.

Protecting SMF

<<

Zenboy

Newbie
Newbie

Posts: 2

Joined: Thu Jan 31, 2008 3:09 am

Post Thu Jan 31, 2008 3:55 am

Protecting SMF

Hello folks!

BACKGROUND

My name is Chris.  I've been running an SMF web site (very small community) for about one year now.  All of the members of my site are people I physically know, who live in the same town as I.  Over the past few months I have noticed a lot of odd traffic in the raw access log.  By odd I mean IP's from Asia, Europe but most specifically from Latvia.  Like I mentioned, all of my members live in one town, which happens to be in Southwestern US...surely not Latvia. 

MY SKILL SET

I'm finally comfortable with manually installing SMF, manually installing the few mods we use and making small changes to the PHP files.  While I'm comfortable in making pre-defined changes, I often don't completely understand the code that I am cutting and pasting.  I hope this paints a picture for where I'm at experience wise. 

MY RESEARCH

My research led me to the discovery of two new phrases (for me anyway).  The first was SQL Injection, which seems massively complex.  The second was XSS, which baffles me just as much. 

Further research of these terms led me to Ethicalhacker.net.  I signed up and searched phrases such as, "protecting SMF", "Securing SMF", "XSS" and "SQL Injection".  While I did find results in some of these categories, my knowledge is not yet strong enough to understand and deploy some of the solutions mentioned.  One such instance is the mention of "sanitizing input"...boy, to me that means washing my keyboard or turning on the word filter. 

MY QUANDRY

Well, it's simple to a pro I suppose; I want to know how to find out if I've been hacked, or if someone is making an attempt. I'm looking for some direction that will help me protect the my family and friends who use the SMF site.  Just looking for some constructive guidance I suppose. 

I realize that it's important in communities such as this one, that the member do as much of his/her own work as possible.  I'm a hard worker, I'll do my best to research on my own, and would really appreciate some guidance or path outline for understanding security as it relates to SMF? 

Thank you for your time. 

Regards,

ChrisG
(Zenboy)
<<

LSOChris

Post Thu Jan 31, 2008 11:31 am

Re: Protecting SMF

if you have any kinds of internet presence just expect to be scanned and people to attempt to hack your site.  that's just the way it is.

if you're that concerned with it you can edit htaccess or set up some iptables rules to block the IPs
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Thu Jan 31, 2008 12:17 pm

Re: Protecting SMF

Hi ChrisG #2, and welcome to EH-Net :)

Aside from the suggestions already given, I'm going to assume that your website is hosted on a server you don't own and you only have limited access to upload/download files and such.

As a site administrator, what someone with your experience should be concerned with mostly are known vulnerabilities. I would suggest searching for terms such as "SMF Vulnerabilities", "SMF Exploits" etc. and also check the standard vulnerability lists. Make sure that you're using the latest version of the application and make sure that any exploits you find while searching will not work against your site.

Unless you have some sensitive data that would attract a more skilled attacker, you will more than likely know when your site has been hacked. The reason being is that the majority of people that Chris mentioned who are scanning your site are only looking for those known holes. When they find them, they typically make it loud, clear, and obvious that they have taken advantage of it. Now this is not always the case, but happens more often than not.

If you're really intent on doing a code review, I would suggest getting a firm understanding of the language in use first. I highly recommend the Sams "teach yourself" series of books as they are usually very easy to follow along.
<<

Zenboy

Newbie
Newbie

Posts: 2

Joined: Thu Jan 31, 2008 3:09 am

Post Fri Feb 01, 2008 12:44 pm

Re: Protecting SMF

Thanks guys.  My site surely doesn't have anything of high interest, unless hackers really love to read stories about my mothers Muscovy duck.  I've got the latest updated for SMF and for each of the mods we use.  I'm glad to hear I'm on track with those issues.

Thank you for the direction.

Best Regards,

ChrisG #2
(Zenboy)
<<

Kev

Sr. Member
Sr. Member

Posts: 428

Joined: Sat Sep 29, 2007 12:26 pm

Post Wed Feb 06, 2008 3:28 pm

Re: Protecting SMF

Remember that any server has value to a hacker and it doesn't matter if it has valuable data on it or not.  If I can own several powerful boxes with good high speed on all the time internet, its the perfect launch platform for my attacks making me really hard to track down. So keep on your goal of making your site secure. I am not the biggest fan of php as far as security goes, but it looks nice and works and is free.
Last edited by Kev on Wed Feb 06, 2008 3:30 pm, edited 1 time in total.
<<

pseud0

User avatar

Recruiters
Recruiters

Posts: 210

Joined: Sat Nov 17, 2007 8:26 pm

Location: Detroit, Michigan

Post Wed Feb 06, 2008 3:31 pm

Re: Protecting SMF

yeah, remember that the iron itself has value, not just the data.  If someone owns that box and decides to use it to serve kiddie porn, has a DoD system, or just generally be a jerk, someone with a badge is going to serve you a warrant and take it away from you.  Then you will have to prove that you didn't know anything about it, and you'll be without the system for some time.
CISSP, CISM, CISA, GCIH, GREM, CEH, HMFIC, KTHXBIROFLCOPTER

Return to Other

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software