[SOLVED] Hacked Again? (SMF)

For all Non-Joomla! security issues. ie 3pd Components etc.

Moderator: General Support Moderators

Forum rules
Locked
User avatar
Joo
Joomla! Intern
Joomla! Intern
Posts: 67
Joined: Fri Nov 25, 2005 2:49 pm

[SOLVED] Hacked Again? (SMF)

Post by Joo » Wed Jul 19, 2006 2:48 pm

A couple of days ago, I was hacked through SMF just one day after forum setup. The hacker got in through some some dirs which had permission 777. I fixed it and everything was working as it should. Today, when I clicked the menu link for the forum, the page began to flicker and I could see on status bar it was requestion a page repeadetly. Then it all stops and all what's left to see is the header part (of Joomla!). Everything else is blank. No forum. The strange thing here is that this happens only in IE, not in Firefox. But how could this happen if no one has altered anything since I left working fine? anyone here experiencing the same problem? I went through my directoris and files and couldn't find anything suspicious.
Last edited by Joo on Sun Jul 23, 2006 1:37 pm, edited 1 time in total.
http://www.webdesigngold.com
Web Design Resources

mauri
Joomla! Intern
Joomla! Intern
Posts: 64
Joined: Mon Aug 22, 2005 6:47 pm

Re: Hacked Again? (SMF)

Post by mauri » Wed Jul 19, 2006 4:16 pm

Can you give this site URL

here or PM

User avatar
drummergirl
Joomla! Explorer
Joomla! Explorer
Posts: 322
Joined: Wed Feb 22, 2006 9:51 pm
Location: Illinois
Contact:

Re: Hacked Again? (SMF)

Post by drummergirl » Wed Jul 19, 2006 5:54 pm

Check your index page and make sure you have the correct code inserted for SMF to work with IE:



I had this problem last week and it was becasue I had accidentally removed that line of code. 

User avatar
RobS
Joomla! Ace
Joomla! Ace
Posts: 1366
Joined: Mon Dec 05, 2005 10:17 am
Location: New Orleans, LA, USA
Contact:

Re: Hacked Again? (SMF)

Post by RobS » Wed Jul 19, 2006 6:32 pm

Bleh.  That is a bad line of code.  $GLOBALS should not be used anymore.  It is deprecated and insecure.  Is this a hack to the component or something that comes with it?
Rob Schley - Open Source Matters
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions

User avatar
drummergirl
Joomla! Explorer
Joomla! Explorer
Posts: 322
Joined: Wed Feb 22, 2006 9:51 pm
Location: Illinois
Contact:

Re: Hacked Again? (SMF)

Post by drummergirl » Wed Jul 19, 2006 6:37 pm

Yeah - I was just about to post back and say I discovered Orstio has new update to the bridge:

http://www.simplemachines.org/community ... ic=97649.0

The new bridge (1.1.5a) does not require that code in the template anymore.

I'm updating my site with it right now...

User avatar
Joo
Joomla! Intern
Joomla! Intern
Posts: 67
Joined: Fri Nov 25, 2005 2:49 pm

Re: Hacked Again? (SMF)

Post by Joo » Thu Jul 20, 2006 10:05 am

I have the latest versions of everything.
Sorry, I don't want to post the site in public yet. I've sent the url to you Mauri.
I'm beginning to believe this issue has to do with my Gallery2 installation. Which was made after SMF. So I didn't tell the whole truth about nothing had been changed. In fact, I tried this solution and at ONE occasion it worked, then stopped working again.
http://www.webdesigngold.com
Web Design Resources

mauri
Joomla! Intern
Joomla! Intern
Posts: 64
Joined: Mon Aug 22, 2005 6:47 pm

Re: Hacked Again? (SMF)

Post by mauri » Thu Jul 20, 2006 10:28 am

I test your site with IE 6 browser and it works well , foorum too.  :D
Now Iam job. When I come home I try test more with my home PC, .
I am thinking if it´s Your IE browser something wrong.
Mauri

User avatar
Joo
Joomla! Intern
Joomla! Intern
Posts: 67
Joined: Fri Nov 25, 2005 2:49 pm

Re: Hacked Again? (SMF)

Post by Joo » Thu Jul 20, 2006 11:55 am

Thanks Mauri for ckecking it for me. I did ask a friend to test it and he said he had the same problem as I did. However, now when you said it's working, I asked him to check again and it's working (after some flickering he said). I believe the tweek I did helped after all. But somehow, not when viewd with my computer. I'm using the latest IE 6 and service pack 2. I do have many issues with Joomla admin panel that are javascript related. In Firefox there aren't such problems.
http://www.webdesigngold.com
Web Design Resources

mauri
Joomla! Intern
Joomla! Intern
Posts: 64
Joined: Mon Aug 22, 2005 6:47 pm

Re: Hacked Again? (SMF)

Post by mauri » Thu Jul 20, 2006 1:25 pm

I send you PM

mauri
Joomla! Intern
Joomla! Intern
Posts: 64
Joined: Mon Aug 22, 2005 6:47 pm

Re: Hacked Again? (SMF)

Post by mauri » Thu Jul 20, 2006 2:49 pm

Maybe there are CSS conflict , Joomla template CSS and SMF style CSS.

