My Forum got hacked by: SnakE1095

[I AM Legend]

thanks for the info

[I AM Legend]

ok here is what I am doing at present, all directorys and folders im setting to 755 and all files and all .php files setting to 644, if anyone has any better ideas now would be a good time to air them, thanks

[H]

Permissions didn't cause this problem. Having permissions as 777, doesn't mean people from the internet can change your files.

You may as well leave them as is as there will be minimal, if any difference.

[I AM Legend]

ok cool, so what did cause this problem?
how did he get in ?

[I AM Legend]

Hi All,
So does anyone have the answer to the questions I posted 3 days ago?
(ok cool, so what did cause this problem?
how did he get in ?)

I feel, that this is weird, my forum was not not upgrade from 1.1.5 to 1.1.6, it was a fresh 1.1.6 install, and so far the only help I have received on here about my forum being hacked was from a non smf staff member, his advice "you need to change the index.php file".

Smf staff have been telling me to go and look at various articles that say having your folders and files 777 is all fine.
Which from having read these articles no one else agrees with, this also includes my own host.

With help from my host, now none of my directory/folders and none of my files in them are 777 anymore.
Also each directory/folder is now password protected with different name and password for each directory/folder.

Doing it this way means, when you want to install a mod or whatever, you need to access your host cp, make packages 777, install whatever it is, then take 777 away again, and it does not take long at all to do it.

Safety is better the usability with open access to your forum.
I know SMF staff are busy, but when ever you have time, i`d still like an answer to my 2 posted questions from 3 days ago:
ok cool, so what did cause this problem?
how did he get in ?
Thanks as always
Rob

[ChainLightning]

Well, the most obvious part is that he was able to access your root directory and replace your index.php with his. That means he somehow got access to your server. If it wasn't by guessing your username and password, he might have picked the information out of your Settings.php - which contains everything he'd need to know, to access your server.

While it's possible for someone to run a script to do all that, SM does it's very best to protect those files. Your host blaming SMF for it's lack of security measures is just as premature as any of us blaming your host. Ideally, you want BOTH to be as secure as possible. But flaws exist and hackers are in the business of locating those weaknesses.

How did he do it? Who knows. You'd have to ask the hacker. How can you stop it? Depends on what he used to get at your server. If he used your Settings.php file, then protect that file from him or someone like him, ever getting it again. Maybe protect your index.php from being modified or rewritten. But if he has server access, HE may be able to chmod the file (and any others that he wants to) all he pleases. That's a host security issue - if that were the case. He shouldn't be able to change the permissions on anything.

[I AM Legend]

Woh, Ty Dude, for the info, and ty for the in depth info and lastly ty for responding to my post.

[greyknight17]

I find it funny in a way when most hosts blame SMF for security issues on their end. Either they can't figure it out or are too lazy to look into it further themselves until it becomes a global issue for all the users on their servers. For the most part, if you are using the latest SMF version it's pretty much as stable as it comes. There are cases when a new exploit is found and if that's the case, you may report it as mentioned earlier. From what I have seen, all the hacked forums that were outdated that had a similar message from the hacker were all due to their servers not being secure.

[ChainLightning]

^ That's true for me, as well. Virtually every single hack-in I've seen or heard of was from insecure servers, too. "The usual culprit," as it were. Probably gives us a biased opinion against a few different hosts

I AM Legend? One other thing that should probably be mentioned is about server passwords. One of my SMF friends, here, gave me a link to check my password security. Because I use it, my passwords are even more difficult to *guess*. It's not a guarantee, but it helps.

http://www.microsoft.com/protect/yourself/password/checker.mspx

[I AM Legend]

@greyknight17
Hi Dude, thanks for the reply, I am in no way blaming smf, I have been asking for help and frankly getting none.
I filled out the smf security report and heard nothing back, I posted and asked for help numerous times.
Having a forum is new for me, so, I have always come here and either asked for help from the smf staff or searched smf for the answers, rather then jumping on in there head first myself and making a complete mess of things and then lol asking for help.
I had a friend take a long look at both my smf package and my hosting package, he is a computer programmer of 20 years, he did not like all the 777 access but having said that, he did not like both my hosting package and the software the host is using.
He wrote an email for me to my host stating various things and improvements needed, lol made me very unpopular with my host, but such is life, always better to be safe then be sorry.

@ ChainLightning thanks for the help and info you have provided, my friend agreed with a number of points you made, main one, was email the hacker, not from my home pc, and ask how he/she did it.
I would never have thought of doing that to be honest.
I had changed all passwords to my forum and my host after the hack, when I changed folder permissions after the hack, I re changed all passwords for my host, my forum, and directory's/folders and so on and tested them, they all came up as strong, which isn't the best, so I have re changed them all again lol, they now come up as "The Best", so Ty for the advice from both of you.

As for blaming my Host or Smf over my forum being hacked,
Weather my host is blaming Smf, or Smf is blaming my host, to be honest, I dont care, I am stuck in the middle of all of this still asking for help.
This comment will best explain how I feel on this, A guy once said to me, You dont like me at all, my reply was, I dont know you well enough to like or dislike you...

Thanks as always to the Smf staff who have always provided help to me.
Rob

[greyknight17]

Hi Rob, if you can try not to use 777 for the folders. Set all your main folders to 755 and the files to 644. This is just an extra security measure to take, but it won't matter much if the webhost is compromised due to a security snafu on their end. I'm sure SMF has bugs and security holes, but whenever they are found, the developers usually do a great job sending out an update to patch it up. Which brings me to one last thing. Make sure you have the latest version of SMF installed. A lot of users try to avoid it and some of them end up being hacked.