Support Forum
Ok... I just got a PM from one of my members saying they'd had trouble logging in with their password being rejected, they shut down their browser, cleared cache, came back, logged in successfully but could see ALL of the forums, including those only members of specific groups should see, I checked and even when LOGGED OUT guests can see ALL of our private forums!
I haven't changed anything, no new plugins, nothing different on the forums.. I've had to disable the forums completely because I can't risk members of the public seeing the private forums we have set up.
Help!
I can't even check settings or anything because I've had to deactivate the plugin.
odd. not sure what the interaction there would be... let us know what you find...
Visit Cruise Talk Central and Mr Papa's World
Host said nothing about the Genesis update should have caused a problem
There should be no correlation between these as the updated file had a single line that was improperly escaped. The addition of the "escaping" is simply a cleansing feature IF someone were to inject something bad. It would not impact current functionality especially if you were already on 1.8.
Quick update on the issue, I had my server roll back the Genesis update, I reinstalled the forums, made sure all the permissions were working as normal, then I updated Genesis theme framework and all is good.. so I have NO Idea what happened but it sure was scary to have all the private sections on my forum suddenly available to the public so if you have any idea whatsoever what could have possibly 'caused this to happen please do let me know!
no clue really... never had anything happen like that... assume you had checked the permissions?
reinstalled the forum?? that would lose your data... do you just mean you reactivated it?
to be safe, I would run a check of your server and make sure it hasnt been hacked...
Visit Cruise Talk Central and Mr Papa's World
Yeah, I had checked the permissions, they hadn't changed
I mean reloaded all the forum files
No signs whatsoever of the forums having been hacked, and my hosts security settings are overly strict so it's unlikely anything has slipped by us.
It's all still working fine so ... *shrugs*
One thing I would say is that during any updating process - be it theme, plugins or whatever - there is always a small window of instability where the likelihood that code will break is extremely high. Someone accessing a site that has half an update applied and is in the process of applying the other half could lead to issues. I am a firm believer in the use of plugins like 'Maintenance Mode' to restrict access during any update. And SP itself, as you will know, will not load itself when an update is in progress.
YELLOW
SWORDFISH
|
For security sake, be sure your wp-config.php permissions are set at 400. Read only for the owner.
If someone can read your config file they might gain access to your database.
Also be sure your db log in and pw are not the same as your admin log in.
- Doc ~ An old Fidonet SysOp. Just hanging out in cyberspace keeping up with tech.
1 Guest(s)