« previous next »
Pages: [1]

Author Topic: Dangerous Hacker Has Joined Your Forum  (Read 5495 times)

toestepper

  • Guest
Dangerous Hacker Has Joined Your Forum
« on: 2009-05-15 20:58:58 »
I'm here to warn you that a very dangerous hacker has joined your site.  His username is krisbarteo.  He is hacking SMF forums by loading a corrupted  avatar and damaging every single file on your server.  He did this to my forum and over 800 other SMF forums.  If you Google his name you will see all the forums he's hacked.  He usually joins the forum and returns about one week later to do his hacking.  Please removed his username and ban him immediately.  You can read more about krisbarteo on the SMF community forum board.  I noticed you have a large forum and large user base.  So do I.  I'd hate to see any other Admin go through what we did.  If you pick out another forum to warn maybe we can save others from this guy.   You may delete my membership after reading this.  Good Luck.  I hope you catch him in time.  In the future you may consider loading a mod that checks for hackers and spammers before they enter your site.  You can use www.stopforumspam.com also.
Logged

Grimmy

  • *
  • Posts: 499
  • Join in my tarnished light.
    • View Profile
    • GrimmyGames
Re: Dangerous Hacker Has Joined Your Forum
« Reply #1 on: 2009-05-15 21:10:37 »
Is this real. I googled the name and tons of simple machine forums poped up. If it's true definitely take action. Their is to much important info on this forum. Maybe we should update the wiki with newer links and tutorial info, just a suggestion though.
Logged

Aali

  • *
  • Posts: 1196
    • View Profile
Re: Dangerous Hacker Has Joined Your Forum
« Reply #2 on: 2009-05-15 21:16:15 »
It's real, but the correct action is certainly not to ban this one user. This is a known issue with SMF and there's a fix for it.

Possible ways to secure the forum:
Disable all file uploads
Turn on the magic_quotes_gpc option in php.ini (if its already on we have nothing to worry about)
Qhimm: don't read any suspicious topics, an admin is required to trigger the exploit.
« Last Edit: 2009-05-15 21:20:28 by Aali »
Logged

toestepper

  • Guest
Re: Dangerous Hacker Has Joined Your Forum
« Reply #3 on: 2009-05-15 22:11:40 »
If you don't delete him account and ban him he'll return with many other usernames.  I've only come to warn you because I spent four days trying to straighten out all the files he corrupted and luckily had a recent download of my forum.  If you don't believe me go to the SMF community discussion forum and read what he's done to many others.  It's not a joke, and it wasn't funny....and he's a member here.
Logged

toestepper

  • Guest
Re: Dangerous Hacker Has Joined Your Forum
« Reply #4 on: 2009-05-15 22:14:31 »
BTW....you should definately disable the ability to upload avatars.  I'm making members load them on photobucket now.
Logged

Aali

  • *
  • Posts: 1196
    • View Profile
Re: Dangerous Hacker Has Joined Your Forum
« Reply #5 on: 2009-05-16 02:50:31 »
Actually, it seems file uploads are already completely turned off so I think we'll be okay.
Logged
Pages: [1]
« previous next »