SMF 2.0.18 has been released! Please update. Read more.
Started by jblazeofek, May 11, 2009, 08:05:23 AM
Quote from: chrishicks on May 11, 2009, 08:39:04 AMNice write up. I have been using Stop Spammer for a while now and added the Anti-Spam Verification Questions mod (http://custom.simplemachines.org/mods/index.php?mod=1516 ) a few months back. Would you say ReCaptcha would be a better measure as in comparison to the ASVQ mod as I can't add ReCaptcha without manual edits?
Quote from: Granular on May 11, 2009, 09:54:03 AMGreat info, thanks.Just wondered if you need to revoke these permissions for ALL membergroups, if any additional groups (over and above Regular Memebers) need to be administered by me? Didn't realise there was a spate of attacks so glad I checked in!CheersG
Quote from: Dzonny on May 11, 2009, 11:00:21 AMGreat Tips JBlaze, thanks...
Quote from: busterone on May 11, 2009, 11:24:53 AMGood post. I have always been wary of allowing avatar and attachment uploads by members because of this. I was not certain that an exploit was there, but always wondered and went to the cautious side of things. I am certainly glad I did. It seems this guy(or group) has wreaked much havoc. I can't help but wonder how many more, maybe hundreds, that have not posted or searched here for answers.
Quote from: confusion on May 11, 2009, 07:19:45 PMI highly recommend using the suhosin module with php. It appears to have prevented the this attack on all of my forums (though I'm not certain how it helped).
Quote from: nina-nina on May 11, 2009, 08:42:59 PMI have not open my forum yet. It is the first time for me with forums. Actually, I was just today setting permissions etc. I am a little confused with "uploadable" avatars, "remote avatars" "attachment" spammers, etc.So, I would really appreciate if you clarify where and what in the Admin panel I have to check/uncheck in order to make the forum safer.Are you recommending not to allow members to have avatars and not to post attachemen ts?
Quote from: oakview on May 12, 2009, 01:02:13 AMSuhosin explanation here -> http://www.hardened-php.net/suhosin/index.html
Quote from: Dzonny on May 12, 2009, 09:07:07 AMDoes smf 1.1.8. have some avatar uploads security risk, or is there some known bugs or smth about this?