DeeEmm

Pragmatism in code

Pragmatism in code

Waxing lyrical about life the universe and everything software related since lunchtime 2006.

JomSocial Group Discussion Exploit

Been getting spam for quite a while in a few of my JomSocial sites so decided to take a look into why. Spam messages were somehow being left by guest users even though guest access was disabled and permissions were set to members only for group discussions. After a short while I was easily able to replicate how to to do this myself.

So wanting to the the right thing and not publicly post the exploit for others to see and abuse I emailed JomSocial support with details of the exploit and how to fix it. After waiting for a while I got absolutely no response whatsoever. I then posted a message to their Facebook feed, same thing - absolutely no reply whatsoever. Pretty ironic considering that thier Facebook page is pretty active lately telling us what a great job they are doing improving JomSocial.

Hmmnnnn what to do?

So next I post a support thread on their forum. After a couple of weeks of not receiving any official reply I gave up any expectation of ever getting a reply and simply fixed my sites myself. I eventually received an email requesting that I give examples of the exploit, screen grabs and a whole bunch of other stuff that would take up heaps of my time. I politely declined saying that they had missed their chance but offering that they could engage me professionally if they wanted me fix their code. Not surprisingly there was no reply.

...
Continue reading
12326 Hits
1 Comment