SMF 1.0.17 / 1.1.9 / 2.0 RC1-1 Patch is out! Click here to download.
Considering the recent mass attack on SMF forums over the past week, and seeing as I, myself, have helped many users to get their sites back, I am posting this so you can prevent being attacked.
Following these simple instructions will make your forum invulnerable to the recent attack by uploadable avatar.
Here are a few other things that you may find interesting. These were submitted by other members.http://www.simplemachines.org/community/index.php?topic=307717.msg2057480#msg2057480http://www.simplemachines.org/community/index.php?topic=307717.msg2053661#msg2053661http://www.simplemachines.org/community/index.php?topic=307717.msg2046772#msg2046772http://www.simplemachines.org/community/index.php?topic=307717.msg2060807#msg2060807
1) Disable attachment & avatar uploads
This includes uploads from URL's as well.
Disable from Admin
-> Attachments and avatars
-> Avatar Settings
- Uncheck "Download avatar at given URL
- Uncheck all: "Membergroups allowed to upload an avatar to the server"
-> Attachments and avatars
-> Attachment settings
- Attachments mode: Disable attachments
2) Ask your host if their servers/software are up to date
- Most hacks are effective when the host has outdated software such as old versions of PHP, Apache and MySQL for example.
- Don't be scared to ask your host if their side of security is up to date. It is their responsibility to help protect you as well.
- Check your hosts versions of MySQL, PHP, Apache, etc. Make a file called phpinfo.php with the following content:
Place that file into your root directory and execute it by navigating to it directly
3) Update SMF to the latest version
This is a big issue as pervious versions of SMF have well known secuity issues and leave you vulnerable. It is important to upgrade when newer versions are out.
4) Install Anti-Spam measures
This is important, as it will save your forum in the long run.Install the Stop Spammer mod.
Install the reCAPTCHA for SMF mod.
- This mod will prevent spam signups as it cross-checks all registrations with the Spam Blacklist.
- Any registrations that check positive will be sent to the Admin approval bin.
- This mod provides better captcha verification.
- It will stop MOST spam and hackers from registering.
5) Don't Ignore Your Members or Forum
Most owners/Admins think that their forums will run themselves. Hacks and spam do the most damage when an admin/owner/moderator fail to do their job. Keep a constant eye on your forum at all times.
Following these simple steps will secure your forum. Should you have any questions, or feel that I have left something out, do not hesitate to ask them here. But please, Do Not
PM me with questions