It's Vlk, a global moderator from the Avast forums and a senior executive at Avast.
I'd like to jump in to this discussion and share my point of view.
First, I have to say that I really like SMF as we have relied on it for many years (and before that, used its predecessor, YaBB SE). During all those years, it served us really well and I'd like to thank all the good people who created and have maintained the product for their generosity,making the software available for free.
Now I think it's sort of pointless to blame each other, especially in public. If you found the statements we have released after the incident offensive, I apologize. The point we were making was that we were running SMF 2.0.6 (not upgrading to 2.0.7 because there were no security updates documented in this version). The server only had ports 80 and 443 open, and we're quite confident there was no other hole through which the attacker could possibly get in. Plus, when doing the post-mortem analysis, we found that hacker forum which talked about the RCE vulnerability in 2.0.6 (which we forwarded to you) and so our preliminary conclusion was that that must have been it.
I think it is really premature to draw any definitive conclusions at this time. We have now shared all the log files from the affected server with you (AFAIK) and would love to work with you on finding the real vector the attacker used for the hack.
Until then, I propose we stop any public commenting on the issue and move to private discussion / investigation. Of course, once this is finished, I'm certainly OK with sharing our findings with the general public.
Thanks,
Vlk
0 commentaires:
Enregistrer un commentaire