| Author |
 Topic  |
|
|
wrighty
Starting Member
7 Posts |
 Posted - 11 April 2007 : 10:47:16
|
Hi
I have recently updated a Snitz Forum on a website, but it is constantly being hacked.
The Site is based on an Access database, and a number of users are posting unwanted and unsavoury content.
I upgraded to enable the use of email verification, but cannot get this to work no matter what I try. I have taken the Forum offline on numerous occasions whilst I try to fix the problems, only to have it mysteriously put back on line and this unsavoury content posted again.
I am the only admin and it no details have been passed to a third party as I and only I run the site.
I am considering removing this forum as I consider that if it can so easily be compromised then it is not secure enough to be used online.
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 11 April 2007 : 11:22:24
|
There are currently no security issues that we know of. The latest version with the latest security updates is... well... secure, as far as we know. We have thousands of users using the latest version and no one has brought a similar complaint, so I'd think that there is something specific to your configuration that is causing this.
You should be aware, however, that the feature that takes the forum offline does not take it down for good. It's based on application variables and the fact that the forum is taken back online is a known issue with it. Hard coding the forum to be offline by adding a line in config.asp will stop the repeated "come back" of the forum.
If you have other issues other than the repeated "coming back online" of the forum please let us know. If that's the case, maybe you're doing something that exposes your DB to an easy download or someone has hacked into the forum once and you haven't changed passwords or similar. We really need to know about what happened and what you did to counter it so that we can provide some help. |
Snitz 3.4 Readme | Like the support? Support Snitz too |
 |
|
|
AnonJr
Moderator
United States
5768 Posts |
Posted - 11 April 2007 : 11:40:50
|
| Its also possible that if you have any upload type MODs, and you haven't addressed some of the updates related to those, it creates a problem.... and it could be that the server itself is insecure - once they get on the actual server it doesn't matter how secure Snitz is coded. |
|
|
|
Shaggy
Support Moderator
Ireland
6780 Posts |
Posted - 11 April 2007 : 11:51:08
|
Wrighty, I don't see how anything you've described constitutes a "hack". As Rui said, the feature that allows you to shut down your forums is only intended to be used for a short period of time; a server reset, or anything else that resets your application variables, will reopen your forums. Everything else you mentioned sounds like normal, run-of-the-mill spam to me.
|
 Search is your friend
“I was having a mildly paranoid day, mostly due to the
fact that the mad priest lady from over the river had
taken to nailing weasels to my front door again.” |
|
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 11 April 2007 : 12:55:19
|
| perhaps you may get somewhere if you post about your email verification problems so that we can resolve those, rather than posting about a major security issue which doesn't exist. you will also need to do other things as well as enable email verification, because believe it or not these people do use proper email addresses so email verification on its own won't stop people spamming your forum. |
|
|
|
pdrg
Support Moderator
United Kingdom
2897 Posts |
Posted - 11 April 2007 : 14:50:01
|
Have to concur, sounds like you're having a problem with email verification, which we may be able to help you with, but the symptoms of your 'hacked' site are consistent with what people say above. True, you may have been hacked, and if that's the case, we need to work out why to cure it, so tell us more!
|
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
|
|
wrighty
Starting Member
7 Posts |
Posted - 12 April 2007 : 05:37:05
|
Hi Guys
Thanks for all your response, I was not aware that the offline feature was only temporary. I needed to take the forum down so I could test the config before I got unwanted visitors again.
As far as the issues concerned, Ihave not added any MODS to the forum, it is as is. I have upgraded, turned oon Restrict Registration and Email verification, but neither is working, I can freely register and no email is sent for validation. I have also tried the different options for the email component.
I understand that email verification is not the be all and end all but its a start, I want to add a captcha as well, but one step at a time.
Thanks in advance. |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 12 April 2007 : 05:43:32
|
The email issues can be sorted independently of the rest. You just need to find out is happening. That should be your first priority.
You can have specified your email server incorrectly, you server may require authentication, there are several things that can be happening, but you should concentrate on solving that first.
Please start a new thread in the proper forum about that. You should also browse the forum, since there are many posts about forum email issues. |
Snitz 3.4 Readme | Like the support? Support Snitz too |
|
|
|
wrighty
Starting Member
7 Posts |
Posted - 12 April 2007 : 05:55:39
|
Ok Thanks for that
Will repost later |
|
|
| |
Topic |
|
Topic Locked
