Advertisement:

Author Topic: SMF 2.0.11 being hacked?  (Read 5983 times)

Offline Mr. Lee

  • Newbie
  • *
  • Posts: 6
SMF 2.0.11 being hacked?
« on: June 05, 2016, 03:03:17 PM »
I am an administrator on a forum using this software and just began having this issue. This has happened to the forums 3 times in the last week where everyone who is on at the time shows up to have Romanian ip addresses, thus anyone who is on at the time can no longer sign back into the forum if they log out, it tells them that they are banned because I banned those Romanian ip addresses but they keep coming back with new Romanian ip addresses each time, is this a known problem and if so what is the fix. Below is our "who's online" from shortly after I caught the problem.
Thank you in advance,

Mr. Lee (5.254.110.26)
FM (5.254.110.22)
Bob (5.254.110.22)   
jj (5.254.110.22)   
bc (5.254.110.27)

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 58,316
  • Gender: Male
    • Kindred-999 on GitHub
Re: SMF 2.0.11 being hacked?
« Reply #1 on: June 05, 2016, 03:22:26 PM »
How is this a hack?

It's just spammers... Spammers have been a known problem for decades
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

Offline Mr. Lee

  • Newbie
  • *
  • Posts: 6
Re: SMF 2.0.11 being hacked?
« Reply #2 on: June 05, 2016, 03:26:54 PM »
How does a spammer change every members ip address?

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 58,316
  • Gender: Male
    • Kindred-999 on GitHub
Re: SMF 2.0.11 being hacked?
« Reply #3 on: June 05, 2016, 03:30:34 PM »
Ah, I misunderstood your comments.

You are right... It's not a spammer...  But it's unlikely to be a hack either. It sounds more like you signed up for a proxy service or installed a mod incorrectly.

Mods installed?
URL?
« Last Edit: June 05, 2016, 05:02:47 PM by Kindred »
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

Offline Mr. Lee

  • Newbie
  • *
  • Posts: 6
Re: SMF 2.0.11 being hacked?
« Reply #4 on: June 05, 2016, 03:47:59 PM »
No new mods installed in a very long time, two times it happened before we upgraded to 2.0.11 and we hoped the upgrade might fix it but it happened again yesterday. I am not a technical person, the person who was maintaining the forum stepped down quite a while back and I was asked to be one of the admins on it to just keep it going, so I have just been doing daily moderator functions.

Offline CoreISP

  • Server Admin
  • Server Team
  • SMF Super Hero
  • *
  • Posts: 17,880
  • Gender: Male
  • CoreISP.net
    • liroyvh on LinkedIn
    • @liroyvh on Twitter
    • CoreISP Corporation :: WebHosting, Dedicated Servers, and more!
Re: SMF 2.0.11 being hacked?
« Reply #5 on: June 05, 2016, 04:15:20 PM »
This can be caused by CloudFlare if its not properly configured or appropriate mods are in place, or when the host uses a reverse proxy setup like nginx in front of apache, but the mod_remoteip is failing or was not installed at all. That's if all online members, including you, show that IP.
It can also be caused by anti-DDoS CDN's provided by the company hosting the server.
- CoreISP.net Corporation -
 WebHosting, Colocation, Domain Registration & Network Services
- DedicatedBox.us Servers -
 Low priced Servers in a high-quality Network, the place for all your (advanced) server needs.
 We specialize in hosting big boards. Contact us!

((U + C + I)x(10 − S)) / 20xAx1 / (1 − sin(F / 10))
President/CEO of Simple Machines - Server Manager
Please do not PM for support - anything else is usually OK.

Offline Mr. Lee

  • Newbie
  • *
  • Posts: 6
Re: SMF 2.0.11 being hacked?
« Reply #6 on: June 05, 2016, 04:48:07 PM »
Yes all online members who are on at the time show with that Romanian ip address, thank you for the suggestions, I will try to look into them but so far I have not seen either of those in any of the code I have searched.

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 58,316
  • Gender: Male
    • Kindred-999 on GitHub
Re: SMF 2.0.11 being hacked?
« Reply #7 on: June 05, 2016, 05:03:38 PM »
As one note...  You should,generally, not ban accounts by ip
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

Offline Mr. Lee

  • Newbie
  • *
  • Posts: 6
Re: SMF 2.0.11 being hacked?
« Reply #8 on: June 05, 2016, 05:16:58 PM »
We generally don't, we only ban those from a couple of countries where the majority of spammers seem to be from.

Offline CoreISP

  • Server Admin
  • Server Team
  • SMF Super Hero
  • *
  • Posts: 17,880
  • Gender: Male
  • CoreISP.net
    • liroyvh on LinkedIn
    • @liroyvh on Twitter
    • CoreISP Corporation :: WebHosting, Dedicated Servers, and more!
Re: SMF 2.0.11 being hacked?
« Reply #9 on: June 05, 2016, 05:51:53 PM »
That IP is from a server provider judging by the whois data, so I'd have a chat with your host.
- CoreISP.net Corporation -
 WebHosting, Colocation, Domain Registration & Network Services
- DedicatedBox.us Servers -
 Low priced Servers in a high-quality Network, the place for all your (advanced) server needs.
 We specialize in hosting big boards. Contact us!

((U + C + I)x(10 − S)) / 20xAx1 / (1 − sin(F / 10))
President/CEO of Simple Machines - Server Manager
Please do not PM for support - anything else is usually OK.

Offline Mr. Lee

  • Newbie
  • *
  • Posts: 6
Re: SMF 2.0.11 being hacked?
« Reply #10 on: June 05, 2016, 05:59:50 PM »
I have an email into them already, thank you, if it is only that then that would be great.