http://www.simplemachines.org/community/index.php?topic=12009.0
His board is being hacked since 3 days. A hacker (and it is sure it is a person, because the admin is alerted by the hacker) deletes a member of Percherie's board per day, in alphabetical order.
The admins passwords are hard to find (letters + numbers + special caracters). Since the members list is not publicly availible (you must be a member in order to see it), the hacker is probably or has been a member of Percherie's community.
The questions:
- Does SMF Beta 5 has some kind of security hole concerning this problem?
- Is there a way to include the member deletion in the moderation log, particularly if it is not an admin who perform the deletion?
- Is there a way to get the password errors with admins account in the moderation log?
The forum: http://afterfree.eurower.net/
If you (especially Unknown) need Percherie to communicate his FTP/admin account and password, just say it and he will communicate with you ;)
Thanks in advance for you help.
Firstly, there are no known bugs about this.
Secondly, get him to check his error log. His whole error log for ANYTHING suspecious.
Thirdly, as a troubleshooting measure get him to modify this code. Open ManageMembers.php and find this:
function deleteMembers($users)
{
global $db_prefix, $sourcedir, $modSettings;
Afterwards tell him to add this:
global $user_info;
if (!is_array($users))
log_error($users . ' has has his account deleted. It was deleted by ' . $user_info['name'] . ' (ip: ' . $user_info['ip'] . ')');
else
log_error(implode(',' $users) . ' have had their accounts deleted. It was deleted by ' . $user_info['name'] . ' (ip: ' . $user_info['ip'] . ')');
After making the changes above all deleting events will be in the error log - with the members name and IP address who did it. This will be a great help. Please let us know of any future developments - in particular feel free to PM myself and Unknown about any concerns they may have.
Ok, transmitting :)