News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

Board being hacked

Started by Alexandre P., June 04, 2004, 06:59:54 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Alexandre P.

June 04, 2004, 06:59:54 PM
http://www.simplemachines.org/community/index.php?topic=12009.0

His board is being hacked since 3 days.  A hacker (and it is sure it is a person, because the admin is alerted by the hacker) deletes a member of Percherie's board per day, in alphabetical order.

The admins passwords are hard to find (letters + numbers + special caracters).  Since the members list is not publicly availible (you must be a member in order to see it), the hacker is probably or has been a member of Percherie's community.

The questions:
- Does SMF Beta 5 has some kind of security hole concerning this problem?

- Is there a way to include the member deletion in the moderation log, particularly if it is not an admin who perform the deletion?

- Is there a way to get the password errors with admins account in the moderation log?

The forum: http://afterfree.eurower.net/
If you (especially Unknown) need Percherie to communicate his FTP/admin account and password, just say it and he will communicate with you ;)

Thanks in advance for you help.
Aucun support par M.P., courriel ou messagerie instantanée / No support by P.M., email or I.M.

Grudge

#1
June 04, 2004, 07:24:08 PM Last Edit: June 04, 2004, 07:25:41 PM by Grudge
Firstly, there are no known bugs about this.

Secondly, get him to check his error log. His whole error log for ANYTHING suspecious.

Thirdly, as a troubleshooting measure get him to modify this code. Open ManageMembers.php and find this:
Code Select

function deleteMembers($users)
{
global $db_prefix, $sourcedir, $modSettings;


Afterwards tell him to add this:
Code Select

global $user_info;

if (!is_array($users))
log_error($users . ' has has his account deleted. It was deleted by ' . $user_info['name'] . ' (ip: ' . $user_info['ip'] . ')');
else
log_error(implode(',' $users) . ' have had their accounts deleted. It was deleted by ' . $user_info['name'] . ' (ip: ' . $user_info['ip'] . ')');


After making the changes above all deleting events will be in the error log - with the members name and IP address who did it. This will be a great help. Please let us know of any future developments - in particular feel free to PM myself and Unknown about any concerns they may have.
I'm only a half geek really...

Alexandre P.

#2
June 04, 2004, 08:19:30 PM
Ok, transmitting :)
Aucun support par M.P., courriel ou messagerie instantanée / No support by P.M., email or I.M.
Print
Go Up Pages1
User actions
Advertisement: