Instance hacked, inserting 100s of posts
-
@robi Could well be - also could be something underlying in their sanitizing. I've had a few instances getting absolutely hammered from Germany on contact forms, mostly getting blocked by recaptcha but ended up being more of a DOS for the resources they threw at it. Could be the same thing, might not be, but I've cut them off early and low in the stack, so logging/etc. is pretty minimal at this point since the firewall is dropping them. FWIW, the contact forms are Caldera - not sure if that's in common or not, but that's a pretty broad attack surface to start from if so.
-
Could it be the admin password got leaked somehow or if you have used it in other sites? https://haveibeenpwned.com/ is a good place to check for this.
-
-
@robi said in Instance hacked, inserting 100s of posts:
admin account never logged in
Is it still then the default "changeme" password? Even if not logged in via GUI they mostly use the REST-API.
-
@robi said in Instance hacked, inserting 100s of posts:
admin account never logged in
Is it still then the default "changeme" password? Even if not logged in via GUI they mostly use the REST-API.
@imc67 said in Instance hacked, inserting 100s of posts:
@robi said in Instance hacked, inserting 100s of posts:
admin account never logged in
Is it still then the default "changeme" password? Even if not logged in via GUI they mostly use the REST-API.
After unblocking the admin account and attempting to log in, that's exactly what happened. How embarrassing.
That tells me the flaw that happened in creating this site.
Thank you!
-
@imc67 said in Instance hacked, inserting 100s of posts:
@robi said in Instance hacked, inserting 100s of posts:
admin account never logged in
Is it still then the default "changeme" password? Even if not logged in via GUI they mostly use the REST-API.
After unblocking the admin account and attempting to log in, that's exactly what happened. How embarrassing.
That tells me the flaw that happened in creating this site.
Thank you!
