MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > Someone just hacked my MyBB forum
Full Version: Someone just hacked my MyBB forum
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2

GunnerAIO

2012-05-10, 01:13 PM
It appears someone has somehow managed to hack my MyBB forum and change an administrator password that was originally a very strong, all access has been immediately blocked via .htaccess by me for safety.

How do I look at all the admin logs *remotely to see the IP address responsible?

to help prevent this happening again, how do I make all admin account invisible to any user?

Edit:
False alarm.. it was my own dumb fault.. I set login details to email & password from username instead of both, I use a javascript to generate a different login menu that keeps first field set as 'username'.... whoops. Sorry.

Yaldaram

2012-05-10, 01:30 PM
If they hacked through FTP then you can't view it in admin logs. Have you saw error logs ??

For future prevention, install this: ttp://mods.mybb.com/view/admin-cp-honeypot and or
http://www.mybbsecurity.net/topic-secure...n-key-smak
http://www.mybbsecurity.net/topic-add-se...-acp-login

rzoneph

2012-05-10, 01:35 PM
thanks for this yaldaram. ill put it in too..

GunnerAIO

2012-05-10, 01:49 PM
How could someone hack through ftp? When regular FTP is disabled. I'm going through the mysql.. where's the password data for users? I need to manually set the password in mysql.

Edit:
False alarm.. it was my own dumb fault.. I set login details to email & password from username instead of both, I use a javascript to generate login menu that keeps first field as username.... whoops. Sorry.

WINBOY

2012-05-10, 02:29 PM
i had rename admin directory and upload fake admin directory fro admin honeypot...
than how can login to admin cp.
it give all time invalid details.
help me.

pavemen

2012-05-10, 02:42 PM
you need to edit the config.php file in /inc and change the admin folder setting

WINBOY

2012-05-10, 02:47 PM
(2012-05-10, 02:42 PM)pavemen Wrote: [ -> ]you need to edit the config.php file in /inc and change the admin folder setting

1...what to edit in config.php
2....what to change admin folder setting? default permission is 755

please give easy answer, i cant understand what to do?

Yaldaram

2012-05-10, 02:55 PM
Open ./inc/config.php and find;
$config['admin_dir'] = 'admin';
and Change admin to the name you used for the new admin directory.

WINBOY

2012-05-10, 02:58 PM
thanks......

Frank.Barry

2012-05-10, 03:14 PM
Another method would be to:

1. Change you admin directory name.
2. Open ./inc/config.php and find (replace admin to your new directory name):

Quote:$config['admin_dir'] = 'admin';

3. Create a new folder called "admin" in your forum root, place an empty index.php file inside it.
Pages: 1 2
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > Someone just hacked my MyBB forum