Is SMF vulnerable sofware?

tym busku

Neophyte
Joined
Jul 20, 2018
Messages
1
Hi ALL !
It seems more people are being hacked by these Turk groups.

When AAF was SMF right before the conversion to IP.Board, we were victim to the hacking. It didn't take a whole lot to recover from it but I do remember it was from the Turkish hackers.

Could it be SMF in general? Is there security flaws in the software?

Note: This isn't a bash to SMF, its an observation. Mature reponses requeste
 

zappaDPJ

Administrator
Joined
Aug 26, 2010
Messages
6,967
As far as I'm aware there no known vulnerabilities in the current version 2.0.15.
 

Pete

Flavours of Forums Forever
Joined
Sep 9, 2013
Messages
1,658
Correct, there are no known flaws in 2.0.15. We're talking 15 patches in 7 years - and not every single one of those was a security patch - 2.0.7/8 were mostly PHP 5.5+ compatibility changes, 2.0.14 was PHP 7+ compatibility.

The reality of attacks on SMF is mostly due to poor security practice on hosting environments, and/or password reuse. When Avast got hacked in 2014, it was a bad password combined with the ability to edit the theme code directly from the admin panel that was exploited, not any actual vulnerability.

Disclaimer: I have been on the SMF development team.
 

Oldcrow

Enthusiast
Joined
Dec 7, 2010
Messages
215
I have been using SMF for quiet a few years now, I have no problems with the security on it..Good passwords help..and stay updated.

Ron.
 

Daniel

Aspirant
Joined
Dec 14, 2018
Messages
22
When it comes down to it, I think just about any of the options you go with could potentially be vulnerable if a hacker was determined enough to try and find an exploit. However, I did find it interesting to read this thread seeing as I just put together a new community of my own using SMF and was a bit concerned until I read through the rest of the post :)
 
Top