Why Is GPL Selected By Open Source Vendors?
I started to consider the reasons why open source vendors select the GPL after ESR wrote: "The GPL may be a community-building signaling device, but it is also a confession of fear and weakness. To believe that it matters...

P2P Is About Instant Gratification Not Thievery
'P2P is a demand signal from the market,' says Cory Doctorow. If that's the case, what are we to make of The Pirate Bay conviction last week? For those who don't know, Pirate Bay is one of the world's largest...

Tips To Help With Your Cloud Computing Project
Just finishing up the final touches on my first big cloud computing project, and there was much to learn here, some pitfalls and some promises in the cloud that...

Hacking WordPress Through Security Flaws
Bandit Defense has posted a new Wordpress hack, but there are some things you need to know about first. The biggest one is that it relies on poor security at the hosting company, and already knowing the password...

Bypassing Internet Communication Restrictions
Steve Hodson from Win Extra quite rightly asks what we can do in the face of restrictive or repressive internet social media. The good thing is that this is an easy question to answer, because humans have been...

Securing Your Site With Google Advice
Hacking is a major problem that is increasing day by day. The Internet world is flocked with hundreds of, infact of thousands of anti hacking software but their effectiveness is still in question! In a recent post at Google's...


05.18.09

Older Hacking Methods Still Used To Capture Forums


By Dan Morrill


If you are running a Simple Machines Forum, there is a new hack making the rounds, and it is enough to turn your forum into something you no longer control. The hack first showed up May 01 2009, and has been gaining steam over the last couple of days. If you run the software, make sure you follow the cleaning instructions.

The hack injects php code into the settings file, and will then proceed to try to inject the malware into as many other files as possible. The key names that the hacker uses is Krisbarteo and MagicOPromotion so if your SMF system has either of those accounts, you need to head on over to the simple machines forum and read this thread. Patches are on the way, but in the mean time, there is little you can do to keep from becoming infected sort of changing file permissions and trying to clean up the mess before you get banned in Google as a malware site, that is a completely separate issue.

Ektron CMS400.NET Now With PageBuilder:
Instant Demo

April Russo over on FriendFeed is hat tipped for posting the alert for everyone to see, and she also posted a quick Google hack to find out how many sites Google see’s as having the Krisbarteo user, with over 300 of them in the Google index. While not a lot, the potential for mayhem is here. It is also good to see that SMF is actively working with the community of users and being completely transparent on how this hack works. Kudos to SMF for working hard to fix the issues, and address the community.

What is interesting is that the hacker is using an older 2008 method for taking over the system, a masked file with PHP code, that has the extension JPG or GIF. This is one of the reasons why you want to make sure that systems do not execute code that is coming in from another direction. This is a classic hacker trick, and has been used successfully for years. In the mean time, follow the thread and follow the cleaning instructions on the SMF forum.

Comments



About the Author:
Dan Morrill has been in the information security field for 18 years, both civilian and military, and is currently working on his Doctor of Management. Dan shares his insights on the important security issues of today through his blog, Managing Intellectual Property & IT Security, and is an active participant in the ITtoolbox blogging community.
About NetworkNewz
NetworkNewz editors, writers and contributors focus on both the big picture and the details of networking. At NetworkNewz our goal is to deliver to you The Key To Network Management.





NetworkNewz is brought to you by:

SecurityConfig.com NetworkingFiles.com
ITmanagementNews.com WebProASP.com
DatabaseProNews.com SQLProNews.com
ITcertificationNews.com SysAdminNews.com
LinuxProNews.com WirelessProNews.com
CProgrammingTrends.com ITmanagementNews.com





-- NetworkNewzis an iEntry, Inc. publication --
iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509
2009 iEntry, Inc. All Rights Reserved Privacy Policy Legal

archives | advertising info | news headlines | newsletters | comments/feedback | submit article


The Keys To Network Management Ask Questions in the Networking Forum NetworkNewz About Us iEntry NetworkNewz Home Page About Article Archive News Downloads WebProWorld Forums Jayde iEntry Advertise Contact