Please subscribe to this thread for security updates.
Any user who gets a prompt which looks like the below screenshot please do not input your login details. If you have already done so please change your password and PM us. We will see whether your profile is affected or not.
The user passwords are hashed and salted therefore we can reasonably assume that the attacker has no access to any login credentials unless you have input your login details yourself into the above popup. A user has exploited a forum software bug to upload an executable PHP script. This was made possible after we upgraded the forum from shared hosting to a dedicated server.
Please report any suspicious threads, links, users, or user signatures, especially if the user signatures include a link to a picture.
If anybody notices anything else suspicious please notify us.
Edit 1:
For security purposes we have disabled pictures in profile signatures completely until we find the software fix for the smf bug.
Edit 2:
For security purposes we have now disabled certain tags in the profile signatures too.
Edit 3:
So far we have found only 2 users who have been affected by this attack. We are going through the server logs. Please PM us if you stumble upon any user signatures with broken picture links.
Topic: Security Warning: Please read (Read 1657 times)
