Most of you might have noticed by now some people managed to create a lot of new topics about downloading movies etc.
The interesting part is that they managed to remove a lot of code and insert only the image in to the page.
Questions overview: http://i.imgur.com/3uxdhG2.png
Detail of a topic: http://i.imgur.com/QJG5OjB.png
So the big question now is how can we remove these topics? There is no longer a report / close button for me as they removed that too..
Who should we contact that is responsible for the Odoo forums?
The last thing that I am wondering is.. how secure is Odoo really? This is yet another example of Odoo not being spam proof and being able to modify code in Odoo. This makes me doubt about the Odoo security.
With kind regards
UPDATE: (response from lead developer, Olivier)
Here's a summary of what we've (odoo development team) done in the last few days:
- Deleted 52 users with negative karma, with all their posts and comments (these users have been created by real users manually, from various IPs coming from India, Vietnam, etc., most likely hacked machines).
- Raised the karma for posting comments on other questions to 50 - new users can only post on their own (threads).
- Fixed the error 500 when editing posts.
- Fixed the UI problem when trying to add images (may need browser refresh with shift+f5).
- Fixed various issues with tags when posting/editing.
The only action that is currently possible for first time users (after verifying their email) is to post new questions.
MY ORIGIONAL ANSWER:
They are using CSS to overlay their code on top of the odoo website. As for odoo safety? Microsoft, Unix and Apple have all had major security holes that give people root access to your system. So far we have graffiti artists gaining access.
I contacted a lead developer and also 24 hour support. Now it is up to them to prioritize the problem as they see fit.
Personally I prefer to see odoo getting hacked and not free user websites. This way we can be assured that the problem will get corrected and odoo will be safer for everyone. The forum software is only beta code 100% of odoo's design and does not have the years of experience in what people can do to break it. And they sure are breaking it!
Please try to give a substantial answer. If you wanted to comment on the question or answer, just use the commenting tool. Please remember that you can always revise your answers - no need to answer the same question twice. Also, please don't forget to vote - it really helps to select the best questions and answers!
About This Community
|Asked: 11/30/14, 4:44 AM|
|Seen: 996 times|
|Last updated: 3/16/15, 8:10 AM|