MyBB Community Forums

Full Version: Bot has hacked my account?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Going to try and get Penhacks back up and on it's feet, but I have a little problem...

Somehow a bot has managed to access my account (wethegreenpeople, on http://forums.penhacks.net ) and has started to spam under my username. Removing my posting privileges, and changing my password (multiple times) has not helped and somehow this bot still manages to post as me.

MyBB is running the latest version, 1.6.7.

EDIT: Don't know if this makes a difference but the bot never posts in the chatbox as me?
That's odd. Did you have a strong password? Have you also changed your password since the bot gained access?
(04-16-2012, 03:03 PM)euantor Wrote: [ -> ]That's odd. Did you have a strong password? Have you also changed your password since the bot gained access?

Yes, I've changed my password 3 times since he's gotten access.

Also, I've just changed my username to see if that stops the bot. I figured if the bot is set up with my username/password then changing my username will temporarily stop him? I don't know....

EDIT: Would you like admin perms Euantor? I don't know if you'd be able to figure out what's going on from the ACP.
Technically, changing your password should stop him. Can you get his IP address at all? If you could, you could then check the access logs to see what exactly he's accessing - it could be caused by a faulty plugin or something afterall.

I don't need ACP access as of just yet. I'd rather narrow it down first.
Does the mybbuser cookie change on password change? All you need to post really is that and the post_key. Lemme look into that......
Your computer must be infected.

If you want to check the viruses in your computer you can visit "White hat help"
section on Hf they'll remove your virus for free.
(04-16-2012, 04:06 PM)Paul H. Wrote: [ -> ]Does the mybbuser cookie change on password change?
Yes, it does.
(04-16-2012, 03:54 PM)euantor Wrote: [ -> ]Technically, changing your password should stop him. Can you get his IP address at all? If you could, you could then check the access logs to see what exactly he's accessing - it could be caused by a faulty plugin or something afterall.

I don't need ACP access as of just yet. I'd rather narrow it down first.

I'll get his IP next time he posts. He hasn't posted since I've changed my user name...

(04-16-2012, 03:54 PM)euantor Wrote: [ -> ]you could then check the access logs to see what exactly he's accessing - it could be caused by a faulty plugin or something afterall.
How do I go about doing that? Been a while since I've touched MyBB Toungue

(04-16-2012, 05:38 PM)Mr.Kewl Wrote: [ -> ]Your computer must be infected.

If you want to check the viruses in your computer you can visit "White hat help"
section on Hf they'll remove your virus for free.
Then my other accounts would be accessed? Only thing that's been acting weird is my account on Penhacks.


EDIT: 6 hours and the bot hasn't posted yet. This is the longest that it's gone without posting. Seems like the username change worked for stopping it? I'd still like to know how he got account control though...
By checking the access logs, I mean your server access logs. Open it and do a simple Find for his IP address.
If you're pc is hacked he can have access to all your sites.

Few tips

Don't save passwords
Use keyscrambler
Install Malwarebytes
It's obviously not a bot, because bots can't hack and use your account.

I suggest you to install labrocca's plugin which shows last 5 ip from which your account was logged on from.