Hacked (SMF bridge): there is any secure forum?

For all Non-Joomla! security issues. ie 3pd Components etc.

Moderator: General Support Moderators

adris72
Joomla! Apprentice
Joomla! Apprentice
Posts: 14
Joined: Fri Jun 30, 2006 3:11 am

Hacked (SMF bridge): there is any secure forum?

Postby adris72 » Wed Jul 19, 2006 5:09 pm

One of my sites got hacked by the Turkish guy  and I'm almost sure it was thru  SMF since all the forum-related modules and the bridge are not working properly and forum  itself is down after I uploaded a fresh Joomla installation and re-created the configuration.php file. 

I'll will run the last backup since somehow when restoring I lost all the comments made with ako comment. But my concern is that this can happen again, so I have 2 questions:

1- Is there any secure forum component?  (I was reading this list:  http://www.torkiljohnsen.com/2006/07/19/mambo-and-joomla-exposed-as-script-kiddies-have-their-summer-holidays/ and it seems that all are weak

2- If you recommend a different forum software, there is a way to migrate  users/posts from SMF??

Thank you.

User avatar
Websmurf
Joomla! Hero
Joomla! Hero
Posts: 2230
Joined: Fri Aug 19, 2005 2:23 pm
Location: The Netherlands
Contact:

Re: Hacked (SMF bridge): there is any secure forum?

Postby Websmurf » Wed Jul 19, 2006 5:12 pm

Well.. you can easily make your SMF bridge secure.
Open /components/com_smf/smf.php

Replace:

Code: Select all

//This helps Mambo allow posts with HTML.  Please note that this does not necessarily work with all installations.
if (!defined('_MOS_ALLOWHTML'))
   define('_MOS_ALLOWHTML', 0x0002);

with:

Code: Select all


defined( '_VALID_MOS' ) or die( 'Restricted access' );

//This helps Mambo allow posts with HTML.  Please note that this does not necessarily work with all installations.
if (!defined('_MOS_ALLOWHTML'))
   define('_MOS_ALLOWHTML', 0x0002);


Second, turn register globals off.
Adam van Dongen - Developer

- Blocklist, ODT Indexer, EasyFAQ, Easy Guestbook, Easy Gallery, YaNC & Redirect -
http://www.joomla-addons.org - http://www.bandhosting.nl

adris72
Joomla! Apprentice
Joomla! Apprentice
Posts: 14
Joined: Fri Jun 30, 2006 3:11 am

Re: Hacked (SMF bridge): there is any secure forum?

Postby adris72 » Wed Jul 19, 2006 5:19 pm

Thanks a lot for the reply, that for sure saves a lot of work.

I'll implement it right now.

User avatar
hvanleeuwen
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 161
Joined: Thu Aug 18, 2005 8:08 am
Location: The Netherlands

Re: Hacked (SMF bridge): there is any secure forum?

Postby hvanleeuwen » Fri Jul 21, 2006 1:01 pm

Next time go to the developers website, in this case the support forum for the smf bridge is here (as mentioned on the  Joomla extensions page);

http://www.simplemachines.org/community ... .php?f=7.0

This security problem was addressed there a few days ago.


Return to “3rd Party/Non Joomla! Security Issues”

Who is online

Users browsing this forum: No registered users and 2 guests