Anti-hack idea

H · maaliskuu 22, 2006, 12:37:40 IP

I had an idea which stemmed from the phpbb hack topic.

Unlike phpbb SMF still has the version at the bottom of every page.

While this is a great help when providing support it isn't practical from a security point of view.

The forum variable could be moved to settings.php (as this file normally has write access). Whenever an admin visits the SMF admin panel the server can fetch a file from simplemachines that specifies if the forum version the user is running suffers from a security bug.

If it does the forum version variable can be changed to just "SMF". This may be one way of stopping worms that search for specific versions of SMF

Trekkie101 · maaliskuu 22, 2006, 12:43:39 IP

Then when the search happens for ["SMF" -1.*] itll find only the forums with SMF and then itll know exactly which to compromise

H · maaliskuu 22, 2006, 12:47:37 IP

Lainaus käyttäjältä: Trekkie101 - maaliskuu 22, 2006, 12:43:39 IP
Then when the search happens for ["SMF" -1.*] itll find only the forums with SMF and then itll know exactly which to compromise

True. Looks like a flaw in the plan

Simple Machines Community Forum

Uutiset:

Anti-hack idea

H

Trekkie101

H