Site hacked -SMF no longer working

[TomaG]

My site was hacked a week ago and I am rebuilding. The site is hxxp:diabetic-diet-secrets.com/members/ [nonactive] I have upgraded to Joomla 1.0.15, Community builder 1.1 and SMF 1.1.4. I am using the SMF bridge 1.1.7 by Orstio which has been discontinued and is no longer supported.

This leaves me between a rock and a hard place. I prefer the SMF forum and want to continue to use it with Joomla. If I am forced into a choice between replacing the Joomla CMS or the SMF forum it would have to be SMF that is replaced since the site is already pretty big and has over 450 members. The forum is still not used very much.  If I can find ways to keep the SMF bridged and functioning that is my preference.

The issue I am having at present is the forum is breaking and there are two issues.

• The forum hxxp:www.diabetic-diet-secrets.com/forum/ [nonactive] Is now accessible separate from the site. Previously, only the wrapped version of the site could be seen regardless of the  url used to access it. I think this was accomplished by an htaccess file that was lost in the hack, restoration and updates. The forum is fully functional when accessed outside Joomla. 
• When the forum is used from the wrapped version in joomla there is a blank screen with this error message
  

  hxxp:diabetic-diet-secrets.com/members/forum/ [nonactive] 70.67.143.60 /members/component/option,com_smf/Itemid,143/board,4.0 hxxp:diabetic-diet-secrets.com [nonactive] Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13 404

I am hoping there is an answer for this so I do not have to switch to some other forum script.

[netridge]

I would recommend that you seek a professional to build the mod/bridge for smf and joomla. You putting yourself at risk using a tool that isn't updated or supported by the author.

[SlammedDime]

I would recommend switching to Mambo, not switching forums.

In any case, this is not a SMF problem, but a bridging problem, so I'll move your topic to the appropriate board.  Can you post the contents of your .htaccess file.

[TomaG]

.htaccess could definitely be part of the problem. It is for OpenSEF which is retired and no longer supported.

------------------------.htaccess below this line----------------------------------------
## OpenSEF Simplified htaccess File

## Can be commented out if causes errors
Options +FollowSymLinks

## mod_rewrite in use
RewriteEngine On

## If Joomla is installed in the web server root
## RewriteBase /
## If Joomla is installed in a sub-directory
## RewriteBase /directory_name_here
RewriteBase /members

## Begin 3rd-Party or OpenSEF Section
#RewriteCond %{REQUEST_URI} ^(/members/component/option,com) [NC,OR] ##optional - see notes##
RewriteCond %{REQUEST_URI} (/|\.htm|\.php|\.html|/[^.]*)$ [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule (.*) index.php
## End 3rd-Party or OpenSEF Section

## Joomla Security Section (has nothing to do with SEF/SEO)
## Begin - Rewrite rules to block out some common exploits
## If you experience problems on your site block out the operations listed below
## This attempts to block the most common type of exploit `attempts` to Joomla!
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
# Block out any script that includes a tag in URL
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]
## End - Rewrite rules to block out some common exploits

[Orstio]

I would agree with SlammedDime.

Both the SMF bridge and OpenSEF are still supported on Mambo.  Community Builder is also moving forward on Mambo, so you would lose nothing in switching.

I know I helped you with setup last year, Toma.  I'd be willing to help you also with the migration, if you'd like.

[TomaG]

Hi Orstio,

I appreciate the offer but I am just getting to where I understand Joomla a little and have lots of joomla extensions that worked pretty good before the hack and I just want to get it back to working well. The content portion of the site far outweighs the forum portion. If it comes to changing either the CMS or the forum it will regretfully be the forum. 

I am hoping I can find a way to get both back to functioning. I suspect the key for the SMF is in the htaccess. If I remember correctly, that is what you had to change last year to get everything working together.

Since I have your attention, it is still only speculation as to how the hacker got in. Have there been any reports of vulnerability with the 1.1.7 bridge? Are you willing to freelance to get SMF 1.1.4, Joomla 1.0.15 and Community Builder 1.1 working together? You can contact me through my site and give me a quote if you would prefer not to answer in the forum. hxxp:diabetic-diet-secrets.com/members/contact-us/contacts/ [nonactive]

My interest is in helping other type 2 diabetics achieve the Blood glucose I have achieved without medications. Too bad a hacker would chose to interfere with that and open source politics would make it more difficult. I will just have to deal with it and do the best I can, with what I know and have available to use.

[Orstio]

Since I have your attention, it is still only speculation as to how the hacker got in. Have there been any reports of vulnerability with the 1.1.7 bridge?

No, however the 1.1.7 bridge worked only with Joomla 1.0.12, and every release since then has had security upgrades.

Even if you do still have bridge 1.1.7, it won't work with Joomla 1.0.15.

Are you willing to freelance to get SMF 1.1.4, Joomla 1.0.15 and Community Builder 1.1 working together?

I would rather move you over to Mambo 4.6.x.  Most Joomla components will continue to work with Mambo 4.6, and you will get the added benefit of continuing to use SMF and OpenSEF.  The interface of Mambo 4.6.x is very similar to Joomla 1.0.x.  Because they are both advances from Mambo 4.5.x, the database structure is the same, and it's a very simple conversion.

Too bad a hacker would chose to interfere with that and open source politics would make it more difficult.

I'm certain that was nothing personal.  Script-kiddies run lists of possibly vulnerable sites through a script that pounds away at possible vulnerabilities at each URL.  They very rarely actually target a specific site.

[steighan]

I'm certain that was nothing personal.  Script-kiddies run lists of possibly vulnerable sites through a script that pounds away at possible vulnerabilities at each URL.  They very rarely actually target a specific site.

not to make too fine a point on it as a direct response to this quote takes us a bit OT, but that is hardly the case, at least not now.

While there has been, is, and  continues "Google blasting" where a script (usually in perl or PHP) uses Google to identify sites that use a particular platform, then a laundry list of prepacked url exploits is thrown at the site, many hack attempts that we've seen over 100's of honeypot sites and sites I work on point to a trend of deliberate targeting or focusing on a particular site, with member sign ups and the like.

much of the sites I've worked with have been people who's sites have been hacked (and the hack posted on one of the 'hack trophy sites'.)

Hackers (some kiddies) go to these sites and say, I wonder if *I* can hack them! (since they've been hacked before) oft times, the answer is yes.

It's usually as you say not "personal" even though there are a couple of instances here on this forum where ex-admins have gone back to hack the sites they've been kicked out of...