upgrading the forum to the latest version...re: the hacking

[ttgapers]

it appears the forum is at version 1.0.5

it appears this version has some sql vulnerabilities that "Don Johnson" might be using to exploit the board. might the site admins update to the latest stable or RC version, it may mitigate the attacks.

i checked out smf, and stable release is 1.0.7, and RC is at 1.11 i beleve.

jus looking out for the security of the forum and it's users.

if it is a sql injection as i think, users PM boxes etc., might have been compromised.

regards

ttgapers

[Dutty]

Nice!!!  I have NO idea what all dat means 

But if it go work better...pull de lever and fix it oui   

[cocoapanyol]

Yeah..ah get "Don Jonhson" crap dis morning too.  Dem people must be real hardup when de have tuh beg tom, dick and harry to watch dey sh**

[Organic]

it appears the forum is at version 1.0.5

it appears this version has some sql vulnerabilities that "Don Johnson" might be using to exploit the board. might the site admins update to the latest stable or RC version, it may mitigate the attacks.

i checked out smf, and stable release is 1.0.7, and RC is at 1.11 i beleve.

jus looking out for the security of the forum and it's users.

if it is a sql injection as i think, users PM boxes etc., might have been compromised.

regards

ttgapers

am yes fuh true same thng i was thinking 
QUE?

[ttgapers]

Nice!!!  I have NO idea what all dat means 

But if it go work better...pull de lever and fix it oui   

yeah boy dutty...it looking like it need an update...

Soca Warriors Online Discussion Forum | Powered by SMF 1.0.5.
© 2001-2005, Lewis Media. All Rights Reserved.
© Theme by Midgard

A little more reading and one realizes SMF forums appear to be very insecure. in the long run it may be better to upgrade socawarriors to a more robut CMS. my recommendation would be Postnuke.

ttgapers

[TriniCana]

Ya know ah reading this thread and dey other 3 concerning dey spam and hacker asswipe and ah thinking tur meh self...Allyuh ain't think that all this public information would lead into dey wrong hands again ?

With this information it should be PMed to those who wanna know.

[ttgapers]

Ya know ah reading this thread and dey other 3 concerning dey spam and hacker asswipe and ah thinking tur meh self...Allyuh ain't think that all this public information would lead into dey wrong hands again ?

With this information it should be PMed to those who wanna know.

I hear ya, but all this is publicly available in google, and all open source advisories.....even on the SMF website it lists the vulnerabilities and fixes.

ttgapers

[RasIred]

TT gaper, send the moderators a lil heads up in Pm, and they could act on yur suggestion.

Good looking out 


Tha Don Johnson is a stand and a half

[ttgapers]

Would that cost alot

as far as i can see, it costs zero as SMF appears to be open-source.


i will forward it to them, but i am sure they are aware of it by now. apparently this guy did the same thing twice? that means a vulnerability exists that has not been patched since the first hack.

ttgapers..