1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

My SMF forum got hacked!

Discussion in 'Forum Management' started by Imran, Jul 13, 2005.

  1. #1
    For the first time I never ever heard about this but to my fortune my own smf forum got hacked not completly but sufficient damge to cuase the problem of session where no one can login and post anything!
    Now Im upgrading from 1.0.4 to 1.0.5 hope this will solce this problem!
    SEMrush
     
    Imran, Jul 13, 2005 IP
    SEMrush
  2. vectorgraphx

    vectorgraphx Guest

    Messages:
    545
    Likes Received:
    16
    Best Answers:
    0
    Trophy Points:
    0
    #2
    looks like smf forum has an sql injection vulnerability. It's a pretty recent discovery, but it does seem to apply to 1.04, but i'd definitely double check 1.05. SQL injection is pretty easy to defend against, google it and you'll get a ton of webmaster guides. It basically occurs when the data sent to an sql statement is not "cleansed" of the apostrophe, and when the sql engine parses the request, the apostrophe can end a variable in your statement, and allow a hacker to basically hijack your sql statement, and do some serious damage. hope you've got backups...

    here's a security bulletin about SMF 1.04:
    http://www.securiteam.com/exploits/5HP0N0KG0O.html


    also, here's a link to a good explaination of sql injection, offering some programmical fixes in case SMF 1.05 still has this vulnerability:

    http://www.securiteam.com/securityreviews/5DP0N1P76E.html

    hope this helps

    VG
     
    vectorgraphx, Jul 13, 2005 IP
  3. J.D.

    J.D. Peon

    Messages:
    1,198
    Likes Received:
    64
    Best Answers:
    0
    Trophy Points:
    0
    #3
    Make sure you figure out how they got in, the extent of the damage they caused and the extent to which they penetrated your system. That is, if the vulnerability they used gives them access to the OS - e.g. buffer overflow, or some forms of SQL injection may allow them to execute arbitrary code on your machine, which may, in turn, allow them to leave some code on your machine that will remain dormant for the time being, until activated later. In this case your safest option would be to reinstall the OS and restore your forum data from a back up.

    J.D.
     
    J.D., Jul 13, 2005 IP
  4. Imran

    Imran Notable Member

    Messages:
    2,343
    Likes Received:
    191
    Best Answers:
    0
    Trophy Points:
    230
    #4
    Thanks for the information.
    I just sent one email to SMF and also Powweb my host! for that site.
    I have taken the backup now in the procedure of re-installing it but this time 1.0.5, maybe in a week or so i will buy VBBulletin as my forum traffic is increasing and I need a stable and unhackable fourm, atleast VB is better never heard about this getting hacked!
     
    Imran, Jul 13, 2005 IP
  5. vectorgraphx

    vectorgraphx Guest

    Messages:
    545
    Likes Received:
    16
    Best Answers:
    0
    Trophy Points:
    0
    #5
    one thing you might also consider (big pain in the butt, but worth the effort) is changing everyone's passwords. if your hacker got in via sql injection, chances are they could have either a. created a new user with admin privileges for later re-penetration or b. downloaded the entire user table, including all usernames and passwords. re-installing from backups might just let them right back in, even if you're upgraded to 1.05. Worth every minute (hour?) it might take you, i can almost guarantee that if they got in this way, at some point they took your user/password table.

    VG
     
    vectorgraphx, Jul 13, 2005 IP
  6. I. Brian

    I. Brian Business consultant

    Messages:
    810
    Likes Received:
    59
    Best Answers:
    1
    Trophy Points:
    145
    #6
    It's also worth keeping up to date with your forum software - the SMF 1.0.5 patch was released a short while back.
     
    I. Brian, Jul 13, 2005 IP
  7. Imran

    Imran Notable Member

    Messages:
    2,343
    Likes Received:
    191
    Best Answers:
    0
    Trophy Points:
    230
    #7
    Thanks a nice suggesation, I have changed admin password but i did not look into the user groups if there is any other admin i will do that I will also send one mail to every user to change their password!
     
    Imran, Jul 13, 2005 IP