b2evolution exploited

After the excitement of my first comment spam back in December, today has been even more exciting! My blog was exploited, the skin wiped out, and posts redirected to a gay porn site. Looks like it’s a new exploit, as the b2evolution site itself has lost its skin, though I didn’t see anything redirecting to the wrong place there. (See the screenshot, taken at 22h34 South African time). In the meantime I’ve done some remedial battening down the hatches, but I’m not feeling particularly secure until I find out exactly how I was exploited. Good luck to anyone trying to read!


  1. Hi Vaughn

    That wasn’t the exploit, as I’d patched that well before. There’s a new exploit out there that doesn’t seem to be documented anywhere, though presumably (I hope) the developers know about it as they’re releasing a new version. Their communication with everyone has been poor though.

  2. There is no exploit here. The screenshot only shows a screen where for some reason (like too many lost packets in a network congestion) the CSS file coul dnot be loaded. We haven’t restored anything on the b2evo site since the screenshot was taken.

Comments are closed.