New User blocked my admin login somehow?

Discussion regarding Joomla! 1.5 security issues.
Joomla! Vulnerable Extensions: http://feeds.joomla.org/JoomlaSecurityV ... Extensions

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
wes_517
Joomla! Intern
Joomla! Intern
Posts: 64
Joined: Mon Aug 20, 2007 7:43 pm

New User blocked my admin login somehow?

Post by wes_517 » Mon Dec 03, 2007 2:48 pm

OK, so this morning around 7:30, I received an email from the system saying there's a new user.

strange it wasn't someone I recognized, because the nature of my site, I know all the users personally.

I got scared for a minute when the email that was registered contained a reference to "all your base"

tried logging into my site, and found that I couldn't. started to get a little scared, so jumped into the database, the user was in there (since they registered) but they still had the activation code, and my super admin account is still there and intact.

once I deleted the other account, I was then able to log in again with my account.

looking back, I should have exported the whole thing instead of deleting it, but can anyone shed some light onto this at all?

It doesn't make sense to me that a newly registered user could block out logins, unless they did something that effects other parts of the database in some why, but if they did, why would just deleting that account let me log in again with the same password and all as before?

Is there anything I can give to the Dev's that could show if this was a fluke thing like mistyping my password 7 times or if there is something that someone managed to exploit?

I admit my installation of RC3 is probably about 3 weeks old at this point.

Locked

Return to “Security in Joomla! 1.5”