hacked AGAIN!

[climber]

don't understand this at all. this is the second time in a month that one of my sites using SMF has been hacked. here is the email I got from my ISP today:

--------------

The domain "nebikes.com" may have been exploited and used to send infected links by virus/troyan via e-mail delivery.  As a result, the following files have been disabled:

public/Line.php
public/smf_bbs/Sources/Errors.php
public/smf_bbs/Sources/ManageMembers.php
public/smf_bbs/Sources/Post.php
public/smf_bbs/Sources/Profile.php
public/smf_bbs/Sources/Register.php
public/smf_bbs/Sources/Reminder.php
public/smf_bbs/Sources/SendTopic.php
public/smf_bbs/Sources/Subs-Auth.php
public/smf_bbs/Sources/Subs-Post.php
Please make sure any files you use on your site are secure.

-------------------

this is a clean version 1.0.7 install as well. This is NOT GOOD. I did the install just like instructed in the docs. any ideas how I can lock this down further?

--climber

[Trekkie101]

Line.php is not an SMF file.

What exact virus/exploit was used, could you please provide the access logs of the time of the incident

http://www.simplemachines.org/about/security.php

[climber]

Line.php is not an SMF file.

I know...

What exact virus/exploit was used, could you please provide the access logs of the time of the incident

apparently the site was being used as a spambot. they sent me a copy of the message that was being sent. don't think that would help you. I don't have access to the server log files, sorry.

I have uploaded fresh copies of all the files in the sources folder. my ISP had altered the permissions on the  fiels indicated so all I was able to do was to delete them. <sigh>

--climber

[Ben_S]

Without any access logs, it is impossible to determine if SMF was used for the exploit, ask your host for the relevent logs.