Even the latest version is not secure, here is my access log before the server had been hacked.

example.com:80 110.77.249.137 - - [09/Sep/2012:07:56:03 +0700] "POST /index.php?q=fckeditor/xss HTTP/1.1" 200 20 "http://example.com/node/101010" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1"

Even worse that fckeditor is not developed any more. Has any one face this problem too, I appreciate any kind of your help eg. server settings, modified version of the module, latest fckeditor code etc.

Comments

noomz’s picture

Status: Active » Closed (works as designed)

Closed, the site that had been hacked use another version