On Wed, Jan 27, 2010 at 10:37 AM, Marc Weustink <[email protected]>wrote: > > The "infection" is removed. We're currently investigating where it came > from. > The smf forum was uptodate (1.1.11). Unfortunately when restoring things, > a previous index.php was used, which reports the older version. (which is > the only diff of the file) > > I fear the ease of the update process made it also possible to write new > contents. > > Marc > > I don't see how the ease of the update process would give hackers an advantage... after all, you still have to have an admin account to perform that activity.
Keep in mind: 1. An outdated index.php could be a possible culprit, if it had any security vulnerabilities with it (although I highly doubt this) 2. Any mods installed may have vulnerabilities 3. If the person updating the forum to 1.1.11 ignored warning messages about files not being writable, etc, there may still be an outdated file with a vulnerability from 1.1.10 4. SMF doesn't necessarily have to be the culprit. Exploits in other software may have given the intruder file/ftp access, allowing him to change any files anywhere.
-- _______________________________________________ Lazarus mailing list [email protected] http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
