Wow, where have I been?
[edit]
http://www.simplemachines.org/community/index.php?topic=309717.0ahh, good to know
[/edit]
[edit2]
-a- this is much too alarmist and generalized without linking to any information about the attacks.
-b- the recent attacks he's talking about only effect older versions of SMF v2.0
not v1.1.8... and only with certain combinations of older versions of Apache, PHP, and MySQL... In most of the attacks, SMF was not the hole, just a victim of the payload.
so even though attachments don't get used much around these parts, they don't have to be disabled. nor do avatars. there are currently zero known exploits for v1.1.8.
but his suggestion to have "Stop Spammer" mod is a good one. I'm running it on several forums I admin and it's great. reCaptcha isn't really needed if you set the already built in SMF captcha to it's highest strength. I've only had maybe 3-4 spam-bots get by it, and they have all been caught by Stop Spammer.
[/edit2]
[edit3]
this looks really good
http://www.hardened-php.net/suhosin/[/edit3]
[edit4]
ah, it appears that doesn't always help, and yes v1.1.8 was exploited, but through other holes. i wonder if this is a botnet thing. i don't see how one guy could be so dang busy.
[/edit4]
