Hello, yesterday my VPS server with 3gb mem was crashed due to out of mem problem. As far as I understand logs my testimonials page was attacked. How do I secure comments and reviews so only registered and loged in members would see this.
There should be an option under the 'Discussion' addon's edit area.
“Administrator must approve posts submitted by:”
Approved to show, however registered or not anyone can submit data
Injections were aimed to add extra description features to product pages and testimonials.
Are you using the Image verification setting for your forms? This should prevent bots from being able to do any damage since it will not post the comments/info and only show the Error: Incorrect or missing confirmation code.