For the first time I never ever heard about this but to my fortune my own smf forum got hacked not completly but sufficient damge to cuase the problem of session where no one can login and post anything! Now Im upgrading from 1.0.4 to 1.0.5 hope this will solce this problem!
looks like smf forum has an sql injection vulnerability. It's a pretty recent discovery, but it does seem to apply to 1.04, but i'd definitely double check 1.05. SQL injection is pretty easy to defend against, google it and you'll get a ton of webmaster guides. It basically occurs when the data sent to an sql statement is not "cleansed" of the apostrophe, and when the sql engine parses the request, the apostrophe can end a variable in your statement, and allow a hacker to basically hijack your sql statement, and do some serious damage. hope you've got backups... here's a security bulletin about SMF 1.04: http://www.securiteam.com/exploits/5HP0N0KG0O.html also, here's a link to a good explaination of sql injection, offering some programmical fixes in case SMF 1.05 still has this vulnerability: http://www.securiteam.com/securityreviews/5DP0N1P76E.html hope this helps VG
Make sure you figure out how they got in, the extent of the damage they caused and the extent to which they penetrated your system. That is, if the vulnerability they used gives them access to the OS - e.g. buffer overflow, or some forms of SQL injection may allow them to execute arbitrary code on your machine, which may, in turn, allow them to leave some code on your machine that will remain dormant for the time being, until activated later. In this case your safest option would be to reinstall the OS and restore your forum data from a back up. J.D.
Thanks for the information. I just sent one email to SMF and also Powweb my host! for that site. I have taken the backup now in the procedure of re-installing it but this time 1.0.5, maybe in a week or so i will buy VBBulletin as my forum traffic is increasing and I need a stable and unhackable fourm, atleast VB is better never heard about this getting hacked!
one thing you might also consider (big pain in the butt, but worth the effort) is changing everyone's passwords. if your hacker got in via sql injection, chances are they could have either a. created a new user with admin privileges for later re-penetration or b. downloaded the entire user table, including all usernames and passwords. re-installing from backups might just let them right back in, even if you're upgraded to 1.05. Worth every minute (hour?) it might take you, i can almost guarantee that if they got in this way, at some point they took your user/password table. VG
It's also worth keeping up to date with your forum software - the SMF 1.0.5 patch was released a short while back.
Thanks a nice suggesation, I have changed admin password but i did not look into the user groups if there is any other admin i will do that I will also send one mail to every user to change their password!