The Simple Machines Team has recently identified and patched an attack against all versions of SMF. The development team has fixed the underlying issue to ensure this type of attack can not re-occur. SMF 1.0.17, SMF 1.1.9 and SMF 2.0 RC1.1, have been released as a result.
Symptoms of an infected forum may include:
* A member with a very small (1x1 pixels) white avatar with .jpg extension
* Random spam links in the theme that can be found by viewing the source in your browser
* An extra theme being added to the database, usually with ID = 32
You can use kb_scan.php to clean up your site if it has been infected. You can download the file here:
http://www.simplemachines.org/community/index.php?action=dlattach;topic=313201.0;attach=99932
You can read the topic here:
http://www.simplemachines.org/community/index.php?topic=313201
Thank you.
for information, now i'm used v.2.0