[NOTICE] How to secure your site against recent attacks

[joe90]

Just out of interest would a forum have been protected against this attack if it only permitted the use of preinstalled Avatars?

[Aleksi "Lex" Kilpinen]

Just out of interest would a forum have been protected against this attack if it only permitted the use of preinstalled Avatars?

I'm not absolutely sure, but way I've seen that hack been done, I'd say yes. The essential parts of that hack could not have been executed if avatar uploads were disabled.

[Mayur]

It has been 5 days since I installed the reCAPTCHA. Now, there is no single user registration in last 5 days. All Previous registrations seem to be done by the spambots. Thanks JBlaze.

[JBlaze]

It has been 5 days since I installed the reCAPTCHA. Now, there is no single user registration in last 5 days. All Previous registrations seem to be done by the spambots. Thanks JBlaze.

Glad I could help

[KensonPlays]

Sorry to post in a old topic, but GoDaddy has apache 1.3.33 I think, isn't that a Old Version?

[JBlaze]

Considering I use Apache 2.2, yea I'd say so...

GoDaddy fails, that's all there is to it.

[Kill Em All]

Wow, that really is old. Evening mine is using 2.2.14.

[Allusion]

And I've seen [unverified] reports that some GoDaddy servers are running MySQL 4.0.x... Not necessarily a security problem, but I wonder what really, really old versions of other software are running there.

[perfec2]

I have disable uploading of anything in the forum includes Avatar. But I notice users are not comfortable with that. Is there away I can navigate around this challenges without risking hacking of the forum?
I am thinking of using a different domain where I can use its folder is instoring attachments and avatars, I don't know if this would solve it or is it thesame thing? Please advice what is the way out.

[Dzonny]

I suggest to make a user gropu wich is users below (for example) 10 posts. For them you can disable uploading avatars, attachments etc (but you can enable them to select avatars from server), and for other grups you can enable this futures. Ive did this at my forum, and have no problems.
Of course, you should always use the latest version of smf.

[Paul_Pauline]

This topic is 15 months old 

As far as I am aware, there is no current risk associated with allowing the uploading of attachments and avatars.

[perfec2]

 Dzonny, what are the steps to do that?

Paul_Pauline, I am using SMF 1.1.11 is that covered?

[Paul_Pauline]

The official opinion, as far as I am aware, is that there are no know security issues with 1.1.11   

[Dzonny]

Paul_Pauline, youre right, but however i think that better is to be careful, and not to enable all users to upload everything they want to server

[perfec2]

I am glad about these two opinions I am getting. I will enable the attachments and avatars upload, having assured there is no security challenges involved.
Dzonny, how would I set the option you suggested?

[Dzonny]

Make a new group in admin panel, and set persmissions to it, so it suit the situation.
See links below for more informations:
Membergroups
Permissions

[perfec2]

Thanks this is helpful and able to achieve that.

[great nuvi]

Hi to all.
Im sorry if I revived an old topic.

Im a new user of SMF and currently experiencing some sort of unwanted registration to my forum.
There been registrations that coming from same IP. I would not mind it logging in same IP but they never post any.
What I did is put that IP in banned list.
What should I do in the future to prevent this unwanted signing up/registrations.
Im using SMF 1.1.11, do I need to upgrade it/modify
Thanks a lot

[Dzonny]

Hello there.

Youre using the latest stable version of smf, so there is no need to upgrade anything.
What u can do, is to install some of Spam prevent mods from our mods site, if problems is bots.
However, if problem is humans, then all you can do is to ban them and hope that they will not register again.

Regards.

[great nuvi]

Thanks. I'll do that.

At the moment no more registration from that IP.

Regards