We've been hacked :roll:

**Nick** · 12-07-2009, 04:38 AM

Looks like we have ruffled some feathers because the folk from Pligg decided to hack into our demo site and renamed it "Pligg Rulez"!

We're an open source project and as such, our code is publicly available for all to see, which does leave us vulnerable to hackers. Still, that's half the fun of open source programming, and getting a friendly nudge like this from our friends at Pligg is a reminder that we need to pay more attention to security issues.

**JonH** · 12-07-2009, 05:16 AM

Good to see Hotaru news is getting around

**carlo75** · 12-07-2009, 09:25 PM

Unfair... pligg don't rules!

**carlo75** · 12-07-2009, 10:06 PM

Do you know how they do that?

**Nick** · 12-07-2009, 11:48 PM

Originally Posted by carlo75

Do you know how they do that?

I can't say for sure, but it would have been possible with a cross-site request forgery - probably on the user permissions page to get admin access. I'll go through every form, adding tokens with this CSRF Protection Class, and then maybe they'll be kind enough to try and hack us again so we can see if it worked.

**Sunny** · 12-08-2009, 09:10 AM

hahaha Nick your comments are amusing, thanks for the laugh

We all see great potential in Hotaru and apparently so do the folks at Pligg.com. Quiet frankly, if it wasn't for them, Hotaru wouldn't be here. This is a good example of when developers care more for making money via Plug-gins than providing quality and support. This is just my personal opinion based on experience.

Thanks Pligg!

**rushnp774** · 12-10-2009, 03:22 PM

No wonder you've been going balls-to-the-wall with the CSRF stuff lately Nick. Makes sense

. Hopefully that was how they did it, and that your changes will block it next time. If it wasn't how they hacked it, we're (hopefully) protected against CSRF in the future, so it's all good.