Skip to Content Skip to Menu

🎃 Happy Halloween! Treat yourself with an awesome discount on memberships! Get 20% off now with code SPOOKY-2024!

Community Builder possible Security Issue

  • HCAA
  • HCAA
  • OFFLINE
  • Posts: 43
  • Thanks: 2
  • Karma: 0
8 years 3 months ago - 8 years 3 months ago #283619 by HCAA
RE: www.joomlapolis.com/forum/153-professional-member-support/233881-community-builder-image-display-format

Rather than start a new item I'm replying within this thread because the update I performed was dine on July 8.

Was there a bug in Community Builder that may have allowed 2 illegal additions to our registered user list on June 30 and 1 on July 6? I suspect the errant entries originated in Poland. I am hoping that the update I performed on July 8 has plugged the hole. I cannot imagine how else this is happening. We have the latest Joomla update and all extensions are up to date. We have an SSL Certificate and SiteLock protection which has not detected any malware issues or other problems.

If there was a bug that allowed this problem and the update did not fix it will the new version include the fix?

I changed user names and passwords after June 30 and it happens again anyway.
Last edit: 8 years 3 months ago by krileon.

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 48459
  • Thanks: 8280
  • Karma: 1443
8 years 3 months ago #283625 by krileon
Replied by krileon on topic Community Builder possible Security Issue
There is no vulnerabilities in CB that we are aware of. If you did not lock down 3rd party or Joomla registration forms they likely registered outside of CB allowing them to bypass CB confirm and approval, but they wouldn't of been able to use CB login or many of CBs functionality. We released a plugin called CB Core Redirect that closes Joomla user component access and that is now built into CB 2.0.

We also provide CB AntiSpam to help protect against spam registrations and login attempts.

If you do have a vulnerability it's likely 3rd party registration that you didn't turn off. This could be core Joomla registration or a 3rd party extension that also has its own registration. If you're using CB Connect it will by default bypass approval and confirmation as well, but that's no vulnerability.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in or Create an account to join the conversation.

Moderators: beatnantkrileon
Powered by Kunena Forum