So we were checking out some of the posts on our UG limited blogs and found a user (spambot?) who was able to bypass the UG permissions and post a blog entry. This SHOULD not be possible as we have set a very explicit blogger's usergroup.. i.e. normal members can NOT post blog entries.
So, how did this 'user' (with standard user level permissions) manage to post a blog entry?
How do we:
This is quite troubling as you can imagine since set permissions were bypassed some how and edges on a security issue / breech.
example link: http://www.pokecommunity.com/blog.php?u=194316
So, how did this 'user' (with standard user level permissions) manage to post a blog entry?
How do we:
a) stop it from happening again.
b) find out what they did to gain access?
b) find out what they did to gain access?
This is quite troubling as you can imagine since set permissions were bypassed some how and edges on a security issue / breech.
example link: http://www.pokecommunity.com/blog.php?u=194316