email "sent from the forum" hacked & upgrade (General)
We've been using MLF for quite some time and we like it a lot.
The other day I got a bounced email that was sent from the forum. It was spam, a message full of links.
What bothers me it that the sender was spoofed. Also, since the signature line: This e-mail has been sent via the forum on {link here} was present it looks like the spammer somehow used the forum to send his spam.
When digging through my mail delivery reports on the server I only found this one email. The sender was the default email address for the forum.
I temporarily took the forum online because I don't want to get my mail server blacklisted. BTDT (bad user) and getting the server removed from blacklists is a major pain.
When I checked the forum version I found out I'm running a really old version, 2.33.
My questions:
1. Is this a known issue in version 2.33?
2. If yes, will update to the latest 2.37 (beta2?) fix this security hole
3. If the update will fix the problem how do I update?
Assuming updating will solve my problem, do I have to update to 2.34, 2.35, 2.36 before I update to 2.37 or can it be done in one update?
Or is it easier to do a fresh install and use the present database so I will retain users and messages?
Thanks in advance!