Hello folks!

BACKGROUND

My name is Chris.  I've been running an SMF web site (very small community) for about one year now.  All of the members of my site are people I physically know, who live in the same town as I.  Over the past few months I have noticed a lot of odd traffic in the raw access log.  By odd I mean IP's from Asia, Europe but most specifically from Latvia.  Like I mentioned, all of my members live in one town, which happens to be in Southwestern US...surely not Latvia. 

MY SKILL SET

 I'm finally comfortable with manually installing SMF, manually installing the few mods we use and making small changes to the PHP files.  While I'm comfortable in making pre-defined changes, I often don't completely understand the code that I am cutting and pasting.  I hope this paints a picture for where I'm at experience wise. 

MY RESEARCH

My research led me to the discovery of two new phrases (for me anyway).  The first was SQL Injection, which seems massively complex.  The second was XSS, which baffles me just as much. 

Further research of these terms led me to Ethicalhacker.net.  I signed up and searched phrases such as, "protecting SMF", "Securing SMF", "XSS" and "SQL Injection".  While I did find results in some of these categories, my knowledge is not yet strong enough to understand and deploy some of the solutions mentioned.  One such instance is the mention of "sanitizing input"...boy, to me that means washing my keyboard or turning on the word filter. 

MY QUANDRY

Well, it's simple to a pro I suppose; I want to know how to find out if I've been hacked, or if someone is making an attempt. I'm looking for some direction that will help me protect the my family and friends who use the SMF site.  Just looking for some constructive guidance I suppose. 

I realize that it's important in communities such as this one, that the member do as much of his/her own work as possible.  I'm a hard worker, I'll do my best to research on my own, and would really appreciate some guidance or path outline for understanding security as it relates to SMF? 

Thank you for your time. 

Regards,

ChrisG
(Zenboy)

Hi ChrisG #2, and welcome to EH-Net

Aside from the suggestions already given, I'm going to assume that your website is hosted on a server you don't own and you only have limited access to upload/download files and such.

As a site administrator, what someone with your experience should be concerned with mostly are known vulnerabilities. I would suggest searching for terms such as "SMF Vulnerabilities", "SMF Exploits" etc. and also check the standard vulnerability lists. Make sure that you're using the latest version of the application and make sure that any exploits you find while searching will not work against your site.

Unless you have some sensitive data that would attract a more skilled attacker, you will more than likely know when your site has been hacked. The reason being is that the majority of people that Chris mentioned who are scanning your site are only looking for those known holes. When they find them, they typically make it loud, clear, and obvious that they have taken advantage of it. Now this is not always the case, but happens more often than not.

If you're really intent on doing a code review, I would suggest getting a firm understanding of the language in use first. I highly recommend the Sams "teach yourself" series of books as they are usually very easy to follow along.

Remember that any server has value to a hacker and it doesn't matter if it has valuable data on it or not.  If I can own several powerful boxes with good high speed on all the time internet, its the perfect launch platform for my attacks making me really hard to track down. So keep on your goal of making your site secure. I am not the biggest fan of php as far as security goes, but it looks nice and works and is free.