The Joomla! Forum ™





Post new topic Reply to topic  [ 4 posts ] 
Author Message
PostPosted: Wed Jul 19, 2006 5:09 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Fri Jun 30, 2006 3:11 am
Posts: 14
One of my sites got hacked by the Turkish guy  and I'm almost sure it was thru  SMF since all the forum-related modules and the bridge are not working properly and forum  itself is down after I uploaded a fresh Joomla installation and re-created the configuration.php file. 

I'll will run the last backup since somehow when restoring I lost all the comments made with ako comment. But my concern is that this can happen again, so I have 2 questions:

1- Is there any secure forum component?  (I was reading this list:  http://www.torkiljohnsen.com/2006/07/19/mambo-and-joomla-exposed-as-script-kiddies-have-their-summer-holidays/ and it seems that all are weak

2- If you recommend a different forum software, there is a way to migrate  users/posts from SMF??

Thank you.


Top
 Profile  
 
PostPosted: Wed Jul 19, 2006 5:12 pm 
User avatar
Joomla! Hero
Joomla! Hero

Joined: Fri Aug 19, 2005 2:23 pm
Posts: 2230
Location: The Netherlands
Well.. you can easily make your SMF bridge secure.
Open /components/com_smf/smf.php

Replace:
Code:
//This helps Mambo allow posts with HTML.  Please note that this does not necessarily work with all installations.
if (!defined('_MOS_ALLOWHTML'))
   define('_MOS_ALLOWHTML', 0x0002);

with:
Code:

defined( '_VALID_MOS' ) or die( 'Restricted access' );

//This helps Mambo allow posts with HTML.  Please note that this does not necessarily work with all installations.
if (!defined('_MOS_ALLOWHTML'))
   define('_MOS_ALLOWHTML', 0x0002);


Second, turn register globals off.

_________________
Adam van Dongen - Developer

- Blocklist, ODT Indexer, EasyFAQ, Easy Guestbook, Easy Gallery, YaNC & Redirect -
http://www.joomla-addons.org - http://www.bandhosting.nl


Top
 Profile  
 
PostPosted: Wed Jul 19, 2006 5:19 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Fri Jun 30, 2006 3:11 am
Posts: 14
Thanks a lot for the reply, that for sure saves a lot of work.

I'll implement it right now.


Top
 Profile  
 
PostPosted: Fri Jul 21, 2006 1:01 pm 
User avatar
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Thu Aug 18, 2005 8:08 am
Posts: 161
Location: The Netherlands
Next time go to the developers website, in this case the support forum for the smf bridge is here (as mentioned on the  Joomla extensions page);

http://www.simplemachines.org/community ... .php?f=7.0

This security problem was addressed there a few days ago.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 



Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group