Some user to the site changed the links under all users profile pages

Joey Champion Posted in Technical Support 3 years ago

Good morning.
Just checked my site, and noticed a new user signed up "Tom Hank" (no "s" in the name like the actor). But what was alarming was that under every users profile instead of "Friends" it was changed to "Homies" by someone. (I am assuming it was the new user because things were correct before).
I did have cross site scripting enabled... so I immediately disabled the component.
How do I return the link text back to "Friends" from the now modified "Homies"?
Thank you,

German Michael Z├╝lsdorff Replied 3 years ago

thus we can learn (again) : Even if we feel flattered that some one like Tom Hank made it into our communitiy -- We shouldn't give ANY new member full admininstrative rights as long as we're not sure we can trust him 100%.

us Joey Champion Replied 3 years ago

It's funny you said that... Thinking the site was compromised, this morning, I searched the server for "Homies", found it and replace it with "Friends". (Only after disabling ftp and ssh thinking a rogue had gotten in.
Thank you Arsalan, mystery solved.

Indonesian Arsalan Shah Replied 3 years ago

@Joey, first of all I was laughing 🤣🤣🤣🤣 while reading your question not because of your question but the keyword its funny :) Ok let me explain, users can not in anyway change those keywords nor can able to post any code that can do that.

You basically enabled Custom Strings component without readings its use. Most of people don't read what component does they just download and enabled it , later they find strange stuff on their websites.

This component changes 'Friends' to 'Homies' just a example of what component does with langauge keywords. Just disable it and it will revert back to 'Friends'