You should disable uploading completely for untrusted users (anonymous + unverified registrations) to be safe until the next version is released.
Yes, sir. I've done that. Did it first thing this morning, UK time. We've not allowed posting by anyone (other than me, as admin) for several years, but we did have the URI Upload boxes (in Groups) set to other than 0. Now 0's everywhere.
And I understand that you're all working very hard --- and I appreciate that, thank you --- to create the next version of CPG, which will prevent this problem happening again.
On our own CPG site, although we have completely re-uploaded the latest version --- and we were running the latest version at the time of the attack last night --- we still seem to have this problem.
I guess what I don't understand (and please don't growl at me for being thick ---
guilty as charged!) is whether the next version, when released, will actually
fix the current problem on my
www.bark.ch website, or will only prevent it from happening again.
If it
won't fix it, should I have my server people roll-back the site to yesterday's backup now? And if we restore from yesterday's back-up, and are certain that uploading from other users is completely, totally shut down, is the problem unlikely to reoccur with the current version of CPG?
I guess I'm just trying to find out if I should wait for the new version --- because it will also fix this problem --- or whether we should restore, be sure uploads are disabled, and then wait for the new release?
Sorry for the questions. I know you're all busy, and the last thing you want is my sticking my nose in . . . .