don't understand this at all. this is the second time in a month that one of my sites using SMF has been hacked. here is the email I got from my ISP today:
--------------
The domain "nebikes.com" may have been exploited and used to send infected links by virus/troyan via e-mail delivery. As a result, the following files have been disabled:
public/Line.php
public/smf_bbs/Sources/Errors.php
public/smf_bbs/Sources/ManageMembers.php
public/smf_bbs/Sources/Post.php
public/smf_bbs/Sources/Profile.php
public/smf_bbs/Sources/Register.php
public/smf_bbs/Sources/Reminder.php
public/smf_bbs/Sources/SendTopic.php
public/smf_bbs/Sources/Subs-Auth.php
public/smf_bbs/Sources/Subs-Post.php
Please make sure any files you use on your site are secure.
-------------------
this is a clean version 1.0.7 install as well. This is NOT GOOD. I did the install just like instructed in the docs. any ideas how I can lock this down further?
--climber
Line.php is not an SMF file.
What exact virus/exploit was used, could you please provide the access logs of the time of the incident
http://www.simplemachines.org/about/security.php
:)
Lainaus käyttäjältä: Trekkie101 - huhtikuu 24, 2006, 01:04:04 IP
Line.php is not an SMF file.
I know...
Lainaa
What exact virus/exploit was used, could you please provide the access logs of the time of the incident
apparently the site was being used as a spambot. they sent me a copy of the message that was being sent. don't think that would help you. I don't have access to the server log files, sorry.
I have uploaded fresh copies of all the files in the sources folder. my ISP had altered the permissions on the fiels indicated so all I was able to do was to delete them. <sigh>
--climber
Without any access logs, it is impossible to determine if SMF was used for the exploit, ask your host for the relevent logs.