Main > Forum/Website Discussion

MALWARE WARNING

<< < (3/3)

saint:
Thanks! :)

ark_ader:
Got it again now in Main.  I wiped my PC and reinstalled (someone had my old password and sent me one of those pr0n threats and I think it has to do with the Experian hack a while ago) and I just logged into my scrubbed PC and Volia! Norton warning and I have Mcafee.

You are behind by 3 upgrades.

https://download.simplemachines.org/

Also are you locking new posts to new members still? 

Do you have another instance on a home server to apply the updates?

SMF 2.0.15                                                    November 19, 2017
===============================================================================

September 2017
 ! Fixed a minor $smcFunc bug in Search-Fulltext.php
 ! Fixed a saving Settings.php bools being reset bug
 ! Fixed a security issue (Reported by Daniel Le Gall from SCRT SA)

June 2017
-------------------------------------------------------------------------------
 ! Cache the admin search results in the session and avoid IE's 2083 character limit
 ! Fixed a Mark Board Read bug

May 2017
-------------------------------------------------------------------------------
 ! Fixed Proxy URLs not handling redirects properly due to case sensitivity
 ! Fixed SendTopic using incorrect Post data
 ! Fixed SSI.php having a bad login panel
 ! Fixed Maintenance Page having a double login button
 ! Fixed a minor unsigned int typo in MySQL DB
 ! Fixed Deprecated installer message for ftp_connection.
 ! Fixed a loop bug in custom search
 ! Fixed SM Stat collection
 ! Added SM Stat collection registration to the Admin Control Panel

SMF 2.0.14                                                         May 14, 2017
===============================================================================
 ! Updating session handlers
 ! Adding HTTPS
 ! fetch_web_data now uses cURL, falling back to sockets
 ! Ported image proxy support from SMF 2.1
 ! Also added HTTPS for avatars
 ! Added a simple exception handler
 ! Check session while logging in
 ! Sanitize some fields to help guard against XSS
 ! Validate email addresses with PHP’s filter method
 ! Fix search highlighting to not mangle/expose some HTML
 ! Fix password acceptance when special characters were used in UTF-8;
 ! Correct some random logic errors in the profile area
 ! Use ampersands instead of semi-colons for PayPal’s return link
 ! Fix sending multiple MIME-Version headers in notification mail
 ! Fix sending multipel Content-Type headers in all requests

SMF 2.0.13                                                      January 4, 2017
===============================================================================
 ! Some file versions didn't get modified in the 2.0.12 patch
 ! Added check and sanitization for $_REQUEST['u'] in LogInOut.php and Reminder.php
 ! Added check and sanitization for $_REQUEST['uid'] in Reminder.php
 ! Properly sanitize author's website for packages
 ! Added session check when uploading packages
 ! Added session check when copying template files from one theme to another
 ! The code to remove empty BBCode was sometimes breaking things (reported by @rjen; fix provided by Sesquipedalian)
 ! Remove hardcoded limits for safe_unserialize as it was causing cache problems
 ! Update the cal_max_year setting to 2030

SMF 2.0.12                                                         July 7, 2016
===============================================================================
 ! Fixed word censor injection by disallowing an empty 'proper word'
 ! Fixed vulnerable unserialize() code by converting all instances to safe_unserialize()
 ! Added a more thorough safe_unserialize() function to prevent object injection
 ! Fixed a bug where leaving a custom profile field blank on registration that has an email mask would throw an error
 ! Fixed PayPal integration to comply with the new forced SSL
 ! Fixed a bug where notifications were sent for messages in inaccessible boards
 ! Fixed editor to make the editor work with Microsoft Edge
 ! Fixed issue where smiley popup is blank on iOS 9 devices
 ! Fixed WYSIWYG editor in mobile devices
 ! Fixed an undefined $_POST['icon'] in Sources/Post.php
 ! Fixed a minor bug in Login2()
 ! Fixed an issue where SMF doesn't recognize new domain names and considers these as invalid
 ! Fixed an issue where SMF would allow empty BBC
 ! Fixed an issue where theme variants could not be selected
 ! Fixed an issue where the file version of Subs-Post.php could have been 2.0.8 or 2.0.11. It will be updated to 2.0.12 in either case.
 ! Updated copyright year to 2016

ark_ader:

--- Quote from: Malenko on January 23, 2019, 08:45:21 am ---
--- Quote from: saint on January 22, 2019, 08:35:07 pm ---Huh. Searched website URL, signature, and personal text on all users and didn't find it.... Hmmm...

--- End quote ---

could be a redirect or URL shortener. The easiest way to find it would be for Ark/slick to check their histories on threads visited and see which one is triggering it.

--- End quote ---

Main forum in our wonderful 1UpArcade thread.

Malenko:
do you know which page of that thread? Im assuming one of the last few

Navigation

[0] Message Index

[*] Previous page