So I connected to my server today and found a spam post uploaded to the front page. I just checked. 3 obvious spam users. Oh, shit.
EDIT:
Panic Averted. I thought I'd been hacked (despite running the latest version of drupal, but it wouldn't surprise me that there's vulns that haven't been found by the good guys yet.), but it turned out I'd left authenticated users with the ability to create blog posts. Not quite what I intended, but nowhere near as bad as what I thought.
Spam users blocked, and the spam nuked. We now return you to your scheduled programming.
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCS d- s:- a? C+++ UL++ P+ L+++ E
W++ N? o? K- w-- O? M? V? PS++
PE+ Y PGP+++ t 5? X+ R* tv- b+
DI D G e* h r++ y+
------END GEEK CODE BLOCK------
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
|---|---|---|---|---|---|---|
| 27 | 28 | 29 | 30 | 1 | 2 | 3 |
| 4 | 5 | 6 | 7 | 8 | 9 | 10 |
| 11 | 12 | 13 | 14 | 15 | 16 | 17 |
| 18 | 19 | 20 | 21 | 22 | 23 | 24 |
| 25 | 26 | 27 | 28 | 29 | 30 | 31 |
