Hacker accessing forum without logging in.

Started by kwumail, August 16, 2007, 10:06:10 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

kwumail

August 16, 2007, 10:06:10 AM
Hacker accessing forum without logging in.

I need help.  There is apparently some vulnerability in SMF.  Someone has been hacking our boards.  He is doing this without a Trojan.  When I ban him, he somehow unbans himself and then gives himself Administrator status again.

I then deleted his user account, now he's able to still access Administrator rights WITHOUT logging in.  He's been changing posts and such without logging in.

I've only managed to make him stop by removing the ability to view boards unless you're registered.  I believe he must be using the Help section somehow to access.  Because the few times I could see him, he was viewing some pop up in the help section.

Can you please look into this?  Thank you.

Lilac

#1
August 16, 2007, 10:16:54 AM
You should at least tell us where your forum is, what version you are using and any mods you have installed.
Elliquiy Adult Role playing is a mature roleplaying community with some 500,000 posts in over 100 boards.

I don't know everything.  Please ask questions in the support forums instead of PMing me!

SleePy

#2
August 16, 2007, 12:16:26 PM
There is currently no security holes with the latest version of SMF (1.1.3).

If you believe that this was done through SMF please fill out a Security Report

Make sure to change all your passwords to everything (admin, cpanel, database, ftp, etc).
Upgrade anything that is not using the latest stable versions of their softwares.
Jeremy D ~ Site Team / SMF Developer ~ GitHub Profile ~ Join us on IRC @ Libera.chat/#smf ~ Support the SMF Support team!

NeMoD

#3
August 16, 2007, 05:11:36 PM
and check your Guest permissions, I accidentaly checked it so guests can change my news, and well it took me awhile to figure it out  :P
Print
Go Up Pages1
User actions
Advertisement: