MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Security Management and Support > Vulnerability Scan
Full Version: Vulnerability Scan
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2

AlliedManiac

2012-02-16, 11:12 PM
? when i say 'unmanaged' i meant, they don't run it... they install and maybe config everything for me when i request it as they love me Smile

Anyway, i don't want to stay on shared hosting simply because its garbage.

Well, does any here know how to test these entries to hack a forum so we can fix it..

Nathan Malcolm

2012-02-16, 11:36 PM
First thing: Check the server access logs

It'll pretty much tell you exactly what they did to gain access.

AlliedManiac

2012-02-16, 11:39 PM
???? I was hacked when i was on shared hosting.. i am now with a different host and a server of my own. my passwords are all different if that matters and they are strong as even i have to look where i stored them to use them

kavin

2012-02-17, 01:42 AM
(2012-02-16, 11:39 PM)AlliedManiac Wrote: [ -> ]???? I was hacked when i was on shared hosting.. i am now with a different host and a server of my own. my passwords are all different if that matters and they are strong as even i have to look where i stored them to use them

So what's your problem now? You changed host so you don't have to worry about it much (as most probably your previous host got compromised).

Run a File verification test (Admin CP -> Tools and Maintenance -> File verification) and see if the hacker had planted something malicious in your files.

And make sure you have latest version of MyBB installed (1.6.6).
And if you have plugins installed, tell us the list.

- G33K -

2012-02-17, 01:52 AM
To add, to make sure you don't bring any contaminated files from your previous host, install the MyBB fresh on the new host using a fresh download from the site here, don't use any of the old host's files as you can not be sure whats been affected. Then once the new forum is installed, merge the old forum's database in to the new forum. This way you can be sure that the files are all clean.

AlliedManiac

2012-02-17, 01:57 AM
Well, i never said it was a problem so.. yeah

And i wanted to know how he could of done it and the main reason for this thread was to find a vulnerability scan.

The file are all there apart from install directory and sharepoint acp theme.. 1.6.6 is installed..

And i have alot of plugins.

http://gyazo.com/3476bae951daab014b9de5f59d795e75
http://gyazo.com/8886725418c68b67b5f5ae0535666b42
http://gyazo.com/a54189e93d3a2b8d53f48265b819bafe
http://gyazo.com/94f0ed3ccdecaa71efe02a5fbfb0490f

Its alot but still loads fast and server load is low so Smile

crazy4cs

2012-02-17, 09:57 AM
(2012-02-17, 01:57 AM)AlliedManiac Wrote: [ -> ]And i wanted to know how he could of done it and the main reason for this thread was to find a vulnerability scan.
There is no such vuln scanner in MyBB other than file verification and templates check. As you now have your own server and root access, you might want to install available linux server addons to check for basic shells like c99 and such ones.

Also install mod security.
Pages: 1 2
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Security Management and Support > Vulnerability Scan