Simple Machines Community Forum

Archived Boards and Threads... => Archived Boards => SMF Feedback and Discussion => Aiheen aloitti: AtariKid - helmikuu 18, 2008, 04:43:18 IP

Otsikko: Is SMF 1.1 RC1 Vulnerable ?
Kirjoitti: AtariKid - helmikuu 18, 2008, 04:43:18 IP
It appears that someone used the 146 (Northwich) Air Cadets' website to hack into a board I frequent. Details are here (http://www.nolajbs.net/forum/index.php?topic=8829.0) and are pretty interesting. The forum is currently using SMF 1.1 RC1. Help in overcoming it's vulnerability is appreciated. I think these hackers will happen this again.
Otsikko: Re: Is SMF 1.1 RC1 Vulnerable ?
Kirjoitti: Tony Reid - helmikuu 18, 2008, 04:44:43 IP
You need to upgrade to 1.1.4 as soon as possible.

Otsikko: Re: Is SMF 1.1 RC1 Vulnerable ?
Kirjoitti: AtariKid - helmikuu 18, 2008, 05:03:20 IP
Thanks. I'll let them know.

Is 1.1.4 the latest SMF?
Otsikko: Re: Is SMF 1.1 RC1 Vulnerable ?
Kirjoitti: shadow82x - helmikuu 18, 2008, 05:05:05 IP
Lainaus käyttäjältä: AtariKid - helmikuu 18, 2008, 05:03:20 IP
Thanks. I'll let them know.

Is 1.1.4 the latest SMF?
Yes. There have been many security fixes between the versions.
Otsikko: Re: Is SMF 1.1 RC1 Vulnerable ?
Kirjoitti: Grudge - helmikuu 18, 2008, 05:10:28 IP
Not many - but one is more than enough to warrant an upgrade ;)
Otsikko: Re: Is SMF 1.1 RC1 Vulnerable ?
Kirjoitti: AtariKid - helmikuu 18, 2008, 07:16:32 IP
Lainaus käyttäjältä: shadow82x - helmikuu 18, 2008, 05:05:05 IP
Lainaus käyttäjältä: AtariKid - helmikuu 18, 2008, 05:03:20 IP
Is 1.1.4 the latest SMF?
Yes. There have been many security fixes between the versions.
No go on the upgrade. Since the board is on rc1, he's gone with the larger upgrade (choice b) and tried zip, and tar.gz, and tar.bz2 package. Both times he's gotten: The package you tried to upload either is not a valid package or has become corrupted.

Any advice?
Otsikko: Re: Is SMF 1.1 RC1 Vulnerable ?
Kirjoitti: shadow82x - helmikuu 18, 2008, 07:40:25 IP
Is he uploading the upgrade files in FTP? He cant use the SMF package manager, he must import the upgrade files than run http://forums.com/upgrade.php.
Otsikko: Re: Is SMF 1.1 RC1 Vulnerable ?
Kirjoitti: AtariKid - helmikuu 19, 2008, 12:44:52 AP
Not sure, but will send him the message. Thanks!
Otsikko: Re: Is SMF 1.1 RC1 Vulnerable ?
Kirjoitti: Bigguy - helmikuu 19, 2008, 12:56:17 AP
This might also help:

Upgrade SMF (http://docs.simplemachines.org/index.php?board=3.0;sort=subject)