My SMF Site Was Hacked - SMF Hacked Again

My Smf Site Hacked Smf Hacked Again - Web Design, Hosting, SEO, Client Help - Posted: 26th Aug, 2012 - 7:46pm

Register Login Text RPG Play Text RPG ?     New: 6 41 148 Why Join Help Register/Login via:Register/Login via:
Welcome Guest


+  1 2 3 
Posts: 17 - Views: 3248 Rating: 8/10 out of 7 Votes
Simple Machines
Post Date: 22nd Jul, 2012 - 12:16am / Post ID: #


Admin + Architect
*******
[?] CPosts: 36,420
Posts: 46,406
Avg: 8.6 Post(s) / Day
Activity: 100%
[+] Gain: 1,395.51 FP
Charm: 315

My SMF Site Was Hacked - SMF Hacked Again

My SMF Site Was Hacked - SMF Hacked Again

I titled this Thread like this because I sometimes see people post "help" Requests like this in SMF Help Wanted section due to their site being messed up by someone either known or unknown to them. Usually, the first inclination of the victim SMF user is to blame SMF's software, but here are some things to consider, see if any of them relate to your situation:

1. First, did you have the latest SMF, with all the updated patches / security fixes installed? You won't believe how many people still run massive sites using old software that has many bugs and security holes in it. It is very important to have the LATEST version of SMF installed on your site.

2. Are you are on cheap shared hosting? No matter how secure your SMF is if your host doesn't care much about security then people on other shared accounts can get to you that way, for that matter anyone that visits your site can as well. Stay away from shared hosting if you really care about your site. As a minimum go with VPS (Virtual private server) where you can at least dictate the server software you use and how it responds to requests. You may say that having a VPS or dedicated server is just too much money for you, well as they say "cheap things no good". Being online is a significant investment you need to have a reputable host AND be prepared to spend time ensuring your account with them cannot be compromised.

3. Are you giving out your passwords? I often tell my clients to change passwords often because they are susceptible to being picked at from Emails. You should also choose a password that is not a birth date, your name, etc. See here: Source 3 then you may ask well how will anyone see my password from my Email and that brings us to #4 below.

4. Is your computer secure? Someone can be logging your computer key strokes or spying with you if:
-- You do not have a very good firewall installed.
-- You tend to use public or insecure internet connections
-- You do not have a secure browser
-- You are predictable - in other words you leave traces or habits that a hacker can expect you to make / do. For example: you broadcast to everyone when you are online, what you are accessing, what sites you visit, etc.
-- Your OS (Operating system like Windows, Mac, etc.) is out of date and does not have the latest security patches installed
-- You tend to visit questionable sites
-- You tend to click links in Emails without verifying them

5. Are the permissions on your files correct? On servers that need file write permission you give 'too much' permission then you open your server up to hackers who can adjust your files at will!

6. What kind of Administrator are you? Just one 'tiny' setting can open up your whole SMF to a hack attack because you leave it open for guests or chose the wrong option. You may wish to read over this: Source 1

You need to consider the internet like a big swimming pool with everyone sharing the SAME water you are in. You have to be on guard at all times.

I may add more to this Thread in the future.
-------------------------------
SMF Services


Post Date: 1st Aug, 2012 - 8:00am / Post ID: #


Member Junior
**
[?] CPosts: 49
Posts: 53
Avg: 0.0 Post(s) / Day
Activity: 0.8%
[+] Gain: 200.00 FP
Charm: 8

Again Hacked SMF Hacked Site SMF My

If someone is stuck with shared hosting (at least for a little while), are there any SMF modifications or other ways to protect the site? if you already have good firewall, \private browser, very good active anti-virus, anti-spy, and malware active protection? Have latest SMF and security patches, too, of course. And keep computer clean daily.

I am freq monitoring whose on site a lot and just banning IP's of anybody suspicious, even servers IP's when I can, checking error log freq, have refused all permissions for anyone other than admin except to read - no one allowed to log on, register or post etc; stopped leaving my computer on when I'm not watching it. It's killed my site's numbers by 75% past month, but I don't care about that right now.

I have someone harassing me - my email accounts have had passwords changed twice (yahoo and gmail but not the hushmail acct or twitter - that one's hard to believec). He hasn't gotten thru new modem/router/protective software and new computer, different IP, since I changed everything. Web site was hacked sev times but not lately. I download data every night in case of problems. He even tried to access my cell phone account with phony story and my birthdate but company didn't fall for his line - Thank you Boost Mobile! He was sending unwanted obnoxious spam to my private email accounts - which I've dealt with....

