PSA: Posting known forum site security vulnerability
I just caught the site/forum being hacked. They're using the drupal ckeditor module, which is known to have vulnerabilities. They're editing user profiles and it seems they're changing out user emails associated with those accounts/profiles. So basically it's people on here pretending to be someone they're not, e.g. old forum users that aren't around anymore.
Just another attempt to smear me, the site, my work, integrity, and to attempt to create grounds for legal entrapment.
They managed to still hack it and change user edit settings for nodes. So basically it was wild west for awhile on node content
Anyway. Investigation continues..
Does the private messaging system still work?