My Smf Forum Was Hacked

[electron 0]

I dont know how but my board was hacked by some site by the name Spyhackerz.com .
I use SMF as my board and the main settings file Settings.php was hacked.
This file had the password of my DB and i dont know whether they have it or not.

They changed its content to the following:

<html><head><meta http-equiv="Content-Language" content="tr"><meta http-equiv="Content-Type" content="text/html; charset=windows-1254"><title>Hacked by Spyhackerz.com</title></head><body bgcolor="#000000"><p align="center"><a href="http://www.spyhackerz.com/'>http://http://www.spyhackerz.com/;&'>http://www.spyhackerz.com/'>http://http://www.spyhackerz.com/;& border="0" src="http://rootingsabotage.sitemynet.com/sht.jpg" width="503" height="387"></a></p><p align="center"><font face="Verdana"><b><font color="#FFFFFF"><a href="http://www.spyhackerz.com/'>http://http://www.spyhackerz.com/ color="#FFFF00">http://www.spyhackerz.com/ color="#FFFF00"></font></b></font></p><p align="center"> <EMBED src=http://spyhackerz.com/music/index.mp3 width=20 height=15 autostart="true" loop="true"></p><p align="center"> </p></body></html>

Well do you guys know of this.Do those guys have my password now.
I changed back my file and my Board is working now.

Please help as this is a very very serious matter

[Zero Ziat 0]

Holy crap! Trap Seventeen security was breached. I think they would have used an FTP server exploit or anything else, which means ALL users security is compromised.Backup your files in your computer EVERYONE.*Calling BH or OQ*

[jlhaslip 4]

*wait*

You might want to check at the SMF Support Site for clarification about whether this is a problem throughout the SMF Community or solely for your site.

Don't start making any assumptions about the Security here at the Xisto Forums or on other Xisto Sites.

There is no reason to believe this is a Xisto account holder problem until further information is obtained.

 

To begin with, alter your cpanel password immediately.

[electron 0]

Well i have asked the SMF guys lets see.

[Zero Ziat 0]

Well, yeah, the mod is right (sorry, I can't even pronounce your name, too confusing. ).I usually enter nervous stats and it ends on this, saying that I don't trust certain security or etc. Anyways, nobody knows if something is 100% secure.I think that Trap servers are 98% secure. So yeah, change your cpanel pass.I will be trying to report this to the feds unless it was framing, etc.But getting with police is actually no good, so unless this gets on high critical status, I should keep my mouse shut.

[Kubi 0]

Simply, an easy password could be the issue. Sometimes "hackers" are nothing more then "lucky guessers". Make sure your password contains is hard to guess.Something like "j42dks;;;" would work very nicely infact. (DON'T USE IT). Somelike "coolio" is to easy.Backup all your files, you should do this everytime you change a setting anyways.

[fffanatics 0]

Most likely what happened is that they put code into one of your db search fields and or logins and depending on the code they used, it can allow them to pull data from your setting files and or from your database giving them access to it. I used to have a phpnuke site and after being hacked, i read a ton of articles on how to secure it. However, it just cant be done since with every new version of software there are new flaws that are created. I would make sure you update your forum to the newest version since the security vulnerabilites will be the least likley known and always update to the new version no matter what anyone tells you. Also, make sure it is hard to identify exactly what type of forum you are using since it will make it harder hack. Finally, change all your passwords just in the case they found them because they will be back if they do.

[BuffaloHelp 24]

If your account was compromised, there wouldn't be any left of your files and database... right? Think before you assume.

Which version of SMF were you using? And did you follow all SMF standard setting instruction, such as CHMOD?

A bug in PHP causes a vulnerability in SMF 1.1 RC2-1. You can install this patch (click here to install) to patch your version of 1.1 RC2 to 1.1 RC2-2.
We received a report detailing a bug in PHP (improper deletion of hash values in the zend_hash_del_key_or_index() function), causing a vulnerability in SMF. We have addressed this issue in this release. We urge everyone who is using an earlier release of SMF 1.1 to update immediately.

So have you upgraded to 1.1 RC3?

[Panzer 0]

You also may have left the install file in, CHMODDed a file where it wasnt neccesary. All of those things can compromise security.

[darran 0]

I am pretty certain that Xisto's security should not be put into question here. I have been with Xisto for almost 2 months and there is nothing but praise for them from me. The problem is there are so many hackers out there who are really good in their hacking skills but then again, I don't think they would hack your site without any reason unless they are a group of hackers picking on a random site to hack just for the thrill of it. Another issue would be your usage of SMF forums, IMO price determines everything. You pay for what you get. In regards to forums/message boards it is best to get a paid 1 like IPB and VBulletin because these are the ones who will usually have a very strong security and there are constant updates in regards to the security level in a particular version. The way I see it, I think this could be more of a settings problem made by you or even a SMF issue. But it is very unlikely to be a Xisto account because from what I know, none of us experienced a problem of getting hacked like that.

[michaelper22 0]

The config file should not be chmodded to 777. That allows access to the world, which is never desirable. In truth, if it wasn't for the fact that the web server and cPanel run on different users, no file or directory should be set to 777. Normally files should be set at 644, and scripts at 755, which are much safer values.

[electron 0]

If your account was compromised, there wouldn't be any left of your files and database... right? Think before you assume.
Which version of SMF were you using? And did you follow all SMF standard setting instruction, such as CHMOD?
So have you upgraded to 1.1 RC3?

I am using RC3 and it was only hacked.

Also i am not raising the question the Xisto has a security hole.
I thought u guys might be knowing something

[BuffaloHelp 24]

That is quite interesting news... only 1.1 RC2 and RC2-2 were effected due to security exploit. RC3 should have fixed this error.Be sure to change your Settings.php to CHMOD 744 so that it's only read only mode. Whenever you need to upgrade or modifying change back to 777 and then change it back.This will increase your security.

[iGuest 3]

they took my site down too. I

My Smf Forum Was Hacked

 

Replying to jlhaslip

 

They took my site down too. I'm using SMF

I am having problems getting my host company to recognize my ownership of my domain.

I think I'm screwed

 

-reply by will