Have changed times when I am on net somewhat; stopped leaving my computer on when I'm not watching it and not using it nearly as much as I was before, just stepping back from net a bit except monitoring site and emails; created really hard passwords and changing them freq on everything; keeping low profile on places where I used to be a lot; created a new twitter acct because he watches my other one to see when I'm online so letting it sit for a while. I know HIS time schedule very well, ck the twitter account he still uses, and watch carefully when I know he is online.

Someone says he is 'cyberbullying' me and has committed crimes by hacking me, but tho phone harassment complaint I took out on him stopped phone calls, none of the police had anything to say about the internet things. He's been doing this constantly for 2 months now. At least 1-2x/week there's something. Different things so never know what to expect.

Just wondered if there were any SMF modifications or other software, anything else, I can do to protect myself from him online?

It makes me want to take computer courses, learn to be a hacker or something so I know more about how they work and don't feel so violated, so helpless...

Coming from an abusive childhood, I think makes it even more difficult for me to feel at his mercy and I want control of my life back again. There are also measures I've taken for my physical safety, tho nothing is foolproof, of course. I should be afraid, he is a violent person...but I'm so angry at all the things he's doing, that I'm not afraid. I would like to be a Navy Seal or Marine and kick his butt. :)
Bullies are cowards.




Post Date: 1st Aug, 2012 - 5:26pm / Post ID: #


Admin + Architect
*******
[?] CPosts: 36,420
Posts: 46,406
Avg: 8.6 Post(s) / Day
Activity: 100%
[+] Gain: 1,395.51 FP
Charm: 315

My SMF Site Was Hacked - SMF Hacked Again Help Client SEO Hosting Design Web

Attached Image QUOTE (LadySaoirse)
If someone is stuck with shared hosting...

Once you are on shared hosting you are susceptible to how the host controls the server as well as the behavior of other shared accounts on that host. Think of a big swimming pool with a whole bunch of people in it. If one decides to pee (sorry for the example) then the water gets carried to all the rest. You cannot put a 'magic' barrier around yourself to stop that 'pee' reaching you.

There are measures you can place IF you have root access to a server which is NOT available in shared hosting: .htaccess, PHP function disables, server firewalls, Mod secure definitions and so forth.

Do note; no amount of security can stop a determined hacker pin pointing you specifically. You can delay him but there are so many ways to hack in or bring down a site. Usually all security settings established by ANYONE that is hosting a site is mostly to stop the average lurker, spider, malicious bot, etc. Not for someone that wants to cause you misery.

Attached Image QUOTE
Just wondered if there were any SMF modifications or other software, anything else, I can do to protect myself from him online?

SMF of itself is just software and secure enough without adding anything to it. This is mostly about your host, your password strength and how secure your online connections are, there is nothing different to what I said above.


Post Date: 8th Aug, 2012 - 12:47pm / Post ID: #


Member Junior
**
[?] CPosts: 29
Posts: 34
Avg: 0.0 Post(s) / Day
Activity: 0.3%
[+] Gain: 208.17 FP
Charm: none

Again Hacked SMF Hacked Site SMF My

Can SMF have loopholes that aren't discovered as yet? I mean maybe there is a weakness in the source code of SMF that some hacker has exploited.


Post Date: 8th Aug, 2012 - 12:57pm / Post ID: #


Admin + Architect
*******
[?] CPosts: 36,420
Posts: 46,406
Avg: 8.6 Post(s) / Day
Activity: 100%
[+] Gain: 1,395.51 FP
Charm: 315

Again Hacked SMF Hacked Site SMF My

Well of course, as I said before a true hacker determined to get in will eventually get in, BUT in general this is not true. Keep in mind that SMF has thousands of users, therefore if they are hacked and report it then the SMF team can determine if it was something to do with the source coding. There are also ethical hackers that check the software to see if they can routinely hack in. If anything is discovered it is fixed with a patch, hence it is very important to ensure you are always using the latest version of SMF.


