Could you please post an issue in the bug tracker, tagged as 'security issue' and add as much information as possible in there (it will be kept private)?
If your analysis is correct, an attacker somehow managed to change an existing user email/password, but not to activate it by clicking on the correct activation code. This means that either he did not received the email with the validation code because your site is configured not to send those emails, or because the action of modifying the users config did not trigger a generation of a new user-activation key...
It would especially be interesting to get the access logs of the server. Plus the eZP version you are running, of course, and any configuration details.
Principal Consultant International Business
Member of the Community Project Board
I don't know if the user activate stuff in your logs is something new or if it is unrelated but for the administrator user, depending on what version of ezpublish you are running and if you have user register enabled, it can be hacked using:
Thank you for your fast feedback.
We disabled the user-registration and deleted the default admin, so that the ID of the Administrator User is not obvious. We did not have any attacks again. We will wait and see.
Best regards,
Peter
You must be logged in to post messages in this topic!
