I just had a fewf sites hacked and over 200,000 comments auto published within 16 hours in articles where I had the comment section turned on in the article parameters.  Is there a fix for this?  Took me over an hour to delete out of the db.

are you using recaptua in comments?

 

I have experienced the same problem running 2.4.1 on both K2Joom.com and Simon.getk2.orgIn both case, recaptcha was enabled, yet 1000's were posted.

I am aware of a mod that will add IP tracking for comments with the ability to ban IPs, I will find out the progress on that.

 

SimonK2 Support

Sorry to say I am not the only one and if it has happened to you then Fotis and crew need to get this patched ASAP!  Unless of course they are on holiday again.

Simon Wells (K2 Support) said:
I have experienced the same problem running 2.4.1 on both K2Joom.com and Simon.getk2.orgIn both case, recaptcha was enabled, yet 1000's were posted.

I am aware of a mod that will add IP tracking for comments with the ability to ban IPs, I will find out the progress on that.

 

SimonK2 Support

hello, sent you a friend request....please pm me with your skype if you can/will

This has happened on many sites that I have built, but in every case without exception turning on Recaptcha fixed the problem. I just got in the habit of turning it on for every site we build. I have yet to have a site that hacked around the recaptcha.

I think a lot of us have been there :-)

The big question is how to clean it out as fast as possible? Deleting thousands of comments could easily take the better part of a day...

Is it as easy as deleting everything in the k2_comments table? Is there anything else that needs to be corrected?