My name is Chris. I've been running an SMF web site (very small community) for about one year now. All of the members of my site are people I physically know, who live in the same town as I. Over the past few months I have noticed a lot of odd traffic in the raw access log. By odd I mean IP's from Asia, Europe but most specifically from Latvia. Like I mentioned, all of my members live in one town, which happens to be in Southwestern US...surely not Latvia.
MY SKILL SET
I'm finally comfortable with manually installing SMF, manually installing the few mods we use and making small changes to the PHP files. While I'm comfortable in making pre-defined changes, I often don't completely understand the code that I am cutting and pasting. I hope this paints a picture for where I'm at experience wise.
My research led me to the discovery of two new phrases (for me anyway). The first was SQL Injection, which seems massively complex. The second was XSS, which baffles me just as much.
Further research of these terms led me to Ethicalhacker.net. I signed up and searched phrases such as, "protecting SMF", "Securing SMF", "XSS" and "SQL Injection". While I did find results in some of these categories, my knowledge is not yet strong enough to understand and deploy some of the solutions mentioned. One such instance is the mention of "sanitizing input"...boy, to me that means washing my keyboard or turning on the word filter.
Well, it's simple to a pro I suppose; I want to know how to find out if I've been hacked, or if someone is making an attempt. I'm looking for some direction that will help me protect the my family and friends who use the SMF site. Just looking for some constructive guidance I suppose.
I realize that it's important in communities such as this one, that the member do as much of his/her own work as possible. I'm a hard worker, I'll do my best to research on my own, and would really appreciate some guidance or path outline for understanding security as it relates to SMF?
Thank you for your time.