User avatar
Joo
Joomla! Intern
Joomla! Intern
Posts: 67
Joined: Fri Nov 25, 2005 2:49 pm

Re: Hacked Again? (SMF)

Post by Joo » Sun Jul 23, 2006 1:37 pm

Problem solved! And believe it or not, that "deprecated" line of code that drummergirl mentionned did fix the problem. It was Orstio back at SMF forums who told me to add it. That, despite of him saying in the bridge's thread that for Joomla!, you don't need to add it. Only for Mambo.
Thanks to all who tried to help.
Last edited by Joo on Sun Jul 23, 2006 2:16 pm, edited 1 time in total.
http://www.webdesigngold.com
Web Design Resources

troyDoogle7
Joomla! Apprentice
Joomla! Apprentice
Posts: 19
Joined: Wed Oct 12, 2005 5:16 pm

Re: [SOLVED] Hacked Again? (SMF)

Post by troyDoogle7 » Sun Jul 23, 2006 1:51 pm

I would love their to be an auto update feature for addons. I hope this will be included in 1.5 . I have had to disable all smf componets on my site. Its a pain, but they weren't adding much to the site anyway.

User avatar
drummergirl
Joomla! Explorer
Joomla! Explorer
Posts: 322
Joined: Wed Feb 22, 2006 9:51 pm
Location: Illinois
Contact:

Re: [SOLVED] Hacked Again? (SMF)

Post by drummergirl » Sun Jul 23, 2006 1:58 pm

FYI - I still need to use that code in my templates as well.  Even with all the latest updates.  I will report this to Orstio.

User avatar
Joo
Joomla! Intern
Joomla! Intern
Posts: 67
Joined: Fri Nov 25, 2005 2:49 pm

Re: [SOLVED] Hacked Again? (SMF)

Post by Joo » Sun Jul 23, 2006 2:18 pm

Now I really need to know how bad that line of code is.. Does it compromise the site security in general? Is there a better option instead of using it? Thanks.
http://www.webdesigngold.com
Web Design Resources

troyDoogle7
Joomla! Apprentice
Joomla! Apprentice
Posts: 19
Joined: Wed Oct 12, 2005 5:16 pm

Re: [SOLVED] Hacked Again? (SMF)

Post by troyDoogle7 » Sun Jul 23, 2006 3:15 pm

The guys script opened a terminal onto my server and full read write/ rename access to everything on the server. 

mauri
Joomla! Intern
Joomla! Intern
Posts: 64
Joined: Mon Aug 22, 2005 6:47 pm

Re: [SOLVED] Hacked Again? (SMF)

Post by mauri » Wed Jul 26, 2006 3:42 pm

drummergirl wrote: FYI - I still need to use that code in my templates as well.  Even with all the latest updates.  I will report this to Orstio.
Have you get answer. Must we use that row in newest SMF  + bridge ?

Kindred
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 182
Joined: Thu Aug 18, 2005 8:43 pm
Contact:

Re: [SOLVED] Hacked Again? (SMF)

Post by Kindred » Wed Jul 26, 2006 6:37 pm

SOME servers still require that line of code to be added in the joomla template. The bridge readme indicates that...

If you are using SMF 1.1RC2 and bridge 1.1.5a, there should be no security risk.
If you are not using 1.1.5a, then you should upgrade asap.


TroyDoogle,

Why did you have to unpublish all of your smf modules?  I have every single SMF module working properly with 1.1.5a of the bridge (although you will have to use the update versions. The versions from the 3.19a era bridge will not work with 1.1.3 or above)

mauri
Joomla! Intern
Joomla! Intern
Posts: 64
Joined: Mon Aug 22, 2005 6:47 pm

Re: [SOLVED] Hacked Again? (SMF)

Post by mauri » Wed Jul 26, 2006 6:58 pm

OK
I gues, if you use Joomla 1.0.10 and SMF-bridge 1.5.0a, that row .. uses Joomla emulation $globals.. and it´s safe.
It would be nice if Orstio comment, that it´s safe to use that row?

User avatar
drummergirl
Joomla! Explorer
Joomla! Explorer
Posts: 322
Joined: Wed Feb 22, 2006 9:51 pm
Location: Illinois
Contact:

Re: [SOLVED] Hacked Again? (SMF)

Post by drummergirl » Wed Jul 26, 2006 10:20 pm

Orstio just replied to my post at SMF and it is NOT a security risk to keep that code in the template. 


Locked

Return to “3rd Party/Non Joomla! Security Issues”