Menu Editor Pro vulnerable to hacks/infections?

[rexall]

Fri 22 Aug 2014, 10:56 am

Hello,

I have a minimal skill set, so I can't speak to this in an authoritative way, and I would have preferred to send this directly to Admin/Support, but there doesn't seem to be any easy way to do that, so here we are.

Recently my hosting account was attacked and all seven of my SMF & WordPress sites where seriously infected.  All but one was completely knocked out.  So far, it has taken a month and cost hundreds of dollars to begin to get cleaned and restored.  Early reports were that it was a vulnerability in a WordPress "Mail Poet" newsletter plugin.  Now my tech guy is saying something about Menu Editor Pro.  I hope he is wrong (or if he is right, that the mod can be hardened in some way)  because this is a really sweet MOD that does everything that I want, and that I really need to make my site work the way I need it to.  

Anwway, for whatever it is worth, here, partially is what he said this morning:

During this process I noticed the possible problem with a mod you had installed - Menu Editor Pro. Looks like that mod is adding quote some additional files to original default install of SMF, which on my first sight looks quite unprotected, and that fact plus the info that all of those files was most infected on server say that this exact mod can be (I'm still not 100% sure) the target and a way for hackers to "get in". I will inspect further with KKF case as well . . .

Have there been any other experiences like this lately with this MOD?

Aloha,

Rex
Khon Kaen, Thailand
 
http://www.MindBodyThailand.net
http://REBTinfo.info

[Labradoodle-360]

Sorry for such a late reply.

First of all, no. There have been no other similar experiences with this modification, or any of my modifications. WordPress is known to be one of the biggest security hole filled software, while SMF is known for it's security, and my modification is an extension of that quality and security. I have had other good programmers review my code and none of them have come up with any security flaws - and I haven't seen or heard of any either.

If he has actual proof, I would love to see it. But I doubt there is any. It's way way more likely this is a WordPress vulnerability again.

Best Regards,
Matthew P. Kerle
 Former SMF Developer

[Lugo_PLC]

thanks

[Labradoodle-360]

You're welcome! Best of luck.