Advertisement:
Advertise With Us!

Author Topic: [NOTICE] How to secure your site against recent attacks  (Read 205331 times)

Offline zilladotexe

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 11,057
  • Gender: Male
    • zilladotexe on GitHub
    • @zilladotexe on Twitter
    • XboxLeaders.com
[NOTICE] How to secure your site against recent attacks
« on: May 11, 2009, 08:05:23 AM »
SMF 1.0.17 / 1.1.9 / 2.0 RC1-1 Patch is out! Click here to download.

Considering the recent mass attack on SMF forums over the past week, and seeing as I, myself, have helped many users to get their sites back, I am posting this so you can prevent being attacked.

Following these simple instructions will make your forum invulnerable to the recent attack by uploadable avatar.


[EDIT]
Here are a few other things that you may find interesting. These were submitted by other members.


http://www.simplemachines.org/community/index.php?topic=307717.msg2057480#msg2057480
http://www.simplemachines.org/community/index.php?topic=307717.msg2053661#msg2053661
http://www.simplemachines.org/community/index.php?topic=307717.msg2046772#msg2046772
http://www.simplemachines.org/community/index.php?topic=307717.msg2060807#msg2060807



1) Disable attachment & avatar uploads
This includes uploads from URL's as well.
Disable from
Admin -> Attachments and avatars -> Avatar Settings
  • Uncheck "Download avatar at given URL
  • Uncheck all: "Membergroups allowed to upload an avatar to the server"

Admin -> Attachments and avatars -> Attachment settings
  • Attachments mode: Disable attachments



2) Ask your host if their servers/software are up to date
  • Most hacks are effective when the host has outdated software such as old versions of PHP, Apache and MySQL for example.
  • Don't be scared to ask your host if their side of security is up to date. It is their responsibility to help protect you as well.
  • Check your hosts versions of MySQL, PHP, Apache, etc. Make a file called phpinfo.php with the following content:
Code: [Select]
<?php
phpinfo
();
?>
Place that file into your root directory and execute it by navigating to it directly
Ex. http://www.mysite.com/phpinfo.php



3) Update SMF to the latest version
This is a big issue as pervious versions of SMF have well known secuity issues and leave you vulnerable. It is important to upgrade when newer versions are out.




4) Install Anti-Spam measures
This is important, as it will save your forum in the long run.

Install the Stop Spammer mod.
  • This mod will prevent spam signups as it cross-checks all registrations with the Spam Blacklist.
  • Any registrations that check positive will be sent to the Admin approval bin.

Install the reCAPTCHA for SMF mod.
  • This mod provides better captcha verification.
  • It will stop MOST spam and hackers from registering.



5) Don't Ignore Your Members or Forum
Most owners/Admins think that their forums will run themselves. Hacks and spam do the most damage when an admin/owner/moderator fail to do their job. Keep a constant eye on your forum at all times.



Following these simple steps will secure your forum. Should you have any questions, or feel that I have left something out, do not hesitate to ask them here. But please, Do Not PM me with questions :)

Regards, JBlaze
« Last Edit: May 20, 2009, 09:18:37 PM by JBlaze »
zilladotexe
Former Support & Customization     
Professional Bug Creator
Current Projects     
Xbox LIVE API
SM Classifieds
SimpleXBL
Important Links
Please, no PMs for support.
Unmanaged VPS Starting at $20/mo

Offline chrishicks

  • Full Member
  • ***
  • Posts: 457
  • Gender: Male
Re: How to secure your site against hackers/spammers
« Reply #1 on: May 11, 2009, 08:39:04 AM »
Nice write up. I have been using Stop Spammer for a while now and added the Anti-Spam Verification Questions mod (http://custom.simplemachines.org/mods/index.php?mod=1516 ) a few months back. Would you say ReCaptcha would be a better measure as in comparison to the ASVQ mod as I can't add ReCaptcha without manual edits?

Offline zilladotexe

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 11,057
  • Gender: Male
    • zilladotexe on GitHub
    • @zilladotexe on Twitter
    • XboxLeaders.com
Re: How to secure your site against hackers/spammers
« Reply #2 on: May 11, 2009, 08:41:59 AM »
Nice write up. I have been using Stop Spammer for a while now and added the Anti-Spam Verification Questions mod (http://custom.simplemachines.org/mods/index.php?mod=1516 ) a few months back. Would you say ReCaptcha would be a better measure as in comparison to the ASVQ mod as I can't add ReCaptcha without manual edits?

