No announcement yet.

Users becoming admin?

  • Filter
  • Time
  • Show
Clear All
new posts

  • Users becoming admin?

    Maybe this was just human error, but I thought I'd ask here to be on the safe side.

    Are there any known/potential security holes in 3.0.7 that would allow a user to become an administrator? We had this happen tonight and wanted to know if there's some bug that would do that. It was probably just a slip of the mouswheel when one of our admin was selecting a usergroup but it's better be safe than sorry.

    And yes, we're upgrading to 3.5 tomorrow

  • #2
    Yes, there are known security things in 3.0.7, that is why there was an upgrade to 3.0.8 and later even to 3.0.9 released. Perhaps somene exploited the security hole. Can't tell much without apache access logs.

    Upgrade to 3.5 as soon as possible, and change the admin and other staff passwords. Put your admincp behind .htaccess directory password protection.


    • #3
      Thanks for the quick reply, Floris

      I'll have our hosting guy take a look at the apache logs, but I believe it was an honest mistake on our part. There have been some questions of motives lately though regarding a few people so we want to cover all our bases and make sure we're not turning a blind eye to anything.

      Again, thanks for the help!