Advertisement:

Author Topic: Board being hacked  (Read 3254 times)

Offline Alexandre P.

  • SMF Friend
  • SMF Hero
  • *
  • Posts: 2,044
  • Gender: Male
    • LivreSansPage
Board being hacked
« on: June 04, 2004, 06:59:54 PM »
http://www.simplemachines.org/community/index.php?topic=12009.0

His board is being hacked since 3 days.  A hacker (and it is sure it is a person, because the admin is alerted by the hacker) deletes a member of Percherie's board per day, in alphabetical order.

The admins passwords are hard to find (letters + numbers + special caracters).  Since the members list is not publicly availible (you must be a member in order to see it), the hacker is probably or has been a member of Percherie's community.

The questions:
- Does SMF Beta 5 has some kind of security hole concerning this problem?

- Is there a way to include the member deletion in the moderation log, particularly if it is not an admin who perform the deletion?

- Is there a way to get the password errors with admins account in the moderation log?

The forum: http://afterfree.eurower.net/
If you (especially Unknown) need Percherie to communicate his FTP/admin account and password, just say it and he will communicate with you ;)

Thanks in advance for you help.
Aucun support par M.P., courriel ou messagerie instantanée / No support by P.M., email or I.M.

Offline Grudge

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 10,742
  • Gender: Male
  • Unofficial nuisance
Re: Board being hacked
« Reply #1 on: June 04, 2004, 07:24:08 PM »
Firstly, there are no known bugs about this.

Secondly, get him to check his error log. His whole error log for ANYTHING suspecious.

Thirdly, as a troubleshooting measure get him to modify this code. Open ManageMembers.php and find this:
Code: [Select]
function deleteMembers($users)
{
global $db_prefix, $sourcedir, $modSettings;

Afterwards tell him to add this:
Code: [Select]
global $user_info;

if (!is_array($users))
log_error($users . ' has has his account deleted. It was deleted by ' . $user_info['name'] . ' (ip: ' . $user_info['ip'] . ')');
else
log_error(implode(',' $users) . ' have had their accounts deleted. It was deleted by ' . $user_info['name'] . ' (ip: ' . $user_info['ip'] . ')');

After making the changes above all deleting events will be in the error log - with the members name and IP address who did it. This will be a great help. Please let us know of any future developments - in particular feel free to PM myself and Unknown about any concerns they may have.
« Last Edit: June 04, 2004, 07:25:41 PM by Grudge »
I'm only a half geek really...

Offline Alexandre P.

  • SMF Friend
  • SMF Hero
  • *
  • Posts: 2,044
  • Gender: Male
    • LivreSansPage
Re: Board being hacked
« Reply #2 on: June 04, 2004, 08:19:30 PM »
Ok, transmitting :)
Aucun support par M.P., courriel ou messagerie instantanée / No support by P.M., email or I.M.