1. Never talk with those who hacked you. Serves no purpose.
2. Do a full site dump for files and database.
3. Secure your site immediately. Even if it means a full file delete until you can restore a backup or clean files.
4. At HF you can't post dumps or even post that you are sharing a dump. PM me at HF and I'll take care of it quick or you can report it there to staff.
5. Everyone should remove the database backup feature in mybb. You can just delete the file ROOT/admin/modules/tools/backupdb.php IMHO it's more potential for abuse that use.
6. Keep backups for situations like this. I advise daily but at minimum once per week. Keep the backups local and off the server your host.
7. From CPANEL you should be able to do a site recovery and resecure all info. Easy enough to change your passwords and I suggest you secure your email account(s).
8. IP banning is nearly pointless. Don't bother with it.
FYI, there are security vulnerabilities in 1.6.4 but all of them are low risk. There are no vulnerabilities to cause this that we know of.
(2011-09-27, 07:37 AM)Tomm M Wrote: [ -> ]FYI, there are security vulnerabilities in 1.6.4 but all of them are low risk. There are no vulnerabilities to cause this that we know of.
So Alternat's website was hacked from his server (x10hosting) ?
Just simple things leads me to think that it won't be MyBB. For instance, if there was an SQL injection in 1.6.4 it wouldn't be Alternate's website being hacked - there are larger fish to fry.
The point of intrusion could be anywhere however - including plugins, an open unpatched phpMyAdmin, a contact form and even MyBB itself. That's why you should always investigate the hack before you start throwing fingers and accusations.
(2011-09-27, 01:04 AM)labrocca Wrote: [ -> ]1. Never talk with those who hacked you. Serves no purpose.
2. Do a full site dump for files and database.
3. Secure your site immediately. Even if it means a full file delete until you can restore a backup or clean files.
4. At HF you can't post dumps or even post that you are sharing a dump. PM me at HF and I'll take care of it quick or you can report it there to staff.
5. Everyone should remove the database backup feature in mybb. You can just delete the file ROOT/admin/modules/tools/backupdb.php IMHO it's more potential for abuse that use.
6. Keep backups for situations like this. I advise daily but at minimum once per week. Keep the backups local and off the server your host.
7. From CPANEL you should be able to do a site recovery and resecure all info. Easy enough to change your passwords and I suggest you secure your email account(s).
8. IP banning is nearly pointless. Don't bother with it.
I did not enable the database backup feature in mybb... but how else would you keep backups??
Manual tar, then ftp or whatever???
(2011-09-27, 02:49 PM)grndslm Wrote: [ -> ]I did not enable the database backup feature in mybb... but how else would you keep backups??
Manual tar, then ftp or whatever???
PHPMyAdmin backups are the best! Doing a backup directly from MyBB admin is an alternative way but it's not secure at all... If you have more than one admin on your board (means you're not the only one who manage things there), DELETE THAT FILE NOW!
If you want to backup your database, use PHPMyAdmin backups (if you have this on your server) or a CPanel full backup (if you can do that)...
+ (to the author) how do you know that your database was SQL injected? Did you trust what the hacker told you?
Just to clarify something:
Vulnerabilities or security issues on PHP5/MySQL are weak, Tomm just said that security issues on MyBB were low risk... So it's possibly coming from your host/FTP/cPanel (or any other control panel)/your login password/plugin
To everyone:
Please don't use a lot of plugins on your website, keep them up to date and delete those who aren't updated anymore... Deactivate and uninstall those who you don't
really need!
Never keep something you don't use on board! There's more chance to get hacked if you have 10.000 files than 200 files!
(2011-09-27, 02:49 PM)grndslm Wrote: [ -> ]I did not enable the database backup feature in mybb... but how else would you keep backups??
Manual tar, then ftp or whatever???
your hosting control panel does not allow backups? control panel backups backup the DB, files, email, etc. not just the DB like the MyBB backup does.
can you create cron jobs on your host? if so, setup a mysql dump job like:
mysqldump -ec --add-drop-table -uMYSQL_USER -pMYSQL_PASS DB_NAME > backup.sql
that will dump a .sql file with your DB in it. then about 15-30 minutes later, run another cron job
gzip -f1 -S .gz backup.sql
to compress the .sql and then remove that .sql file and leave the .gz version
(2011-09-27, 09:11 AM)Tomm M Wrote: [ -> ]Just simple things leads me to think that it won't be MyBB. For instance, if there was an SQL injection in 1.6.4 it wouldn't be Alternate's website being hacked - there are larger fish to fry.
The point of intrusion could be anywhere however - including plugins, an open unpatched phpMyAdmin, a contact form and even MyBB itself. That's why you should always investigate the hack before you start throwing fingers and accusations.
Yeah thanks, actually I got worried by this, With a Contact forum, I never heard about that, Hacking is really awesome (but its bad)
Quote:I did not enable the database backup feature in mybb... but how else would you keep backups??
It's not required to be enabled. If they stole your super admin account they can access it unless you purposely remove the file I mentioned. Even if your DB backup folder is not correctly chmod'd they can do a local sql file download.
And I wish MyBB would start a forum for "Forum Secuity" that would include help on hackings, backups, and account recovery. Most of these problems are outside the actual software and should not be part of official support.
We're having a team meeting very soon and topics like this usually are brought up and discussed labrocca. I'm sure some action or official opinion will come out of it.