SMF forum admins - upgrade to v1.1.4

administrator · 25 September 2007 11:53

I know some of you use the SMF (SimpleMachines Forum) software that is used to provide the Weather-Watch.com forum. If you do use this software make sure you upgrade to v1.1.4 ASAP. This fixes a number of security issues including at least one that is being actively exploited. The reason I know it’s being used is that just over a week ago this forum was hacked using the exploit. Fortunately little damage was done and even that was easily corrected. The logs of the hack were sent to the SMF developers who were able to use them to identify the exploit and develop the v1.1.4 patch to close this particular hole.

The patch prevents the exploit from being used, but if your server/forum has already been hacked, any tools put onto your server by the hacker will still be accessible until you remove them. If you have any suspicion that you might have been hacked, perhaps your forum is doing odd things and you haven’t modified/changed it or the server it runs on for some time, then I’d seriously advise checking for any evidence of hacking tools/rootkits/etc. I can’t offer advice on what to look for because that would depend on the MO of particular hacker who used the exploit.

krelvinaz · 25 September 2007 18:01

Patch install was very easy… smooth… been waiting for it for a bit.

All 12 forums were patched in about 6 mins.

Wish my ISP knew how to do upgrades so that they worked on time when they were supposed to do them.

They had a planned upgrade for Monday 6am-8am… They did it today (Tues) from 8:30am - 11am… fun!

JaxWeather · 25 September 2007 23:05

I saw Chris’s post first thing this morning and upgraded… Just now got the Notice from the SMS mailing list…

Folks if you are running any Forums, CMS or Blog applications make sure you are signed up for the appropriate mailing list from the Authors to ensure you stay on top of issues such as this, however in this case Chris was a warning bell 12 hours in advance of official email notification

-Bob

administrator · 26 September 2007 09:56

I actually got an early release of the patch as I reported the original problem. I did get 5 (I think) notifications of the patch from the SMF mailing list a couple of days ago, so perhaps they have a problem with the list?

system · 2 March 2025 22:09

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.