Since I'm sure a few people noticed that we had been apparently "hacked" earlier this morning (I got a few messages on MSN stating it), here's some more information:
It appears SMF got hit with an auto-exploit bug in a feature we don't use on here; long story short, an index.html file (the one you saw when visiting this morning) was uploaded, giving the look that we were "hacked", since Apache serves up default directory pages in order (.html before .php). Luckily, after I woke up, it was easily removed, and I'll be spending some time this afternoon ensuring the hole has been (manually!) plugged. No database information was ever breached, as this was an exploit in the "image downloading" code.
More details at:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6375Any questions, comments, or concerns, send them in a PM.