Thanks :)

ASVQ is nice, but doesnt stop manual spam registrations. Stop Spammer does.

reCAPTCHA is nice because spambot have a harder time with it.
zilladotexe
Former Support & Customization     
Professional Bug Creator
Current Projects     
Xbox LIVE API
SM Classifieds
SimpleXBL
Important Links
Please, no PMs for support.
Unmanaged VPS Starting at $20/mo

Offline Edvard

  • Semi-Newbie
  • *
  • Posts: 17
Re: How to secure your site against hackers/spammers
« Reply #3 on: May 11, 2009, 09:33:25 AM »
Thanx JBlaze. I had big problems with my forum but think everything is back to normal now. I just added those two packages and I hope the spamviruses will keep out.

Offline DirtRider

  • SMF Hero
  • ******
  • Posts: 1,415
  • Gender: Male
  • Just Looking
    • TriumphTalk
Re: How to secure your site against hackers/spammers
« Reply #4 on: May 11, 2009, 09:43:07 AM »
Very good thanks for taking the time to post this  :D
http://www.triumphtalk.com

"The real question is not whether machines think but whether men do. "

Offline Granular

  • Semi-Newbie
  • *
  • Posts: 69
Re: How to secure your site against hackers/spammers
« Reply #5 on: May 11, 2009, 09:54:03 AM »
Great info, thanks.

Just wondered if you need to revoke these permissions for ALL membergroups, if any additional groups (over and above Regular Memebers) need to be administered by me?  Didn't realise there was a spate of attacks so glad I checked in!

Cheers

G

Offline zilladotexe

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 11,057
  • Gender: Male
    • zilladotexe on GitHub
    • @zilladotexe on Twitter
    • XboxLeaders.com
Re: How to secure your site against hackers/spammers
« Reply #6 on: May 11, 2009, 09:59:22 AM »
Great info, thanks.

Just wondered if you need to revoke these permissions for ALL membergroups, if any additional groups (over and above Regular Memebers) need to be administered by me?  Didn't realise there was a spate of attacks so glad I checked in!

Cheers

G

Well, I believe it would be safe to allow attachments/avatars for select membergroups, except regular/registered users group (aka Default Membergroup), but to err on the side of caution, I would disable them outright and just link to attachments/avatars remotely.
zilladotexe
Former Support & Customization     
Professional Bug Creator
Current Projects     
Xbox LIVE API
SM Classifieds
SimpleXBL
Important Links
Please, no PMs for support.
Unmanaged VPS Starting at $20/mo

Offline Dzonny

  • Localizer
  • SMF Super Hero
  • *
  • Posts: 10,327
  • Gender: Male
  • No sleep...
    • dzontra.nikola on Facebook
    • @opusteniforum on Twitter
    • Samo opusteno
Re: How to secure your site against hackers/spammers
« Reply #7 on: May 11, 2009, 11:00:21 AM »
Great Tips JBlaze, thanks... :)
|Sistem za razmenu banera|Servisi za webmastere| My Mods

Dont't fear the reaper...
mail: dzonny (@) simplemachines.org

Offline zilladotexe

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 11,057
  • Gender: Male
    • zilladotexe on GitHub
    • @zilladotexe on Twitter
    • XboxLeaders.com
Re: How to secure your site against hackers/spammers
« Reply #8 on: May 11, 2009, 11:21:03 AM »
Great Tips JBlaze, thanks... :)

Thanks.
zilladotexe
Former Support & Customization     
Professional Bug Creator
Current Projects     
Xbox LIVE API
SM Classifieds
SimpleXBL
Important Links
Please, no PMs for support.
Unmanaged VPS Starting at $20/mo

Offline busterone

  • SMF Hero
  • ******
  • Posts: 2,097
  • Gender: Male
  • Devil Dog
    • The Demon's Den
Re: How to secure your site against hackers/spammers
« Reply #9 on: May 11, 2009, 11:24:53 AM »
Good post. I have always been wary of allowing avatar and attachment uploads by members because of this. I was not certain that an exploit was there, but always wondered and went to the cautious side of things. I am certainly glad I did. It seems this guy(or group) has wreaked much havoc.

I can't help but wonder how many more, maybe hundreds, that have not posted or searched here for answers.

Offline zilladotexe

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 11,057
  • Gender: Male
    • zilladotexe on GitHub
    • @zilladotexe on Twitter
    • XboxLeaders.com
Re: How to secure your site against hackers/spammers
« Reply #10 on: May 11, 2009, 12:00:03 PM »
Good post. I have always been wary of allowing avatar and attachment uploads by members because of this. I was not certain that an exploit was there, but always wondered and went to the cautious side of things. I am certainly glad I did. It seems this guy(or group) has wreaked much havoc.

I can't help but wonder how many more, maybe hundreds, that have not posted or searched here for answers.

