Facebook  Twitter 

SMFHacks.com

+- +-

SMFHacks.com

+- User Information

Welcome, Guest.
Please login or register.
 
 
 
Forgot your password?

+- Forum Stats

Members
Total Members: 12373
Latest: AmiciKart®
New This Month: 9
New This Week: 1
New Today: 1
Stats
Total Posts: 39810
Total Topics: 7016
Most Online Today: 31
Most Online Ever: 2482
(April 09, 2011, 07:02:45 pm)
Users Online
Members: 0
Guests: 22
Total: 22

Author Topic: Menu Editor Pro vulnerable to hacks/infections?  (Read 4386 times)

0 Members and 1 Guest are viewing this topic.

Offline rexall

  • Newbie
  • *
  • Posts: 10
    • View Profile
    • Mind-Body Thailand
Menu Editor Pro vulnerable to hacks/infections?
« on: August 21, 2014, 11:10:41 pm »
Fri 22 Aug 2014, 10:56 am

Hello,

I have a minimal skill set, so I can't speak to this in an authoritative way, and I would have preferred to send this directly to Admin/Support, but there doesn't seem to be any easy way to do that, so here we are.

Recently my hosting account was attacked and all seven of my SMF & WordPress sites where seriously infected.  All but one was completely knocked out.  So far, it has taken a month and cost hundreds of dollars to begin to get cleaned and restored.  Early reports were that it was a vulnerability in a WordPress "Mail Poet" newsletter plugin.  Now my tech guy is saying something about Menu Editor Pro.  I hope he is wrong (or if he is right, that the mod can be hardened in some way)  because this is a really sweet MOD that does everything that I want, and that I really need to make my site work the way I need it to.  

Anwway, for whatever it is worth, here, partially is what he said this morning:

Quote from: Nikola
During this process I noticed the possible problem with a mod you had installed - Menu Editor Pro. Looks like that mod is adding quote some additional files to original default install of SMF, which on my first sight looks quite unprotected, and that fact plus the info that all of those files was most infected on server say that this exact mod can be (I'm still not 100% sure) the target and a way for hackers to "get in". I will inspect further with KKF case as well . . .

Have there been any other experiences like this lately with this MOD?

Aloha,

Rex
Khon Kaen, Thailand
 
http://www.MindBodyThailand.net
http://REBTinfo.info
« Last Edit: August 21, 2014, 11:12:40 pm by rexall »

Offline Labradoodle-360

  • Moderator
  • Full Member
  • *****
  • Posts: 156
    • View Profile
Re: Menu Editor Pro vulnerable to hacks/infections?
« Reply #1 on: September 01, 2014, 09:03:35 am »
Sorry for such a late reply.

First of all, no. There have been no other similar experiences with this modification, or any of my modifications. WordPress is known to be one of the biggest security hole filled software, while SMF is known for it's security, and my modification is an extension of that quality and security. I have had other good programmers review my code and none of them have come up with any security flaws - and I haven't seen or heard of any either.

If he has actual proof, I would love to see it. But I doubt there is any. It's way way more likely this is a WordPress vulnerability again.

Best Regards,
Matthew P. Kerle
 Former SMF Developer

Offline Lugo_PLC

  • Newbie
  • *
  • Posts: 2
    • View Profile
Re: Menu Editor Pro vulnerable to hacks/infections?
« Reply #2 on: November 05, 2014, 04:27:27 am »
thanks

Offline Labradoodle-360

  • Moderator
  • Full Member
  • *****
  • Posts: 156
    • View Profile
Re: Menu Editor Pro vulnerable to hacks/infections?
« Reply #3 on: November 10, 2014, 08:57:47 am »
You're welcome! Best of luck.

 

Related Topics

  Subject / Started by Replies Last post
3 Replies
2765 Views
Last post January 23, 2014, 10:55:55 am
by moltenbear
5 Replies
4801 Views
Last post November 21, 2014, 11:31:08 pm
by SMFHacks
1 Replies
2665 Views
Last post October 23, 2015, 06:23:41 pm
by Labradoodle-360
4 Replies
3895 Views
Last post April 28, 2016, 02:53:14 pm
by Labradoodle-360
4 Replies
2606 Views
Last post June 26, 2016, 11:03:43 am
by Labradoodle-360

+- Recent Topics

How to AVOID SEO Hit when Implementing PrettyURLs by SMFHacks
September 12, 2019, 08:50:42 pm

theme by SMFHacks
September 12, 2019, 07:10:51 am

Picture Edit by SMFHacks
August 27, 2019, 11:52:06 am

Getting an error while installing SMF Gallery Pro by SMFHacks
August 18, 2019, 06:54:37 pm

Hashtag Mod Install Error by SMFHacks
August 15, 2019, 08:17:45 am

Rotating Image URLs by SMFHacks
August 05, 2019, 04:26:57 pm

[Mod]Block Proxy VPN On Registration by SMFHacks
August 01, 2019, 10:42:37 pm

[Mod]Nofollow Signature Links by SMFHacks
July 30, 2019, 11:52:28 am

Thinking of getting Ad Seller Pro as well by ajac63
July 28, 2019, 04:46:34 am

Just some questions about Ad Management mod by ajac63
July 26, 2019, 12:12:26 pm

Powered by EzPortal