HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Vanilla 2 just made all the messages invisble
Hello I've been using Vanilla 2.0.18.1 for about two years.
Recently all the messages have become invisible, but the discussions list and structure of the discussions are intact. And if you try and edit a message then even though it is invisible it appears in the edit box. Saving it doesn't then make it visible.
(I can see an IP address under the username - can't remember if that was there before.)
Is there a way to fix this issue - which may just be a formatting issue.
Also is there a way to update the forum to version 3 - woud this help? Can I do this without loosing all the data?
Thanks
Tim
0
Comments
Hello I've been using Vanilla 2.0.18.1 for about two years.
Are you sure about that version number? You installed a version of Vanilla from 2010 in 2020? I'm so confused I don't know where to begin.
yes it must have been older - in fact i can see the forums first messages were in 2012!
If you haven't changed anything but this issue is happening site-wide, my guess is your site has been compromised. This is a tactic someone could use to hide spam links and messages on the site. Vanilla 2.0.18.1 has many publicly documented security flaws at this point.
I'd View Source on the page and look for Javascript or CSS code that doesn't look like it's part of Vanilla. The most common ways to corrupt the site would be using the Pockets plugin or modifying the theme files. I would try restoring the theme files from backups if you have any.
Upgrading may well solve the issue. There are upgrade instructions for all subsequent releases on this site. Backup your database first, but you shouldn't have any issues with data loss.
If the site was indeed compromised, be sure to reset passwords and confirm you aren't using the same password as that site anywhere else. I'd also consider involving your host's support, or moving to a new host with a clean installation to make sure you don't have compromised files left.
Exactly, upgrading is the better option to think in such situation