Author Topic: smf user site hacked and links  (Read 9006 times)

0 Members and 1 Guest are viewing this topic.

Offline jraju

  • Hero Member
  • *****
  • Join Date: Feb 2013
  • Posts: 2323
  • Location: india
  • Karma: 17
    • View Profile
smf user site hacked and links
« on: May 29, 2014, 08:44:33 pm »
Hi,
        When i search for heart bleed, there was some links shown in google and one such site is avastweb forum.
           When i clicked the link, it was shocking to know that the avast web forum has been hacked totally and with the message that they will start a fresh forum. It was reported that all the email link discussion have been totally hacked
               I have tried to go to the avast web site, and it is safe. i wrote to them about the useful links about this  and i am enclosing the same to this site , as they are using the smf platform.
                       In the year 2013. the famous my digital life forum was hacked and it was restored immediately as, it was following vbulletin format. The site was restored in record time and only thing that the concern was to change to the password for future safe.
                       Please see the attached file with links and comment
The Bottom line is "Check your hardware first if it supports the task you try".

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: smf user site hacked and links
« Reply #1 on: May 30, 2014, 11:37:24 am »
Thanks for the links.

The first link is from 2009
http://www.simplemachines.org/community/index.php?topic=313201.0

And is to fix the bugs in those older versions, I currently make sure to always run the current version of their software :-)

Again some of the links are very old and are folder older versions of the forum
2009 as well
http://it.toolbox.com/blogs/managing-infosec/simple-machines-forum-software-hacked-31625
and
http://www.simplemachines.org/community/index.php?topic=307717.140


Simple machines has plugged all those holes and is why I always use the newest versions :-)

As for the avast forums, they where not smart. They where running outdated version of the software, which in all the release notes since that version in 2012 they talked about security holes being plugged. It is avasts fault for not keeping their stuff up to date :-)

Quote
They had not updated the forum software.
They had run SMF 2.0.3 – released in 2012.
But currently version 2.0.7 is released.

But another user says they where on 2.0.6 which had the bug and was fixed in 2.0.7 but they didnt update

Quote

Guys, please don’t jump to conclusions so easily.

The forum was running SMF version 2.0.6 at the time the attack occured. There was a RCE vulnerability in this version through which the attacker got in. The vulnerability was fixed in v2.0.7 although the fact wasn’t properly marked in the SMF changelog and/or new version announcement.

We are now in touch with SMF authors and investigating further.

Thanks for your support so far — we hope to have the forum up’n’running again soon!

Thanks
vlk

Shane

Offline jraju

  • Hero Member
  • *****
  • Join Date: Feb 2013
  • Posts: 2323
  • Location: india
  • Karma: 17
    • View Profile
Re: smf user site hacked and links
« Reply #2 on: May 30, 2014, 09:12:16 pm »
Hi, Thanks for more information on the subject. My sincere hope is that this should not happen to any other site using smf.
               I sent a request for mod for solved, but i have not got any reply from them.
               Could you thro some light on "Heart Bleed virus". could it affect individual pcs?
                     Did you see the my digital life link. I enclosed. Not updated vbulletin is the problem they faced, with which the hackers attacked the site, and they got cure which is embedded in the program as super administrator getting back all the controls from the hacker.
The Bottom line is "Check your hardware first if it supports the task you try".

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: smf user site hacked and links
« Reply #3 on: May 30, 2014, 09:47:06 pm »
Quote
Could you thro some light on "Heart Bleed virus". could it affect individual pcs?

No that is only with sites that where using a outdated version of SSL :-)

Shane

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: smf user site hacked and links
« Reply #4 on: June 18, 2014, 01:27:49 pm »
Just in case you wanted to know an update

http://www.simplemachines.org/community/index.php?topic=523494.0

And avast is still using Simple Machine Forums now. So looks like it wasnt the forums that had the hole but a admin account that someone had access to.

Shane