Joomla! Forum - community, help and support

Joomla! Community, help and support.
https://forum.joomla.org/

Hacked (SMF bridge): there is any secure forum?

https://forum.joomla.org/viewtopic.php?f=296&t=78359

Page 1 of 1

Hacked (SMF bridge): there is any secure forum?

Posted: Wed Jul 19, 2006 5:09 pm
by adris72
One of my sites got hacked by the Turkish guy  and I'm almost sure it was thru  SMF since all the forum-related modules and the bridge are not working properly and forum  itself is down after I uploaded a fresh Joomla installation and re-created the configuration.php file. 

I'll will run the last backup since somehow when restoring I lost all the comments made with ako comment. But my concern is that this can happen again, so I have 2 questions:

1- Is there any secure forum component?  (I was reading this list:  http://www.torkiljohnsen.com/2006/07/19 ... -holidays/ and it seems that all are weak

2- If you recommend a different forum software, there is a way to migrate  users/posts from SMF??

Thank you.

Re: Hacked (SMF bridge): there is any secure forum?

Posted: Wed Jul 19, 2006 5:12 pm
by Websmurf
Well.. you can easily make your SMF bridge secure.
Open /components/com_smf/smf.php

Replace:

Code: Select all

//This helps Mambo allow posts with HTML.  Please note that this does not necessarily work with all installations.
if (!defined('_MOS_ALLOWHTML'))
	define('_MOS_ALLOWHTML', 0x0002);
with:

Code: Select all


defined( '_VALID_MOS' ) or die( 'Restricted access' );

//This helps Mambo allow posts with HTML.  Please note that this does not necessarily work with all installations.
if (!defined('_MOS_ALLOWHTML'))
	define('_MOS_ALLOWHTML', 0x0002);
Second, turn register globals off.

Re: Hacked (SMF bridge): there is any secure forum?

Posted: Wed Jul 19, 2006 5:19 pm
by adris72
Thanks a lot for the reply, that for sure saves a lot of work.

I'll implement it right now.

Re: Hacked (SMF bridge): there is any secure forum?

Posted: Fri Jul 21, 2006 1:01 pm
by hvanleeuwen
Next time go to the developers website, in this case the support forum for the smf bridge is here (as mentioned on the  Joomla extensions page);

http://www.simplemachines.org/community ... .php?f=7.0

This security problem was addressed there a few days ago.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/