unable to remove the name from the Webmaster list via the groups admin. It just resulted in a blank page when I tried to do so.


Brad

i wouldn't say that your site was hacked..

it's easy to say that when strange things occur. i'm not discounting it cud have been tho, but you shud rule out any other possibilities of how the user got added to the webmaster group.

lots of people get worried when the word hacking gets mentioned and in most cases it's false.. not all cases but the vast majority..

i can't answer y that user got added myself tho..

on the 2nd note.. the blank page when removing a user from the webmaster group is normal, the new security in XOOPS from version 2.0.5.1 prevents users from being removed from this group. and the way to remove a user from the webmaster group is by manually removing them from the database with tools such as phpmyadmin.

hope this helps a little..