Post Date: 16th Aug, 2012 - 6:36pm / Post ID: #

My SMF Site Was Hacked - SMF Hacked Again

Name: Learning
Country:

Comments: I learned my lesson from being on shared hosting, it was the pits. There was so much downtime, I got database connection errors and worst of all my site was hacked. Luckily my SMF content wasn't touched and I do make regular backups. I'm on VPS hosting now, sure I pay more but the peace of mind is worth it.
Post Date: 26th Aug, 2012 - 11:45am / Post ID: #


Member Seasoned
****
[?] CPosts: 383
Posts: 387
Avg: 0.1 Post(s) / Day
Activity: 2.9%
[+] Gain: 71.72 FP
Charm: 2

My SMF Site Hacked SMF Hacked Again

In general one of the big reasons site's are hacked is because the server is not updating their software daily. The reason they limit the updates is because it pulls resources needed on an already stuffed shared server. Some people might start complaining that an update also brakes their site. Web site owners such as in the case where you have SMF you need to ensure your site is constantly meeting the needs of security updates and not the other way around.


Post Date: 26th Aug, 2012 - 7:46pm / Post ID: #


Admin + Architect
*******
[?] CPosts: 36,420
Posts: 46,406
Avg: 8.6 Post(s) / Day
Activity: 100%
[+] Gain: 1,395.51 FP
Charm: 315

My SMF Site Hacked SMF Hacked Again

Good info Geek and it reminds me of something I didn't mention originally... Although you might be keeping the basic SMF up to date you have to do the same with any modifications you have installed because mods can open you up for attack if they are not well written, not for your version of SMF, not updated by the original author to keep up with current versions of SMF or used improperly. I see a lot of sites using the latest SMF but with outdated mods. It is like having a very strong metal door with a weak lock therefore leaving you vulnerable for attack.


Guest please SHARE: "My SMF Site Was Hacked - SMF Hacked Again" on:

+  1 2 3 
Sponsored Links:

Do you have any My SMF Site Was Hacked - SMF Hacked Again Tips
Options Fast Reply Add Reply Add Poll


No Registration Required!

We welcome input from visitors:
Add Comment As A Guest
, please check your grammar before submitting. ?


 Enable Smilies  Enable Signature

Tip TIP: Press above button ONCE only. If you come back here via the [Back] button on your browser then you will need to click [More Options] button (below) first in order to re-enable your ability to Post.

> TOPIC: My SMF Site Was Hacked - SMF Hacked Again


Share:

Like:

Donate Compare Membership
International Discussions Coded by: BGID® ALL RIGHTS RESERVED Copyright © 1999-2017
Disclaimer Privacy Report Errors Credits

ROK II

Current Leaders

KNtoran

Noukril (14)
Hunter

Hunter (13)
Belial

Ragnar (12)
Chynacat

Melodie (11)
Krusten

Krusten (10)
Thomaslee

Jonathon (9)


Aspiring Leaders

Goldendawn / Aaroni (9)
Wizard / Merlin (8)
Thaosx / Dazrin (8)
Txtrpg / Zork (2)
Stacia / Charmaine (5)
Usabookworm / Bonifacius (5)

Ready To Rule?

Are you here yet or still hiding? Come out of your cave and become a Ruler... a Ruler of Kings.

Highlights

The Trump Immigration Wall: What are your thoughts about this Topic? By Abnninja 1.2 Day(s) Ago
Donald Trump & Muslims: Can Trump stop Islamist without aggrevating the Middle East? By News 4.1 Days Ago
Wide Screen Columns: Now your screen is not as empty as before. What are your thoughts about this new feature in the Community? By Hunter 1 Week Ago
Donald Trump: Can you see him as the next President of one of the most powerful countries in the world, the United States of America? By Abnninja 1 Week Ago
Global Warming: Natural Or Man-made?: What are your thoughts about this Topic? By KNtoran 9th May, 2017 - 2:48pm
Russia vs USA: Will there be a World War over the expansion of Russia? By Abnninja 5th May, 2017 - 10:56am
Your Avatar: We have renovated our Avatar Gallery. If you have not already done so please select a new Avatar. See details: here. By JB 11th Apr, 2017 - 5:25pm
Men In Uniform - Authorized Excessive Violence: What are your thoughts about this Topic? By KNtoran 11th Apr, 2017 - 3:39pm
Atheists Not To Be Feared!: What are your thoughts about this Topic? By Abnninja 9th Apr, 2017 - 2:02am
A Science Fiction Continue The Story RPG: What are your thoughts about this Topic? By Abnninja 5th Apr, 2017 - 12:02am
The 9.11 Conspiracy: What are your thoughts about this Topic? By Abnninja 22nd Mar, 2017 - 10:48pm
Another 9/11: What are your thoughts about this Topic? By News 11th Jan, 2016 - 4:57am

Updated every: 14 minutes