xsaimex.net

[Daniel0]

mat-tastic, given that I have access to quite a lot of information about the attack I find it unlikely that it was SMF's fault. We have been attacked through a hole in SMF before though, and that was much more destructive than just leading our users elsewhere.

[mat-tastic]

Are you seriously consider changing? I love SMF, its clean, its powerful and its just awesome.

 

You will have a bit of a nightmare switching with the amount of data you guys have.

[premiso]

However I very much doubt they coded a backdoor so they could access the site.

 

The only reason I point it out, is I know of a forum that an admin got in and informed them they were using illegal software, they actually made a post a sticky/global announcement, before shutting the site to "off".

 

Now whether this was really VBB Admin going in there or just an exploit someone found in the code I have no clue. This was back in 2001 ish.

[mat-tastic]

Thanks Premiso, I wasn't aware of that.

 

Shocking if they did that though, as that would be illegal.

[trq]

@premiso, As has been pointed out smf is open source. Any backdoor would be found and closed pretty darn quickly.

 

@mat-tastic, While it appears (at this early stage) that this attack may not have been a fault in the board. We have had smf compromised before. Its not indestructible as you seem to be indicating.

 

I'm all for a change. But Id still like to investigate what actually happend. There are no signs of brute forcing the admin password in question, so for now, its hard to say.

[premiso]

@premiso, As has been pointed out smf is open source. Any backdoor would be found and closed pretty darn quickly.

 

That makes more sense. Thanks, I must have just read over it, I guess I could of just went to the site and found out.

[steviewdr]

I take it that they didnt get in through the ZF main phpfreaks site? I know that it has some login stuff integrated into SMF.

 

Pain in the butt.

 

-steve

[Daniel0]

Yeah the login was made directly through our smf install.