MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Security Management and Support > Forum Exploited Through Signature?
Full Version: Forum Exploited Through Signature?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2

BitzDefender

2012-02-23, 03:55 PM
On my forum, whenever I load this page:
http://mybbaddict.com/thread-why-mybb

It get a dialog box saying this:
[Image: e8806b.png]

I have never heard of http://moviehotel.net.
I think I know the user who committed this, he his a .php file as his signature image. He will be banned, but what is this? How can I prevent this? It was a .php file linked as an image.

StefanT

2012-02-23, 04:15 PM
(2012-02-23, 03:55 PM)BitzDefender Wrote: [ -> ]It was a .php file linked as an image.
Even a normal image within the protected directory will generate this message, it's not an exploit. You can't prevent this, everybody can set up a htaccess at any time.

BitzDefender

2012-02-23, 04:19 PM
Okay so no harm can be done? I just want to make sure it wasn't some kind of phishing attempt, or even any kind of malicious intent.

User 2877

2012-02-23, 04:54 PM
It should be harmless. But definitely remove the sig because every page with his sig will show that.

John J.

2012-02-23, 10:36 PM
Moviehotel.net is owned by fb29 his forum was hacked a few days ago dont trust those authentication boxes. it is a phising attempt thats what I've research you can do the same.

Johnny S

2012-02-23, 11:02 PM
(2012-02-23, 10:36 PM)John J. Wrote: [ -> ]Moviehotel.net is owned by fb29 his forum was hacked a few days ago dont trust those authentication boxes. it is a phising attempt thats what I've research you can do the same.

Do you allways spread BS like this? Password protected directory doesn't
allow user to access protected specified folder and content inside it (subfolders,files).You will be promoted with authentication window and if you enter correct pass/username you can enter that directory.


BitzDefender

2012-02-23, 11:03 PM
Ok so basically it is harmless, but was unintentional because the forum was hacked.

I've removed the signature.

John J.

2012-02-23, 11:08 PM
Yes, It is harmless but never trust authencation boxes, never put info in them.

Jason L.

2012-02-23, 11:27 PM
(2012-02-23, 11:08 PM)John J. Wrote: [ -> ]Yes, It is harmless but never trust authencation boxes, never put info in them.

So, my clients shouldn't login to their client area on my website and the secure area for my job I should never trust? Okay, thanks for telling me then! I won't touch them again. Dodgy

John J.

2012-02-23, 11:42 PM
(2012-02-23, 11:27 PM)WebOutfit Wrote: [ -> ]
(2012-02-23, 11:08 PM)John J. Wrote: [ -> ]Yes, It is harmless but never trust authencation boxes, never put info in them.

So, my clients shouldn't login to their client area on my website and the secure area for my job I should never trust? Okay, thanks for telling me then! I won't touch them again. Dodgy

No I'm not saying it that way. I'm saying if you see an unsuspected box then don't do it but if you know what the box is for then you can enter it and do your stuff.
Pages: 1 2
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Security Management and Support > Forum Exploited Through Signature?