Is SMF vulnerable sofware?

[tym busku]

Hi ALL !
It seems more people are being hacked by these Turk groups.

When AAF was SMF right before the conversion to IP.Board, we were victim to the hacking. It didn't take a whole lot to recover from it but I do remember it was from the Turkish hackers.

Could it be SMF in general? Is there security flaws in the software?

Note: This isn't a bash to SMF, its an observation. Mature reponses requeste

 

[zappaDPJ]

As far as I'm aware there no known vulnerabilities in the current version 2.0.15.

 

[Pete]

Correct, there are no known flaws in 2.0.15. We're talking 15 patches in 7 years - and not every single one of those was a security patch - 2.0.7/8 were mostly PHP 5.5+ compatibility changes, 2.0.14 was PHP 7+ compatibility.

The reality of attacks on SMF is mostly due to poor security practice on hosting environments, and/or password reuse. When Avast got hacked in 2014, it was a bad password combined with the ability to edit the theme code directly from the admin panel that was exploited, not any actual vulnerability.

Disclaimer: I have been on the SMF development team.

 

[Oldcrow]

I have been using SMF for quiet a few years now, I have no problems with the security on it..Good passwords help..and stay updated.

Ron.

 

[Daniel]

When it comes down to it, I think just about any of the options you go with could potentially be vulnerable if a hacker was determined enough to try and find an exploit. However, I did find it interesting to read this thread seeing as I just put together a new community of my own using SMF and was a bit concerned until I read through the rest of the post