SMF Support > SMF 2.0.x Support

Big problem: Anyone can become admin?

(1/1)

X3mE:
Ok, I've had my forum attacked a couple of times last week. It appears that the attacker registers and gives admin privileges to himself. I don't know how it is possible, but I'm guessing it is a security hole in SMF 2.0 beta 3.1.

Luckily, no big damage was done (mostly because he obviously had no intentions to do serious damage, he was just messing around), and my mods alerted me right away so I banned him asap, but I would like to prevent this from happening in the future.

Currently I have set the admins to approve all registrations, but that's not good enough protection.

H:
There are currently no known security problems with SMF.

I'd enable report generation in Admin > Features and Options > Core Features and then check your permissions to ensure you haven't allowed users to change their own membergroup or something similar.

See: Generate Reports for more info.


To be on the safe side you may also want to file a Security Report

X3mE:

--- Quote from: H on August 03, 2008, 04:31:32 PM ---I'd enable report generation in Admin > Features and Options > Core Features and then check your permissions to ensure you haven't allowed users to change their own membergroup or something similar.
--- End quote ---

No, the permissions are good.


--- Quote from: H on August 03, 2008, 04:31:32 PM ---To be on the safe side you may also want to file a Security Report

--- End quote ---

Ok, I've filed one.

Navigation

[0] Message Index