email "sent from the forum" hacked & upgrade (General)

by Homie, Sunday, December 11, 2016, 15:56 (343 days ago)

We've been using MLF for quite some time and we like it a lot.

The other day I got a bounced email that was sent from the forum. It was spam, a message full of links.
What bothers me it that the sender was spoofed. Also, since the signature line: This e-mail has been sent via the forum on {link here} was present it looks like the spammer somehow used the forum to send his spam.
When digging through my mail delivery reports on the server I only found this one email. The sender was the default email address for the forum.

I temporarily took the forum online because I don't want to get my mail server blacklisted. BTDT (bad user) and getting the server removed from blacklists is a major pain.

When I checked the forum version I found out I'm running a really old version, 2.33.

My questions:

1. Is this a known issue in version 2.33?
2. If yes, will update to the latest 2.37 (beta2?) fix this security hole
3. If the update will fix the problem how do I update?

Assuming updating will solve my problem, do I have to update to 2.34, 2.35, 2.36 before I update to 2.37 or can it be done in one update?
Or is it easier to do a fresh install and use the present database so I will retain users and messages?

Thanks in advance!


Complete thread:

 RSS Feed of thread

powered by my little forum