Demo website hacked ?

Hello guys

It seems like your demo site has been hacked.
Each click on an activity opens a pop up with porn ads or others

Hi activha,
Thanks for the heads-up!

I have manually triggered a site refresh this morning after your post.

Looking at the logs, it does not look like the demo site got hacked, but that a spammer took advantage of the demo super-administrator account to change the site to his liking!

The site automatically refreshes (resets to initial state) every few hours, we thought that this would be discouraging enough to us it for spam.

I have now changed the setting refresh it on an hourly base, and we will restrict further the demo super-admin account. Having a full super-admin account available for demo on a demo site is anyway probably not the best idea in town. A restricted administrator account that also filters HTML content is sufficient.

I have now changed the demo administrator account of the demo site from Super-Administrator to Administrator, and drastically limited its rights to CB-specific area. I have also removed his right to edit Joomla articles, menus, templates and modules, as well as any non-directly CB-related items. Finally, I have activated full Joomla HTML filtering for it.

This should seriously limit the possible missuse of the admin interface to "hack" the content or insert Javascript popups.

The demo site will reset itself / refresh to the new version automatically in 15 minutes from now.

Thanks again for your heads-up.

You're welcome, glad to be useful

Admin demo user had too many permissions. We've significantly limited it now. Hopefully won't happen again. We wanted to give a nice and complete backend demo, but we'll have to limit it greatly now. Spammers just can't let us have anything can they.