This project is read-only.

BE v2.9 instance compromised

Apr 9, 2016 at 4:04 AM
I figured out today while upgrading from 2.9 to 3.2 that at some point a couple of months ago, my blog was compromised. Someone had found a way in and created two sub-blogs. Luckily no content or anything nefarious took place far as I can tell. I only have two userids, the admin account and an account under my own name, both have their own distinct STRONG passwords. How is it possible that someone got through the login with admin access?
Apr 9, 2016 at 4:45 AM
Edited Apr 9, 2016 at 4:46 AM
Do regular updates or check for regular security patches.
For example: http://dotnetblogengine.net/post/patch-for-blogengine-net-3-2.aspx
(install package already has patch included)
Apr 9, 2016 at 4:06 PM
Thanks. Always applied patches and updates for the major version I was using. Not always convenient to make the bigger version jumps.