Jump to content
xisto Community
electron

My Smf Forum Was Hacked

Recommended Posts

I dont know how but my board was hacked by some site by the name Spyhackerz.com .
I use SMF as my board and the main settings file Settings.php was hacked.
This file had the password of my DB and i dont know whether they have it or not.

They changed its content to the following:

<html><head><meta http-equiv="Content-Language" content="tr"><meta http-equiv="Content-Type" content="text/html; charset=windows-1254"><title>Hacked by Spyhackerz.com</title></head><body bgcolor="#000000"><p align="center"><a href="http://www.spyhackerz.com/'>http://http://www.spyhackerz.com/;&'>http://www.spyhackerz.com/'>http://http://www.spyhackerz.com/;& border="0" src="http://rootingsabotage.sitemynet.com/sht.jpg" width="503" height="387"></a></p><p align="center"><font face="Verdana"><b><font color="#FFFFFF"><a href="http://www.spyhackerz.com/'>http://http://www.spyhackerz.com/ color="#FFFF00">http://www.spyhackerz.com/ color="#FFFF00"></font></b></font></p><p align="center"> <EMBED src=http://spyhackerz.com/music/index.mp3 width=20 height=15 autostart="true" loop="true"></p><p align="center"> </p></body></html>

Well do you guys know of this.Do those guys have my password now.
I changed back my file and my Board is working now.

Please help as this is a very very serious matter

Share this post


Link to post
Share on other sites

Holy crap! Trap Seventeen security was breached. I think they would have used an FTP server exploit or anything else, which means ALL users security is compromised.Backup your files in your computer EVERYONE.*Calling BH or OQ*

Share this post


Link to post
Share on other sites

*wait*

You might want to check at the SMF Support Site for clarification about whether this is a problem throughout the SMF Community or solely for your site.

Don't start making any assumptions about the Security here at the Xisto Forums or on other Xisto Sites.

There is no reason to believe this is a Xisto account holder problem until further information is obtained.

 

To begin with, alter your cpanel password immediately.

Share this post


Link to post
Share on other sites

Well, yeah, the mod is right (sorry, I can't even pronounce your name, too confusing. :)).I usually enter nervous stats and it ends on this, saying that I don't trust certain security or etc. Anyways, nobody knows if something is 100% secure.I think that Trap servers are 98% secure. So yeah, change your cpanel pass.I will be trying to report this to the feds unless it was framing, etc.But getting with police is actually no good, so unless this gets on high critical status, I should keep my mouse shut.

Share this post


Link to post
Share on other sites

Simply, an easy password could be the issue. Sometimes "hackers" are nothing more then "lucky guessers". Make sure your password contains is hard to guess.Something like "j42dks;;;" would work very nicely infact. (DON'T USE IT). Somelike "coolio" is to easy.Backup all your files, you should do this everytime you change a setting anyways.

Share this post


Link to post
Share on other sites

Most likely what happened is that they put code into one of your db search fields and or logins and depending on the code they used, it can allow them to pull data from your setting files and or from your database giving them access to it. I used to have a phpnuke site and after being hacked, i read a ton of articles on how to secure it. However, it just cant be done since with every new version of software there are new flaws that are created. I would make sure you update your forum to the newest version since the security vulnerabilites will be the least likley known and always update to the new version no matter what anyone tells you. Also, make sure it is hard to identify exactly what type of forum you are using since it will make it harder hack. Finally, change all your passwords just in the case they found them because they will be back if they do.

Share this post


Link to post
Share on other sites

If your account was compromised, there wouldn't be any left of your files and database... right? Think before you assume.

Which version of SMF were you using? And did you follow all SMF standard setting instruction, such as CHMOD?

A bug in PHP causes a vulnerability in SMF 1.1 RC2-1. You can install this patch (click here to install) to patch your version of 1.1 RC2 to 1.1 RC2-2.
We received a report detailing a bug in PHP (improper deletion of hash values in the zend_hash_del_key_or_index() function), causing a vulnerability in SMF. We have addressed this issue in this release. We urge everyone who is using an earlier release of SMF 1.1 to update immediately.


So have you upgraded to 1.1 RC3?

Share this post


Link to post
Share on other sites

I am pretty certain that Xisto's security should not be put into question here. I have been with Xisto for almost 2 months and there is nothing but praise for them from me. The problem is there are so many hackers out there who are really good in their hacking skills but then again, I don't think they would hack your site without any reason unless they are a group of hackers picking on a random site to hack just for the thrill of it. Another issue would be your usage of SMF forums, IMO price determines everything. You pay for what you get. In regards to forums/message boards it is best to get a paid 1 like IPB and VBulletin because these are the ones who will usually have a very strong security and there are constant updates in regards to the security level in a particular version. The way I see it, I think this could be more of a settings problem made by you or even a SMF issue. But it is very unlikely to be a Xisto account because from what I know, none of us experienced a problem of getting hacked like that.

Share this post


Link to post
Share on other sites

The config file should not be chmodded to 777. That allows access to the world, which is never desirable. In truth, if it wasn't for the fact that the web server and cPanel run on different users, no file or directory should be set to 777. Normally files should be set at 644, and scripts at 755, which are much safer values.

Share this post


Link to post
Share on other sites

If your account was compromised, there wouldn't be any left of your files and database... right? Think before you assume.
Which version of SMF were you using? And did you follow all SMF standard setting instruction, such as CHMOD?
So have you upgraded to 1.1 RC3?


I am using RC3 and it was only hacked.

Also i am not raising the question the Xisto has a security hole.
I thought u guys might be knowing something

Share this post


Link to post
Share on other sites

That is quite interesting news... only 1.1 RC2 and RC2-2 were effected due to security exploit. RC3 should have fixed this error.Be sure to change your Settings.php to CHMOD 744 so that it's only read only mode. Whenever you need to upgrade or modifying change back to 777 and then change it back.This will increase your security.

Share this post


Link to post
Share on other sites

they took my site down too. I

My Smf Forum Was Hacked

 

Replying to jlhaslip

 

They took my site down too. I'm using SMF

I am having problems getting my host company to recognize my ownership of my domain.

I think I'm screwed

 

-reply by will

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.