Topic: Flash banners, a secruity risk?

[-SyN-]

I recently had one for my forum and as of today I sign off of my pc and returned about an hour not only to find my forum in maintence mode but my account deleted as well. All the admins passwords were changed as well.

Next I chmoded the forurm directory to 0 and deleted my DB and restored it. Al lwas fine until it happened again less than 5 min. this time the entire forum was wiped out with the maintence mode left being seen.

I had a flash banner for a logo for about a week and 1/2 now and I am assuming that may be the case. I think since nothing like that has happened before. I'm just trying to get some advice and see if the banner is really an issue. I was using 1.1RC2 btw.

[H]

Flash banners probably aren't able to do anything that complex although its possible.

Which version of SMF are you running?

Any mods?

[Dannii]

If it was your banner it's very unlikely to be the cause of your problems. If someone had a flash file hosted externally that could be a big risk though.

[-SyN-]

well I have been hacked again without the flash problem. I even went as far as deleting all of my tables in the database and restoring them. with the tables missing from the database, this is what I seen

www.known2own.net/forumz/

The first time it happened My account was deleted and all other admins and users could not log intothe site and forums. and the forum was left in maintence mode. So I deleted the databse and made a new one and reinstalled smf 1.1RC2 with the security patch that it offers in the package manager. I used a sql file backup thats was about a week old to restore the forum. after that I used the Nexus theme I purchased from Bloc and loded a few mods:

Visual Warning System
Smf Shoutbox (not Ultimate)
Youtube bbc tag
Google Video bbc tag
Simpleshack
spoiler tag "the newest version"
Googlebot and use the who.template.php with it
and the users seen today mod. (Forgot the actual name of it.)

And yes I know how to make mods work with custom themes if you were wondering or if it matters.

I didnt use a flash banner this time because of me thinking that it was the problem since I read about the so called security issues. Anyway this has happene after I installed the smf Shoutbox for the first time. I would hate to get rid of that mod because I love it. But I dont know Ill do whatever to prevent this from happening again. Still the link to my forums remained the same even if I completely deleted the database, reffering to the maintenance mode message.

Any help?

And yes I submitted this to the security report section btw.

[Isaac]

Does the YouTube mod imbed the video?

[-SyN-]

sorry about the complaining but I did some searches and found the repair_settings.php in the tools section and ran it and noticed that,

1. the forum was in maintenece mode

2. my databse name was changed (not the actual mysql db itself)

3. had to adjust a few things

after that all is well, "for now" I hope this wont happen again but if it does I know how to fix it. I hate to have to repeadately run that file just to fix something that should of never happend in the first place.

@ Isaac

The youtube mod, like the google vid mod allows vids to be played on your forum. From another post I read, it doesnt steal anything from the actual site, its just a tag that lets you insert the vid code found at the end of a youtube or google vid link.