Reverend greed Help

[silentfreak]

My board is being hacked for 3 days now.  A hacker (and I am sure it is a person, because as the admin I am alerted by the hacker) deletes a member of my board per day, in alphabetical order.

The admins passwords are hard to find (letters + numbers + special caracters).  Since the members list is not publicly availible (you must be a member in order to see it), the hacker is probably or has been a member of my community.

The questions --

- Does SMF have some kind of security hole concerning this problem?

- Is there a way to include the member deletion in the moderation log, particularly if it is not an admin who perform the deletion?

- Is there a way to get the password errors with admins account in the moderation log?

If you need my FTP/admin account and password, just say it and I will communicate with you via PM.

[Reverend Greed]

Why me?

[Devilz212]

The hacker is obviously one of the best hackers ever. It's only going to get worse and worse, duh, and there is nothing you can do about it! That's why you should hate hackers. Hackers ruin our country. Hackers. Hackers. Blah, blah, blah.

Shut up, will you? I'm sick of people using the word "hacker" is such false ways. You're making your self sound like a complete idiot. Learn how to read your own logs. Look through the HTTP requests your web server recieved to get a better understanding of what exactly happened. As long as your running the current release of SMF, no, there aren't going to be any huge security holes (discluding zero-days).

Yeah, sure. I'll take an FTP account. I could use one for my warez. </sarcasim>.

[Reverend Greed]

Devilz212 is exactly correct.  Thank you, Devilz212.  There's a huge difference between a hacker and a prankster.  CNN tells society that my dick can hack, but that doesn't mean it's true.

What does your error logs say for SMF?  Also, are you utilizing a host?  If so, obtain logs from them.  Please post this at time of your issue.  Also, bugtraq reports no issues as you describe.  Unless you can you give me exact details that will allow me to duplicate the hack, then your post is completely silly.  Let me know.

[Devilz212]

Reverend Greed, I think what you mean to ask is if he is having someone else host the site for him . Also, you just agreed with me and then went ahead and called it a "hack".

[Reverend Greed]

No.  I am not sure if it is a hack.  I was making a sarcastic remark regarding CNN and the media as a whole in how hacking is defined. 

And, the duplication remark was towards the symantics.

[silentfreak]

I understand Devil.  I am not making myself out to be an idiot.  Your an idiot for thinking that when I'm merely asking for help.  Sorry for not possessing your knowledge on the matter but what I originally posted it happening.  I am asking for help not critism, asshole.

[Reverend Greed]

What SMF version are you using?

[silentfreak]

I'm using 1.0

[Reverend Greed]

Do you have a problem with modifying your forum code for my benefit?

[Devilz212]

silentfreak, the way you worded your question won't gain you much respect around here.

I'm still waiting for murd0c to make a comment.

[silentfreak]

silentfreak, the way you worded your question won't gain you much respect around here.

I'm still waiting for murd0c to make a comment.

Respect wasn't my goal unless you are affiliated with a gang or something.

You're waiting for someone else to comment?  I think that says a lot about your endeavors.


Reverend Greed, I don't mind.  What's up?

[Reverend Greed]

Okay.  As a troubleshooting measure I want you to modify this code. Open ManageMembers.php and find this:

Code: [Select]

function deleteMembers($users)
{
global $db_prefix, $sourcedir, $modSettings;
Afterwards add this:

Code: [Select]

global $user_info;

if (!is_array($users))
log_error($users . ' has his account deleted. It was deleted by ' . $user_info['name'] . ' (ip: ' . $user_info['ip'] . ')');
else
log_error(implode(',' $users) . ' have had their accounts deleted. It was deleted by ' . $user_info['name'] . ' (ip: ' . $user_info['ip'] . ')');
After making the changes above all deleting events will be in the error log - with the members name and IP address of who did it. This will be a great help. Please let me know of any future developments and post it in this thread so I can analyze.

[rbcp]

What if the hacker (yes, hacker) is bypassing SMF altogether and just modifying the MySQL file directly?  Maybe he doesn't have your SMF password.  He has your hosting password or MySQL database password.  Or he's just hax0red your host and has access to all the host's sites.

By the way, where's your board?

[CountyKid]

This is surely the most exciting thing that will happened on here this month.


  I am glued to my computer, waiting for the next batch of 1337 0-dai inf0z.