Facebook  Twitter 

SMFHacks.com

+-

SMFHacks.com

+- User Information

Welcome, Guest.
Please login or register.
 
 
 
Forgot your password?

+- Forum Stats

Members
Total Members: 4255
Latest: andreios
New This Month: 3
New This Week: 1
New Today: 0
Stats
Total Posts: 43259
Total Topics: 7518
Most Online Today: 168
Most Online Ever: 2482
(April 09, 2011, 07:02:45 pm)
Users Online
Members: 0
Guests: 168
Total: 168

Author Topic: Menu Editor Pro vulnerable to hacks/infections?  (Read 6211 times)

0 Members and 1 Guest are viewing this topic.

Offline rexall

  • Member
  • *
  • Posts: 10
    • View Profile
    • Mind-Body Thailand
Menu Editor Pro vulnerable to hacks/infections?
« on: August 21, 2014, 11:10:41 pm »
Fri 22 Aug 2014, 10:56 am

Hello,

I have a minimal skill set, so I can't speak to this in an authoritative way, and I would have preferred to send this directly to Admin/Support, but there doesn't seem to be any easy way to do that, so here we are.

Recently my hosting account was attacked and all seven of my SMF & WordPress sites where seriously infected.  All but one was completely knocked out.  So far, it has taken a month and cost hundreds of dollars to begin to get cleaned and restored.  Early reports were that it was a vulnerability in a WordPress "Mail Poet" newsletter plugin.  Now my tech guy is saying something about Menu Editor Pro.  I hope he is wrong (or if he is right, that the mod can be hardened in some way)  because this is a really sweet MOD that does everything that I want, and that I really need to make my site work the way I need it to.  

Anwway, for whatever it is worth, here, partially is what he said this morning:

Quote from: Nikola
During this process I noticed the possible problem with a mod you had installed - Menu Editor Pro. Looks like that mod is adding quote some additional files to original default install of SMF, which on my first sight looks quite unprotected, and that fact plus the info that all of those files was most infected on server say that this exact mod can be (I'm still not 100% sure) the target and a way for hackers to "get in". I will inspect further with KKF case as well . . .

Have there been any other experiences like this lately with this MOD?

Aloha,

Rex
Khon Kaen, Thailand
 
http://www.MindBodyThailand.net
http://REBTinfo.info
« Last Edit: August 21, 2014, 11:12:40 pm by rexall »

Offline Labradoodle-360

  • Moderator
  • Full Member
  • *****
  • Posts: 156
    • View Profile
Re: Menu Editor Pro vulnerable to hacks/infections?
« Reply #1 on: September 01, 2014, 09:03:35 am »
Sorry for such a late reply.

First of all, no. There have been no other similar experiences with this modification, or any of my modifications. WordPress is known to be one of the biggest security hole filled software, while SMF is known for it's security, and my modification is an extension of that quality and security. I have had other good programmers review my code and none of them have come up with any security flaws - and I haven't seen or heard of any either.

If he has actual proof, I would love to see it. But I doubt there is any. It's way way more likely this is a WordPress vulnerability again.

Best Regards,
Matthew P. Kerle
 Former SMF Developer

Offline Lugo_PLC

  • Member
  • *
  • Posts: 2
    • View Profile
Re: Menu Editor Pro vulnerable to hacks/infections?
« Reply #2 on: November 05, 2014, 04:27:27 am »
thanks

Offline Labradoodle-360

  • Moderator
  • Full Member
  • *****
  • Posts: 156
    • View Profile
Re: Menu Editor Pro vulnerable to hacks/infections?
« Reply #3 on: November 10, 2014, 08:57:47 am »
You're welcome! Best of luck.

 

Related Topics

  Subject / Started by Replies Last post
3 Replies
4342 Views
Last post January 23, 2014, 10:55:55 am
by guest12036
5 Replies
7365 Views
Last post November 21, 2014, 11:31:08 pm
by SMFHacks
1 Replies
4962 Views
Last post October 23, 2015, 06:23:41 pm
by Labradoodle-360
4 Replies
6026 Views
Last post April 28, 2016, 02:53:14 pm
by Labradoodle-360
4 Replies
4549 Views
Last post June 26, 2016, 11:03:43 am
by Labradoodle-360

+- Recent Topics

No thumbnails on new uploads by SMFHacks
March 27, 2024, 02:10:41 pm

Display the Contact Page for guests by SMFHacks
March 27, 2024, 10:55:43 am

is it possible to add support for odysee.com by fvlog19
March 21, 2024, 08:47:51 am

Request for admin notification by davejo
March 10, 2024, 01:31:59 am

I need help with torrent upload by Ineedsmfhelp
March 09, 2024, 10:01:13 pm

an idea for new mod (( content type with different display )) by SMFHacks
February 27, 2024, 01:36:27 pm

[Mod] RSS Feed Poster by SMFHacks
February 27, 2024, 11:57:18 am

find duplicate pictures by fvlog19
February 14, 2024, 02:22:40 pm

Error uploading video. by SMFHacks
February 08, 2024, 02:04:16 pm

Gallery icon as last added image by fvlog19
February 01, 2024, 01:04:56 pm

Powered by EzPortal