My SMF Site Was Hacked - SMF Hacked Again
I titled this Thread like this because I sometimes see people post "help" Requests like this in SMF Help Wanted section due to their site being messed up by someone either known or unknown to them. Usually, the first inclination of the victim SMF user is to blame SMF's software, but here are some things to consider, see if any of them relate to your situation:
1. First, did you have the latest SMF, with all the updated patches / security fixes installed? You won't believe how many people still run massive sites using old software that has many bugs and security holes in it. It is very important to have the LATEST version of SMF installed on your site.
2. Are you are on cheap shared hosting? No matter how secure your SMF is if your host doesn't care much about security then people on other shared accounts can get to you that way, for that matter anyone that visits your site can as well. Stay away from shared hosting if you really care about your site. As a minimum go with VPS (Virtual private server) where you can at least dictate the server software you use and how it responds to requests. You may say that having a VPS or dedicated server is just too much money for you, well as they say "cheap things no good". Being online is a significant investment you need to have a reputable host AND be prepared to spend time ensuring your account with them cannot be compromised.
3. Are you giving out your passwords? I often tell my clients to change passwords often because they are susceptible to being picked at from Emails. You should also choose a password that is not a birth date, your name, etc. See here: Source 3 then you may ask well how will anyone see my password from my Email and that brings us to #4 below.
4. Is your computer secure? Someone can be logging your computer key strokes or spying with you if:
-- You do not have a very good firewall installed.
-- You tend to use public or insecure internet connections
-- You do not have a secure browser
-- You are predictable - in other words you leave traces or habits that a hacker can expect you to make / do. For example: you broadcast to everyone when you are online, what you are accessing, what sites you visit, etc.
-- Your OS (Operating system like Windows, Mac, etc.) is out of date and does not have the latest security patches installed
-- You tend to visit questionable sites
-- You tend to click links in Emails without verifying them
5. Are the permissions on your files correct? On servers that need file write permission you give 'too much' permission then you open your server up to hackers who can adjust your files at will!
6. What kind of Administrator are you? Just one 'tiny' setting can open up your whole SMF to a hack attack because you leave it open for guests or chose the wrong option. You may wish to read over this: Source 1
You need to consider the internet like a big swimming pool with everyone sharing the SAME water you are in. You have to be on guard at all times.
I may add more to this Thread in the future.
If someone is stuck with shared hosting (at least for a little while), are there any SMF modifications or other ways to protect the site? if you already have good firewall, \private browser, very good active anti-virus, anti-spy, and malware active protection? Have latest SMF and security patches, too, of course. And keep computer clean daily.
I am freq monitoring whose on site a lot and just banning IP's of anybody suspicious, even servers IP's when I can, checking error log freq, have refused all permissions for anyone other than admin except to read - no one allowed to log on, register or post etc; stopped leaving my computer on when I'm not watching it. It's killed my site's numbers by 75% past month, but I don't care about that right now.
I have someone harassing me - my email accounts have had passwords changed twice (yahoo and gmail but not the hushmail acct or twitter - that one's hard to believec). He hasn't gotten thru new modem/router/protective software and new computer, different IP, since I changed everything. Web site was hacked sev times but not lately. I download data every night in case of problems. He even tried to access my cell phone account with phony story and my birthdate but company didn't fall for his line - Thank you Boost Mobile! He was sending unwanted obnoxious spam to my private email accounts - which I've dealt with....
Have changed times when I am on net somewhat; stopped leaving my computer on when I'm not watching it and not using it nearly as much as I was before, just stepping back from net a bit except monitoring site and emails; created really hard passwords and changing them freq on everything; keeping low profile on places where I used to be a lot; created a new twitter acct because he watches my other one to see when I'm online so letting it sit for a while. I know HIS time schedule very well, ck the twitter account he still uses, and watch carefully when I know he is online.
Someone says he is 'cyberbullying' me and has committed crimes by hacking me, but tho phone harassment complaint I took out on him stopped phone calls, none of the police had anything to say about the internet things. He's been doing this constantly for 2 months now. At least 1-2x/week there's something. Different things so never know what to expect.
Just wondered if there were any SMF modifications or other software, anything else, I can do to protect myself from him online?
It makes me want to take computer courses, learn to be a hacker or something so I know more about how they work and don't feel so violated, so helpless...
Coming from an abusive childhood, I think makes it even more difficult for me to feel at his mercy and I want control of my life back again. There are also measures I've taken for my physical safety, tho nothing is foolproof, of course. I should be afraid, he is a violent person...but I'm so angry at all the things he's doing, that I'm not afraid. I would like to be a Navy Seal or Marine and kick his butt. :)
Bullies are cowards.
Well of course, as I said before a true hacker determined to get in will eventually get in, BUT in general this is not true. Keep in mind that SMF has thousands of users, therefore if they are hacked and report it then the SMF team can determine if it was something to do with the source coding. There are also ethical hackers that check the software to see if they can routinely hack in. If anything is discovered it is fixed with a patch, hence it is very important to ensure you are always using the latest version of SMF.
Comments: I learned my lesson from being on shared hosting, it was the pits. There was so much downtime, I got database connection errors and worst of all my site was hacked. Luckily my SMF content wasn't touched and I do make regular backups. I'm on VPS hosting now, sure I pay more but the peace of mind is worth it.
In general one of the big reasons site's are hacked is because the server is not updating their software daily. The reason they limit the updates is because it pulls resources needed on an already stuffed shared server. Some people might start complaining that an update also brakes their site. Web site owners such as in the case where you have SMF you need to ensure your site is constantly meeting the needs of security updates and not the other way around.
Good info Geek and it reminds me of something I didn't mention originally... Although you might be keeping the basic SMF up to date you have to do the same with any modifications you have installed because mods can open you up for attack if they are not well written, not for your version of SMF, not updated by the original author to keep up with current versions of SMF or used improperly. I see a lot of sites using the latest SMF but with outdated mods. It is like having a very strong metal door with a weak lock therefore leaving you vulnerable for attack.