A couple shots in the dark here -
* What roles have "administer comments" rights? * Are there any VBO-based comments administration views on the site? * How secure is the site's database? Is root access still available? If so, is the password secure? * Is phpMyAdmin installed on the site? That can be a weak spot. * Do the Apache logs from the time of the breach show anything odd/curious ?
Also, at the risk of stating the obvious, I'd strongly recommend creating a superuser role and retiring your UID1 account for everything but upgrades/updates.
Cheers,
Bill
On 12/16/10 9:32 PM, Shai Gluskin wrote:
Hi gang,
The author and URL of an anonymous comment was changed about three months after the comment was originally posted. The change happened last week. The new name was in Chinese and the URL is to a Chinese web site. The content of the comment was not changed.
I've never had anything like that happen before. After I discovered this I changed user/1 pw (that is the only account on the site with admin privileges).
There is no other evidence of other damage at the site that I found in the wake of this discovery.
(Site was using 6.19 at the time of the breach).
I'm stumped. Ideas anyone?
Shai