Hopefully, by following what I posted, anyone who reads this will not be affected by this attack.
zilladotexe
Former Support & Customization     
Professional Bug Creator
Current Projects     
Xbox LIVE API
SM Classifieds
SimpleXBL
Important Links
Please, no PMs for support.
Unmanaged VPS Starting at $20/mo

Offline Relyana

  • Lead Localizer
  • SMF Hero
  • *
  • Posts: 1,818
  • Gender: Female
    • escvibes | Eurovision forum
Re: [NOTICE]How to secure your site against recent attacks
« Reply #11 on: May 11, 2009, 04:20:58 PM »
Please make this topic sticky (at least for a few days). It will save up tears and nerves breaking.  :)
No time is wasted unless you choose to waste it. There's always something to learn, experience, or be a part of.

Offline confusion

  • Semi-Newbie
  • *
  • Posts: 87
    • Tropical Fish Forums
Re: [NOTICE]How to secure your site against recent attacks
« Reply #12 on: May 11, 2009, 07:19:45 PM »
I highly recommend using the suhosin module with php.  It appears to have prevented the this attack on all of my forums (though I'm not certain how it helped).

Offline nina-nina

  • Jr. Member
  • **
  • Posts: 182
Re: [NOTICE]How to secure your site against recent attacks
« Reply #13 on: May 11, 2009, 08:42:59 PM »
I have not open my forum yet.  It is the first time for me with forums. Actually, I was just today setting permissions etc.  I am a little confused with "uploadable" avatars, "remote avatars" "attachment" spammers, etc.

So, I would really appreciate if you clarify where and what in the Admin panel I have to check/uncheck in order to make the forum safer.

Are you recommending not to allow members to have avatars and not to post attachemen ts?

Offline zilladotexe

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 11,057
  • Gender: Male
    • zilladotexe on GitHub
    • @zilladotexe on Twitter
    • XboxLeaders.com
Re: [NOTICE]How to secure your site against recent attacks
« Reply #14 on: May 11, 2009, 09:47:56 PM »
I highly recommend using the suhosin module with php.  It appears to have prevented the this attack on all of my forums (though I'm not certain how it helped).

Could you elaborat on what "suhosin" is? I'm not sure I've heard of it...


I have not open my forum yet.  It is the first time for me with forums. Actually, I was just today setting permissions etc.  I am a little confused with "uploadable" avatars, "remote avatars" "attachment" spammers, etc.

So, I would really appreciate if you clarify where and what in the Admin panel I have to check/uncheck in order to make the forum safer.

Are you recommending not to allow members to have avatars and not to post attachemen ts?

This can explain better than I can :)
Attachments and Avatars Manager
How do I make the board safer against hacker attacks?
zilladotexe
Former Support & Customization     
Professional Bug Creator
Current Projects     
Xbox LIVE API
SM Classifieds
SimpleXBL
Important Links
Please, no PMs for support.
Unmanaged VPS Starting at $20/mo

Offline oakview

  • Semi-Newbie
  • *
  • Posts: 10
Re: [NOTICE]How to secure your site against recent attacks
« Reply #15 on: May 12, 2009, 01:02:13 AM »
Suhosin explanation here -> http://www.hardened-php.net/suhosin/index.html [nofollow]

Offline zilladotexe

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 11,057
  • Gender: Male
    • zilladotexe on GitHub
    • @zilladotexe on Twitter
    • XboxLeaders.com
Re: [NOTICE]How to secure your site against recent attacks
« Reply #16 on: May 12, 2009, 01:23:40 AM »
zilladotexe
Former Support & Customization     
Professional Bug Creator
Current Projects     
Xbox LIVE API
SM Classifieds
SimpleXBL
Important Links
Please, no PMs for support.
Unmanaged VPS Starting at $20/mo

Offline Agafonov

  • Newbie
  • *
  • Posts: 8
Re: [NOTICE]How to secure your site against recent attacks
« Reply #17 on: May 12, 2009, 06:28:40 AM »
I highly recommend using the suhosin module with php.  It appears to have prevented the this attack on all of my forums (though I'm not certain how it helped).

We was hacked: suhosin & 1.1.8.  :(

Offline Dzonny

  • Localizer
  • SMF Super Hero
  • *
  • Posts: 10,327
  • Gender: Male
  • No sleep...
    • dzontra.nikola on Facebook
    • @opusteniforum on Twitter
    • Samo opusteno
Re: [NOTICE]How to secure your site against recent attacks
« Reply #18 on: May 12, 2009, 09:07:07 AM »
Does smf 1.1.8. have some avatar uploads security risk, or is there some known bugs or smth about this?
|Sistem za razmenu banera|Servisi za webmastere| My Mods

Dont't fear the reaper...
mail: dzonny (@) simplemachines.org

Offline Agafonov

  • Newbie
  • *
  • Posts: 8
Re: [NOTICE]How to secure your site against recent attacks
« Reply #19 on: May 12, 2009, 09:33:14 AM »
Does smf 1.1.8. have some avatar uploads security risk, or is there some known bugs or smth about this?


Be sure it does. We are awaiting corresponding patch.