Hacked!!!!!!

ksshane · September 07, 2008, 09:43:41 PM

Not sure how this happened, but my board was hacked today. www.wichitaparanormal.com

You click the enter button and the address goes to the correct address, but now it has some chanting crap on it.

Anyone know how this could have happened.

I had all the current updates.

aldo · September 07, 2008, 09:48:19 PM

You were running 2.0 Beta 3.1?

Did you have any modifications installed?

ksshane · September 07, 2008, 09:49:45 PM

2.0

only mods were the tiny portal mod, and gallery mod

ksshane · September 07, 2008, 10:31:50 PM

It looks like just the index page was hacked.

aldo · September 07, 2008, 10:41:48 PM

So you should be able to upload a fresh index.php file and it should be fixed, but if you can, you should check out your logs so you can see who might have done this and how

ksshane · September 07, 2008, 10:43:19 PM

so I reloaded just the index.php file because that is what appears to be the only thing effected, and now I get this

"Fatal error: Call to undefined function: smf_seed_generator() in /home/ksshane/public_html/wichitaparanormal.com/forum/index.php on line 86"

any ideas?

Im just hoping I can save this and not have to loose the 300 members on my site.

Any help is much appreciated

forsakenlad · September 07, 2008, 10:47:26 PM

This has happened due to a recent vulnerability that has been discovered. Please download this package:

http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-beta3-1p_install.zip

After, extract the index.php and overwrite it with your current one. When it's done go to your ACP and run the SMF 2.0 Beta 4 update package to patch the vulnerability.

ksshane · September 07, 2008, 10:56:23 PM

I just heard back from my server, and they are going to reset everything to the last time it was working (I told them this morning).

As soon as its back up Ill load the package.

Thank you guys for your help. Hopefully everything will be back to normal pretty quickly.

I dont post often, but I have been using SMF for years, and this is the first time anything like this has ever happened.

forsakenlad · September 07, 2008, 11:11:12 PM

Great to hear that you were able to get a backup restored. I would like to note that this security vulnerability wasn't caused by SMF but by the rand() function in PHP not being random enough on win32 servers.

To prevent such an issue again, I strongly encourage you to check out your package manager for possible security fixes in the future. Post here more often, we're always thrilled to have feedback from our community

ksshane · September 08, 2008, 06:52:49 AM

ok.. got everything back online about 2am.

Its showing that Im running the latest version 1.1.6. Does this have the same problem, or should I still go ahead, and load the beta version

forsakenlad · September 08, 2008, 07:13:26 AM

No It's alright

ksshane · September 08, 2008, 09:13:49 AM

Great, and thanks again for all your help.

Its funny how you get use to seeing something everyday... Take it for granted, and then when you think its gone you sort of go into a panick...lol

News:

Hacked!!!!!!