|
Suicide Squeeze has been hacked several times recently by john mohov. We changed web hosts, but after a few days the hack returned. Our forum runs on SMF 1.17 currently.
Tech support advised me that my global permissions were set to allow files to be written to. They fixed the permissions for me and installed a back up. At the time we were running SMF 1.16 and as soon as the site came back up, I upgraded to SMF 1.17. Two days later we were hacked again. Hopefully that's not the case for you Paul, but don't be surprised if it happens again.
I contacted tech support again and they did some additional digging. They claimed someone had stolen my ftp user name and password and hacked the site. They recommended I do a virus scan on my end, change my password and reinstall SMF. I ran the scan, but it came up empty. I even picked up another virus software package just to be certain the one I was using hadn't missed something. No virus found. I then changed my ftp password and got the site running again yesterday. It's been running for 24 hrs so far with no issues.
I'm not sure how they are getting my password, but one thing I noticed when I first installed OOTP 9 was that when I entered my ftp data for online play, the password was fully visible. At the time I remember thinking that was odd, but thought nothing of it. Maybe it was the same in previous versions, but I seem to remember it always being hidden. I know you need the commissioner password to view those features, but I'm curious if there isn't some security issue with that portion of OOTP. I've never had any issues in past versions of OOTP, just since using this one. Perhaps it's just a coincidence, but I'm curious now.
|