News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

Hacked

Started by Johnboy1974, March 27, 2015, 06:06:30 PM

Previous topic - Next topic

Johnboy1974

Guys my forum was hacked tonight. I found 3 new unauthorised members and one was posting links to russian websites. I immediatly changed the password  for myself and my one other administrator and deleted all the rouge posts. This appears to have stemmed it for now but what other precautions should I do to ensure the safety of the forum. I do have a full back up from one week ago.

LiroyvH

What do you mean exactly by unauthorised members?
((U + C + I)x(10 − S)) / 20xAx1 / (1 − sin(F / 10))
President/CEO of Simple Machines - Server Manager
Please do not PM for support - anything else is usually OK.

Johnboy1974

The member who posted the links was not approved by myself or the other administrator.
When I looked up the latest member there was 3 approved today but none of them were approved by me or the other administrator. I'm hoping they guessed the passwords for the administrators but maybe they've found a back door in.

Bigguy

Is your registration set to admin approval only when people register. ??

Johnboy1974

Quote from: Bigguy on March 27, 2015, 07:25:24 PM
Is your registration set to admin approval only when people register. ??

Yes, we are a small private forum for taxi drivers. Every member has to be met by myself or the other admin in order to ensure that they are genuine taxi drivers. We do this before we approve their membership of the forum.
I caught the attack within 20 minutes of it starting and I have changed the passwords for anyone who can approve new members and thus far we have new members popping up. I have also deleted all the posts that those unauthorised members posted.

Illori

do you have tapatalk installed? i believe people using that mod have reported that people can register and get in without approval.

Kindred

more specifically... What mods do you have installed?
what is your smf version?
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Shambles

Quote from: Illori
do you have tapatalk installed? i believe people using that mod have reported that people can register and get in without approval.

Spot on.

The current plugin has a setting whose default allows this

Automatic approval for user registered from Tapatalk

Illori


Johnboy1974

#9
Hi guys I'm sorry for my slow responses I was out working in the taxi. Anyway I've uploaded a picture of my modifications. Yes the forum does run tapatalk and our smf is version 2.0.9

I've just looked at the tapatalk settings and it was indeed checked for in app registration and automatic approval. I've set it up now for redirect to external registration via the forums url http://www.glasgowtaxiforum.org and unchecked automatic approval.
The tapatalk app was updated a few weeks back so this is something I will to watch out for in future. Thank you for your help and assistance guys it's always appreciated greatly by myself and all our members.
http://tinypic.com/r/2cql1dc/8

Advertisement: