MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Security Management and Support > Help me protect my forum
Full Version: Help me protect my forum
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2

hddt

2012-04-22, 10:30 AM
Hi all,

My forum was attacked. Hacker can edit infomations, such as they can freely add Reputation for any account, change the title group of a user. I'm using Thanks 3.9.1 plugin, and hacker can take all member account to the thanks list of his post,... and may be others things which I've not found yet.

Please help me to solve the problems and get more security.

Thank you!

Echo Off

2012-04-22, 11:02 AM
(2012-04-22, 10:30 AM)hddt Wrote: [ -> ]Hi all,

My forum was attacked. Hacker can edit infomations, such as they can freely add Reputation for any account, change the title group of a user. I'm using Thanks 3.9.1 plugin, and hacker can take all member account to the thanks list of his post,... and may be others things which I've not found yet.

Please help me to solve the problems and get more security.

Thank you!

Disable and uninstall all plugins, And delete the user directly from the database with phpMyAdmin.

Euan T

2012-04-22, 11:28 AM
Also, change all your passwords (mysql, user etc).

hddt

2012-04-28, 09:46 AM
Thank you euantor and Echo Off!

That's a SQL injection error from a plugin and it's fixed.

I had still problems, hacker added very much reputations using my Admin account to his account. I'm using this Thanks plugin, hacker take all members of forum to his post thank list

For some delicate reasons, I can't delete his account. I asked him but he said that he couldn't undo his actions.

Can I edit the Reputation and Thanks count of a user account?

Thank you!

Euan T

2012-04-28, 09:49 AM
Yes, you should be able to edit it via phpmyadmin at the very least.

hddt

2012-04-28, 10:02 AM
Thank you, I will study to find out the way to do, because I'm not proficient in code Smile.

Josh H.

2012-04-28, 04:27 PM
Run the following in phpMyAdmin
DELETE FROM mybb_users WHERE username = 'HackerUsername';

Or if you know the uid
DELETE FROM mybb_users WHERE uid = 'HackerUID';

If the hacker made posts, run the second query, but replace mybb_users with posts and/or mybb_threads.

mattias

2012-04-29, 03:40 PM
Do you have a backup of your forum?

Echo Off

2012-04-30, 03:34 AM
Just simply naviagte through your phpMyAdmin, and go to the mybb users, and then find his username, and on that row, delete his details. If that does not work, He has probably done something to the database, so try checking and fixing the table in phpMyAdmin.

hddt

2012-05-03, 11:19 AM
Thank you all for your support. I solved the problems Smile.
Pages: 1 2
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Security Management and Support > Help me protect my forum