MyBB Community Forums

Hello all!!

excuse me......
can you help us?
our lovely forum got hacked by pakistani hax0r


we have illegal activity in my log
they change my index forum(deface), login as admin.
but we got fix it...
and now...
we affraid they will come again,,

we think they use bug on 'codepress' to access our forum,
we use last mybb 1.6.5
this our log
[attachment=25008]

how to solve this case?
please analyze.....
then contact me,
[email protected]

sorry for my bad languages.......

best-regards
./cunthel

CodePress has nothing to do with it.

By the looks if it they have access to your email account, reset the password, logged in, then edited the index template.

they aren't yet access our admin email.. but, admin ucp was change to they email address (please see log n what do you think?, i don't how can it be, i think they reset admin ucp pass from here)

coincidence we are monitoring, so we know the changes. then we have managed to fix it to original, n change email too....
we still affraid if they can access again...

You should make a backup daily of your forum so you can always go back and restore it.

Did the admin account belong to you and was accessed from your computer?
If so, check to see wether you don't have a keylogger installed, that will hinder all your attempts at changing the passwords, cause any changes will be emailed back to them.

(2011-12-12, 11:45 PM)Cgallagher21 Wrote: [ -> ]You should make a backup daily of your forum so you can always go back and restore it.

i have do it, thanks for advise sir

(2011-12-12, 11:48 PM)rubsone Wrote: [ -> ]Did the admin account belong to you and was accessed from your computer?
If so, check to see wether you don't have a keylogger installed, that will hinder all your attempts at changing the passwords, cause any changes will be emailed back to them.

i guess not, i was check with many av scanner n the result is negative
if there is keylog, my email account must be take away too, but it did not happen...

please see our log again that i attach on 1st post, n what do you think,,
thanks before..

You will need some other scanner for keyloggers such as the completely free SpyBot Search&Destroy or MalwareBytes since most antiviruses will fail in detecting them.

However: if they did gain access to your password... did you share you admin account login data, do you have worthy staff members?

Also, why do I have the impression that you own a hacking website?

Yeah this does have something to do with code press. The attacker somehow went into your codepress file and edited something because i just looked at my computer and search it there a file in the mybb called codepress/codepress-mybb.

Do you have FBConnect plugin installed?

(2011-12-13, 01:50 AM)John J. Wrote: [ -> ]Yeah this does have something to do with code press. The attacker somehow went into your codepress file and edited something because i just looked at my computer and search it there a file in the mybb called codepress/codepress-mybb.

That's completely incorrect. CodePress is client side javascript and CSS, nothing more.

Those resources are in the log file because they were requested by the browser. Specifically when the attacker logged in and edited the template.