I woke up this morning and visited my forum only to see that my account had been banned?... I logged into my ACP using a different account I created just in case something like this ever happened and somehow two users were administrators and they had banned both my one staff member and I? I've been trying to unban my account but it says I can't because I'm not a super administrator....
What do I do? How did they do this?
Edit: And I've looked up the person who did it... It's the same person that hacked my forum previously... What is going on?
Edit 2: I've made myself a super administrator through /inc/config.php I'm still wondering how they got into my forum though and how they made themselves administrators... Someone please point me in the right direction of securing my forum, I thought it was more secure than last time but obviously it wasn't.
Thank you Ranjani, I've bookmarked these and I'm going over them now.
If i'm not wrong, they would need your server login (FTP or database) to remove you from being super admin.
In that case, you should change panel login too.
(2011-07-30, 04:29 PM)kavin Wrote: [ -> ]If i'm not wrong, they would need your server login (FTP or database) to remove you from being super admin.
In that case, you should change panel login too.
No, because I was hacked previously and linked to Matt's blog post about securing your forum, I had created two different accounts, one that was an administrator and one that was originally the root that I had demoted for security purposes. The administrator now wasn't a super administrator because I wasn't aware that I had to add the user ID in /inc/config.php. Anyways, I've done that now and I've followed all of the things mentioned in those two links... Hopefully my forum is more secure than it was, because I don't want this happening again.
Also bear in mind that MyBB isn't the one and only way someone could hack you. Your plugins could have vulnerabilities, it could be an issue with the host, it could be another site on your server got hacked if you're on shared hosting, could be any number of things.
(2011-07-30, 10:34 PM)MattRogowski Wrote: [ -> ]Also bear in mind that MyBB isn't the one and only way someone could hack you. Your plugins could have vulnerabilities, it could be an issue with the host, it could be another site on your server got hacked if you're on shared hosting, could be any number of things.
That's what I was thinking to... I think my plugins are okay, they're all from the MyBB site with the exception of the MyAwards plugin from MyBB Central which is pretty well known... Though, I think it could possibly be my hosting provider because this is the second time the
same person has hacked my website... But the catch is, it's a different website, it wasn't the same one he hacked before,
and he said he got me "again"... So I'm not sure. I'm definitely thinking about migrating to a new host.