Facebook  Twitter 

SMFHacks.com

+- +-

SMFHacks.com

+- User Information

Welcome, Guest.
Please login or register.
 
 
 
Forgot your password?

+- Forum Stats

Members
Total Members: 12349
Latest: SUCCESSForum
New This Month: 1
New This Week: 1
New Today: 0
Stats
Total Posts: 40048
Total Topics: 7051
Most Online Today: 29
Most Online Ever: 2482
(April 09, 2011, 07:02:45 pm)
Users Online
Members: 0
Guests: 25
Total: 25

Author Topic: Menu Editor Pro vulnerable to hacks/infections?  (Read 4508 times)

0 Members and 1 Guest are viewing this topic.

Offline rexall

  • Newbie
  • *
  • Posts: 10
    • View Profile
    • Mind-Body Thailand
Menu Editor Pro vulnerable to hacks/infections?
« on: August 21, 2014, 11:10:41 pm »
Fri 22 Aug 2014, 10:56 am

Hello,

I have a minimal skill set, so I can't speak to this in an authoritative way, and I would have preferred to send this directly to Admin/Support, but there doesn't seem to be any easy way to do that, so here we are.

Recently my hosting account was attacked and all seven of my SMF & WordPress sites where seriously infected.  All but one was completely knocked out.  So far, it has taken a month and cost hundreds of dollars to begin to get cleaned and restored.  Early reports were that it was a vulnerability in a WordPress "Mail Poet" newsletter plugin.  Now my tech guy is saying something about Menu Editor Pro.  I hope he is wrong (or if he is right, that the mod can be hardened in some way)  because this is a really sweet MOD that does everything that I want, and that I really need to make my site work the way I need it to.  

Anwway, for whatever it is worth, here, partially is what he said this morning:

Quote from: Nikola
During this process I noticed the possible problem with a mod you had installed - Menu Editor Pro. Looks like that mod is adding quote some additional files to original default install of SMF, which on my first sight looks quite unprotected, and that fact plus the info that all of those files was most infected on server say that this exact mod can be (I'm still not 100% sure) the target and a way for hackers to "get in". I will inspect further with KKF case as well . . .

Have there been any other experiences like this lately with this MOD?

Aloha,

Rex
Khon Kaen, Thailand
 
http://www.MindBodyThailand.net
http://REBTinfo.info
« Last Edit: August 21, 2014, 11:12:40 pm by rexall »

Offline Labradoodle-360

  • Moderator
  • Full Member
  • *****
  • Posts: 156
    • View Profile
Re: Menu Editor Pro vulnerable to hacks/infections?
« Reply #1 on: September 01, 2014, 09:03:35 am »
Sorry for such a late reply.

First of all, no. There have been no other similar experiences with this modification, or any of my modifications. WordPress is known to be one of the biggest security hole filled software, while SMF is known for it's security, and my modification is an extension of that quality and security. I have had other good programmers review my code and none of them have come up with any security flaws - and I haven't seen or heard of any either.

If he has actual proof, I would love to see it. But I doubt there is any. It's way way more likely this is a WordPress vulnerability again.

Best Regards,
Matthew P. Kerle
 Former SMF Developer

Offline Lugo_PLC

  • Newbie
  • *
  • Posts: 2
    • View Profile
Re: Menu Editor Pro vulnerable to hacks/infections?
« Reply #2 on: November 05, 2014, 04:27:27 am »
thanks

Offline Labradoodle-360

  • Moderator
  • Full Member
  • *****
  • Posts: 156
    • View Profile
Re: Menu Editor Pro vulnerable to hacks/infections?
« Reply #3 on: November 10, 2014, 08:57:47 am »
You're welcome! Best of luck.

 

Related Topics

  Subject / Started by Replies Last post
3 Replies
2836 Views
Last post January 23, 2014, 10:55:55 am
by moltenbear
5 Replies
4990 Views
Last post November 21, 2014, 11:31:08 pm
by SMFHacks
1 Replies
2758 Views
Last post October 23, 2015, 06:23:41 pm
by Labradoodle-360
4 Replies
3985 Views
Last post April 28, 2016, 02:53:14 pm
by Labradoodle-360
4 Replies
2725 Views
Last post June 26, 2016, 11:03:43 am
by Labradoodle-360

+- Recent Topics

[Mod]Avatars Display Integration by SMFHacks
February 15, 2020, 07:30:47 pm

[Mod]BBC Message Boxes 1.0 by SMFHacks
February 15, 2020, 07:26:46 pm

[Mod]Stack Trace by live627 by SMFHacks
February 15, 2020, 07:21:33 pm

Stripe Integration by SMFHacks
February 08, 2020, 10:55:29 pm

SMF Store 4.0 Released by SMFHacks
January 26, 2020, 12:11:56 pm

Order of photos by D4611001
January 21, 2020, 12:06:36 pm

Cannot install by SMFHacks
January 18, 2020, 09:40:56 pm

Call to undefined function mysql_query() by SMFHacks
January 18, 2020, 02:06:47 pm

English British Translation file by HAL9000
January 17, 2020, 05:44:28 pm

Characters dispayed as boxes by SMFHacks
January 16, 2020, 07:21:51 am

Powered by EzPortal