PLA Forums
Other Stuff That Has Little To Do With PLA => Techinical Shit => Technical Support => Topic started by: silentfreak on August 30, 2006, 09:33:26 PM
-
My board is being hacked for 3 days now. A hacker (and I am sure it is a person, because as the admin I am alerted by the hacker) deletes a member of my board per day, in alphabetical order.
The admins passwords are hard to find (letters + numbers + special caracters). Since the members list is not publicly availible (you must be a member in order to see it), the hacker is probably or has been a member of my community.
The questions --
- Does SMF have some kind of security hole concerning this problem?
- Is there a way to include the member deletion in the moderation log, particularly if it is not an admin who perform the deletion?
- Is there a way to get the password errors with admins account in the moderation log?
If you need my FTP/admin account and password, just say it and I will communicate with you via PM.
-
Why me?
-
The hacker is obviously one of the best hackers ever. It's only going to get worse and worse, duh, and there is nothing you can do about it! That's why you should hate hackers. Hackers ruin our country. Hackers. Hackers. Blah, blah, blah.
Shut up, will you? I'm sick of people using the word "hacker" is such false ways. You're making your self sound like a complete idiot. Learn how to read your own logs. Look through the HTTP requests your web server recieved to get a better understanding of what exactly happened. As long as your running the current release of SMF, no, there aren't going to be any huge security holes (discluding zero-days).
Yeah, sure. I'll take an FTP account. I could use one for my warez. </sarcasim>.
-
Devilz212 is exactly correct. Thank you, Devilz212. There's a huge difference between a hacker and a prankster. CNN tells society that my dick can hack, but that doesn't mean it's true.
What does your error logs say for SMF? Also, are you utilizing a host? If so, obtain logs from them. Please post this at time of your issue. Also, bugtraq reports no issues as you describe. Unless you can you give me exact details that will allow me to duplicate the hack, then your post is completely silly. Let me know.
-
Reverend Greed, I think what you mean to ask is if he is having someone else host the site for him ;). Also, you just agreed with me and then went ahead and called it a "hack".
-
No. I am not sure if it is a hack. I was making a sarcastic remark regarding CNN and the media as a whole in how hacking is defined.
And, the duplication remark was towards the symantics.
-
I understand Devil. I am not making myself out to be an idiot. Your an idiot for thinking that when I'm merely asking for help. Sorry for not possessing your knowledge on the matter but what I originally posted it happening. I am asking for help not critism, asshole.
-
What SMF version are you using?
-
I'm using 1.0
-
Do you have a problem with modifying your forum code for my benefit?
-
silentfreak, the way you worded your question won't gain you much respect around here.
I'm still waiting for murd0c to make a comment.
-
silentfreak, the way you worded your question won't gain you much respect around here.
I'm still waiting for murd0c to make a comment.
Respect wasn't my goal unless you are affiliated with a gang or something.
You're waiting for someone else to comment? I think that says a lot about your endeavors.
Reverend Greed, I don't mind. What's up?
-
Okay. As a troubleshooting measure I want you to modify this code. Open ManageMembers.php and find this:
function deleteMembers($users)
{
global $db_prefix, $sourcedir, $modSettings;
Afterwards add this:
global $user_info;
if (!is_array($users))
log_error($users . ' has his account deleted. It was deleted by ' . $user_info['name'] . ' (ip: ' . $user_info['ip'] . ')');
else
log_error(implode(',' $users) . ' have had their accounts deleted. It was deleted by ' . $user_info['name'] . ' (ip: ' . $user_info['ip'] . ')');
After making the changes above all deleting events will be in the error log - with the members name and IP address of who did it. This will be a great help. Please let me know of any future developments and post it in this thread so I can analyze.
-
What if the hacker (yes, hacker) is bypassing SMF altogether and just modifying the MySQL file directly? Maybe he doesn't have your SMF password. He has your hosting password or MySQL database password. Or he's just hax0red your host and has access to all the host's sites.
By the way, where's your board?
-
This is surely the most exciting thing that will happened on here this month.
I am glued to my computer, waiting for the next batch of 1337 0-dai inf0z.
-
What if the hacker (yes, hacker) is bypassing SMF altogether and just modifying the MySQL file directly? Maybe he doesn't have your SMF password. He has your hosting password or MySQL database password. Or he's just hax0red your host and has access to all the host's sites.
By the way, where's your board?
It's not public. It's on my employer's intranet - we use the forum for internal support issues and questions regarding benefits. This is a new medium and I'm trying to make it work.
-
Wow, if that's the case then RBCP is correct. It appears you have an intruder and I hope you're not the Admin.
-
Wow, if that's the case then RBCP is correct. It appears you have an intruder and I hope you're not the Admin.
Ha! Gee thanks a lot. No I'm not, I have been assigned to a project and I'm trying to make it work. Thank you very much for your time, you've given me valuable information.
With that in mind I have invited a few others to this forum who need help with things. I hope you don't mind as they pick your brain.
-
I have also asked questions in regard to the Reverend's knowing of computer support terminal help problems??
Where do I access vmb?? Japanses interests control nigera prince Liota need help soon as form of money??