I got repeated information mail from jdowbnloads of my site about an upload from guest (means unknown). I find these files in my jdownloads area. But in configuration I limited upload in frontend to user group "special".
Luckily I do not publish files automatically, because they was a virus in a zip file!
Is this a security bug, or did I miss any configuration to deny anonymous upload?
PS: Using J!2.5.24, JDownloads 18.104.22.168 with the following PlugIns: Button 2.0.2, Content 2.0.10, Search 2.0.1