Today I noticed two posts on my SMF forum that was obviously spam (paris hilton porn, etc.). But it wasn't normal spam . . .
As soon as you click on the thread link, instead of opening up the post, it immediately opened up the attackers website. It loaded almost immediately, but was fortunately blocked by Firefox as a dangerous site.
So somehow a user was able to run code in the SMF forum to cause an automatic redirect?!
I am running the latest 1.1.7 on a linux machine. The only mod I am running is the YouTube mod.
The spammers IP is 18.104.22.168 and hostname 182-215-113-92.pool.ukrtel.net. He signed up only two user names and made a single post for each using a gmail email account.
I probably should have investigated his code more and saved the link, but I just woke up and wasn't thinking straight before I deleted everything.