A serious vulnerability in the forum SMF. Solution found!
Recently, reports of hacking forums, working on SMF (Simple Machines Forum), was among the victims and forum Russian community Ubuntu. But what is the problem and what to fear it is not clear, information was scarce.
Today we have more information. This vulnerability affects all versions of the forum, including the latest stable version 1.1.8. The vulnerability exists in the zoom feature avatars, so before the official patch, we recommend the following steps:
- Prohibit the loading of avatars as with external sites and the local computer.
- Disable scaling avatars
- Check if not registered on the forum user with a login krisbarteo and if present, it is recommended to conduct an audit files offline.
I recommend to make an audit even if that user was not found. Downloading on your local computer all the files offline and check for the presence of a file that’s such a code: eval (base64_decode
In the original files offline such lines should not be, if you are present is necessary to replace these files from the original distribution SMF.
Problem Solving
Necessary in the directory where the saved attachment, or avatars, to place. Htaccess file is as follows:
<Files * > Order Deny, Allow Deny from all Allow from localhost </ Files > RemoveHandler. PHP. php3. phtml. cgi. fcgi. pl. FPL. shtml
Especially important is the last line, it will disable the execution of PHP in that folder and everything will be solved self-other.