What we did
- Installed Discourse
- Bypassed bootstrap mode, for doing setup of custom maintenance page
- Uploaded backup file and restoration was almost begin.
At this point, when I checked Forum homepage, I got shocked to see some unrecognized topic.
- Someone posted Topic behalf of me with trolling comment
- My Forum title, description, admin profile username, email everything was changed to make fun.
The best part, as backup restoration finished and site went live, and everything normal.
But, it’s worry point that in blank installation for approx 10 minutes, it was posted something which I completely don’t recognize. Even, I had strong password for the admin username.
I am just shocked. The NGINX logs details represent Topic URL with some IP, but that is not sufficient. I would like to know the series of details.
- From which IP Topic was posted, profile username was changed, before site restoration and more details to find out the possible root cause.
Thanks a lot.