I am using Serendipity for a blog and have been having the problem of "users" posting on my blog. I did not want others to be able to post to my blog, but somehow they are getting into and posting to it. If there is a way to block others from posting to my blog I would appreciate someone telling me how to stop this problem. Most are from China (In Chineses no less!), and Russia, but the most worrisome for me as an American is the one from Afghanistan. The entries that are in English could very well be encoded messages from terrorists for all I know.
I have looked into the settings, but since I have no clue what to do with it, I am stumped. Is there any CLEAR tutorial that tells me what settings I need to use to block other users from posting? I didn't really want anyone to be able to post except me. The "permissions" and "User" areas are so confusing to me that I have left it "as is" for fear that I will delete my own posts or ability to log in. Since there is no 'owner's manual' I am frozen in this current mess. This is the second time I have had to get into the back and delete posts from numerous 'users' I had no idea were there.
Tutorials needed!
Re: Tutorials needed!
We offer several detailled documentations on how to install, upgrade or tweak a Serendipity blog. Please review http://www.s9y.org/33.html.
The following is my expectation, that you are talking about unknown user posting blog entries, not comments!!!
To your problem.
Serendipity does not offer unknown user posts by default.
If that is the case, your System has been hacked! The vulnerables during all these years were very few and commonly fixed during a day, so the most of all hacked blogs I have heard of, where hacked by ftp or similar. This tells you to also check your webservers environment to fix common vulnerabilities!
Solution for your blog:
Backup your uploads directory, and the file serendipity_config_local.inc.php.
Do you have a tweaked template? Then this should be backup'ed too.
Erase all other components - files and folders completely!
Download a current Serendipity Version and install it to your webspace the same way it was done before. (means, keep the path to installation).
Check if the backup'ed serendipity_config_local.inc.php has only these settings
and isn't manipulated in any other way. If you trust its settings, copy the file back into serendipity root dir.
The same für the uploads (and other backup) directory(s). Check this/these dir(s) carefully, as there could be files in it, you never did into!!
Now, link your browser to the blogs address and run through the installation/upgrade process, which should tell you if everything is ok to run.
When restoring your blog finished successfully, you should log in and change your admin password!!!
After that your blogs admin area should be resistent to anyone but you. That would be the time to carefully inspect all data, like entries etc, which come and lay in the database itself.
Please also look into your backends 'Manage users' section, that it keeps only your admin name as a single user with permission rights (255). If there are others, which are not done by you (even then), vaporise them.
Good luck!
The following is my expectation, that you are talking about unknown user posting blog entries, not comments!!!
To your problem.
Serendipity does not offer unknown user posts by default.
If that is the case, your System has been hacked! The vulnerables during all these years were very few and commonly fixed during a day, so the most of all hacked blogs I have heard of, where hacked by ftp or similar. This tells you to also check your webservers environment to fix common vulnerabilities!
Solution for your blog:
Backup your uploads directory, and the file serendipity_config_local.inc.php.
Do you have a tweaked template? Then this should be backup'ed too.
Erase all other components - files and folders completely!
Download a current Serendipity Version and install it to your webspace the same way it was done before. (means, keep the path to installation).
Check if the backup'ed serendipity_config_local.inc.php has only these settings
Code: Select all
$serendipity['versionInstalled'] = '1.6.2'; (OR THE VERSION YOU HAD)
$serendipity['dbName'] = 'YOUR_DB_NAME';
$serendipity['dbPrefix'] = 'YOUR_DB_TABLES_PREFIX_';
$serendipity['dbHost'] = 'YOUR_DB_HOST_NAME';
$serendipity['dbUser'] = 'YOUR_DB_USER_NAME';
$serendipity['dbPass'] = 'YOUR_DB_USER_PASSWORD';
$serendipity['dbType'] = 'mysql'; (OR THE DB YOU ARE USING)
$serendipity['dbPersistent'] = false; The same für the uploads (and other backup) directory(s). Check this/these dir(s) carefully, as there could be files in it, you never did into!!
Now, link your browser to the blogs address and run through the installation/upgrade process, which should tell you if everything is ok to run.
When restoring your blog finished successfully, you should log in and change your admin password!!!
After that your blogs admin area should be resistent to anyone but you. That would be the time to carefully inspect all data, like entries etc, which come and lay in the database itself.
Please also look into your backends 'Manage users' section, that it keeps only your admin name as a single user with permission rights (255). If there are others, which are not done by you (even then), vaporise them.
Good luck!
Regards,
Ian
Serendipity Styx Edition and additional_plugins @ https://ophian.github.io/ @ https://github.com/ophian
Ian
Serendipity Styx Edition and additional_plugins @ https://ophian.github.io/ @ https://github.com/ophian