MyBB Community Forums

I can help you VG_KING...find me on AIM at FeeferGross

My board was hacked as well by a Turkish group. As far as I know I've fixed everything now. I was actually somewhat appreciative--it doesn't seem like he did anything destructive aside from losing a forum description that I had written. He even emailed me and told me the name and password of the administrator account that he had created and told me to upgrade to 1.1.4.

I hate to say it, but this is looking to me like a rather unprofessional operation.

A rather unprofessional operation in regards to what?

All we can do to notify users on a security update is post here - people will then download and analyze the changed files or changed download to see what we have fixed, then go on a rampage and exploit other boards not running patched copies. This also becomes a problem when people publicly post exploit information before we've had time to release a patch.

We can't do much about it overall - and I am very sorry to say that and hear of your boards being attacked.

What we can do - is help you get your board back to a working copy and we're more than happy to do that for you.

Chris Boulton Wrote:A rather unprofessional operation in regards to what?

All we can do to notify users on a security update is post here - people will then download and analyze the changed files or changed download to see what we have fixed, then go on a rampage and exploit other boards not running patched copies. This also becomes a problem when people publicly post exploit information before we've had time to release a patch.

We can't do much about it overall - and I am very sorry to say that and hear of your boards being attacked.

What we can do - is help you get your board back to a working copy and we're more than happy to do that for you.

Just the whole hack job. It's also strange that we all seem to be getting hacked by different people with different levels of severity.

I understand the difficulty with security holes in software this complex, of course. But it seems that there are a lot of security hole releases. :/

Have you ever gotten a security audit by one of those automated services that identifies all kinds of potential security holes? I develop PHP software as well, and someone from some university emailed me and gave me an automated security audit that pointed out about 14 potential security hooks. Very helpful.

hello dear
we found a new bug in MyBB
u can see exploit for hacking MyBB here:
http://www.milw0rm.com/exploits/1950
bug found by : IRC0D3r
by:
Iran Black Hats Team
we Love World
Islam Love you

That is the exploit floating around for 1.1.3, it does not affect 1.1.4.

Chris Boulton Wrote:That is the exploit floating around for 1.1.3, it does not affect 1.1.4.

i think a user who foroum was hacked is not 1.1.4. & it is 1.1.3
say to all upgrade their forum

That's what we have been doing.

DennisTT Wrote:That's what we have been doing.

because it is dangerus
we found 2 new bugs
1- in MyBB
2- DeluxeBB

any user can use exploit for hacked these system
like:
http://www.phpboards.be/forums/DeluxeBB/index.php

say to upgrade plz
bye

i have a question

user cp is:
http://example.com/mybb/usercp.php
where is admin cp?
is it?
http://example.com/mybb/admincp.php