krisbarteo joined my forum, no posts, if i understand correctly this is a known hacker. i banned him right away, i dont think there was any avatars in the folder, but there was a blank.gif that i dont remember being there so i deleted that as well, after reading a bit more i wish i saved that file to check it.
forum is running fine, what should i check to see if he's done anything?
He joined mine as well, and now my site is hosed. Having problems seeing it in IE8, Firefox, and chrome. Safari seems to work for some reason.
I noticed some code in the php files that I don't think was there before. Also checking the source on my home page shows a bunch of spam/links in the divider.
Would like to know how he did that so it can be prevented. I don't feel like trying to clean up everything so I'm about to just delete, re-install, and hope for the best.
Be sure to take a look at this topic - http://www.simplemachines.org/community/index.php?topic=309717.0
There will be a patch in the near future addressing these security issues. :)
BTW I guess I should have posted in the 1x forums. I came to 2.0 to see if this version was safe from the attack. Reading the other threads on it now. Thanks!
It's affecting both versions from what I understand. SMF will be releasing a patch for this as soon as possible.
Bugger got me as well. Says he lives in monaco. What a nugget.
Follow the instructions here if you want to check everything: http://www.simplemachines.org/community/index.php?topic=313201.0
Do is SMF2.0 RC1.2 safe from this "krisbarteo" or any other alias he may use?
Nevermind, the exploit was removed for SMF 2.0 RC1