MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > Forum in version 1.6.6 was hacked
Full Version: Forum in version 1.6.6 was hacked
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Sector

2012-04-17, 01:58 AM
I got some trolls who managed to make themselves Admins and almost banned me from my own forum.

Admin log has no entry regarding that.
cPanel was not violated.

So, the forum has an exploit.

Plugins installed:
Ajax PM Notification (1.8.1)
Profilefields On Postbit (1.0) - not working
Fit on Page (2.3)
MyShoutbox (1.7)
MyTheme (2.0)
Template Conditionals (1.5)
ProStats /proʊˈstæts/ (1.9.4)
Rules (v1.2)
Thank You/Like System (1.5)

I don't think I'll be so lucky next time. Webhost told me that it was myBB fault and after seeing logs I believe it was.

This is not funny at all, I seriously fear for the security of me and my users.

Tomm M

2012-04-17, 07:35 AM
The newest release is MyBB 1.6.7.

If it was MyBB's fault, then please provide us with the log which proves the intrusion method and we'll investigate it straight away; you can post it in the Private Inquiries forum.

Detonate

2012-04-18, 03:34 AM
He is right my forum has been hacked 4 times. They somehow got my acp info and changed pass to my own forum and acted like it was me and changed all my Webhosting info but i got it back.

Tomm M

2012-04-18, 07:38 AM
There are no known exploits for MyBB 1.6.7 that could elevate a user's permissions. Without a proof of concept (POC) we can't investigate them either.

If you're a victim of hacking a few times, then chances are they have installed a shell or backdoor which will allow them to quickly overtake the forum again and again. A security inspection of your file system could turn up something like this.

BreShiE

2012-04-18, 07:53 AM
(2012-04-18, 07:38 AM)Tomm M Wrote: [ -> ]There are no known exploits for MyBB 1.6.7 that could elevate a user's permissions. Without a proof of concept (POC) we can't investigate them either.

If you're a victim of hacking a few times, then chances are they have installed a shell or backdoor which will allow them to quickly overtake the forum again and again. A security inspection of your file system could turn up something like this.

If this is the case ^

Scan for files such as "c99.php" on your webhost, that would allow whoever added the shell to your site, to be able to upload files without your permission.

Johnny S

2012-04-18, 11:04 AM
Quote:somehow got my acp info and changed pass to my own forum and acted like it was me and changed all my Webhosting info

I'm not really a web host security expert but how can someone change your webhosting info (if that info is your hosting password,personal informations like name and surname,date of birth...)if you can only change forum url,cookies and domain (and account password ofc) from mybb admin cp ?
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > Forum in version 1.6.6 was hacked