A couple of users joined up this week and after registering, they started changing their profile fields to something like x', usergroup='4. Should I be even moderately concerned if already I'm upgraded to 1.6.9?
Just asking to make sure since I'm not really familiar with the latest 1.6.8 vulnerabilities. Better prudent than face peril.
They are probably trying to SQL inject, although they are failing. usergroup=4 is the default admin group.
Thought as much. Seems like an obsolete method though.
If it was me, I would probably give them the ban hammer.
(2013-01-04, 06:51 PM)Frank.Barry Wrote: [ -> ]If it was me, I would probably give them the ban hammer.
They'll probably just register again under false usernames, e-mails and IPs. But banning is always fun I suppose.
(2013-01-04, 06:52 PM)BlackChaos Wrote: [ -> ] (2013-01-04, 06:51 PM)Frank.Barry Wrote: [ -> ]If it was me, I would probably give them the ban hammer.
They'll probably just register again under false usernames, e-mails and IPs. But banning is always fun I suppose.
Yea true