Is SMF vulnerable sofware?

Discussion in 'SMF' started by tym busku, Jul 20, 2018.

  1. tym busku

    tym busku Neophyte

    1
    1
    +0
    Hi ALL !
    It seems more people are being hacked by these Turk groups.

    When AAF was SMF right before the conversion to IP.Board, we were victim to the hacking. It didn't take a whole lot to recover from it but I do remember it was from the Turkish hackers.

    Could it be SMF in general? Is there security flaws in the software?

    Note: This isn't a bash to SMF, its an observation. Mature reponses requeste
     
  2. zappaDPJ

    zappaDPJ Administrator

    6,348
    1,342
    +4,736
    As far as I'm aware there no known vulnerabilities in the current version 2.0.15.
     
  3. Pete

    Pete Flavours of Forums Forever

    1,773
    227
    +601
    Correct, there are no known flaws in 2.0.15. We're talking 15 patches in 7 years - and not every single one of those was a security patch - 2.0.7/8 were mostly PHP 5.5+ compatibility changes, 2.0.14 was PHP 7+ compatibility.

    The reality of attacks on SMF is mostly due to poor security practice on hosting environments, and/or password reuse. When Avast got hacked in 2014, it was a bad password combined with the ability to edit the theme code directly from the admin panel that was exploited, not any actual vulnerability.

    Disclaimer: I have been on the SMF development team.
     
    • Like Like x 1
    • Agree Agree x 1
    • List
  4. Oldcrow

    Oldcrow Enthusiast

    248
    63
    +35
    I have been using SMF for quiet a few years now, I have no problems with the security on it..Good passwords help..and stay updated.

    Ron.
     
Verification:
Draft saved Draft deleted
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.