MyBB Community Forums

Full Version: Someone just hacked my MyBB forum
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2
It appears someone has somehow managed to hack my MyBB forum and change an administrator password that was originally a very strong, all access has been immediately blocked via .htaccess by me for safety.

How do I look at all the admin logs *remotely to see the IP address responsible?

to help prevent this happening again, how do I make all admin account invisible to any user?

Edit:
False alarm.. it was my own dumb fault.. I set login details to email & password from username instead of both, I use a javascript to generate a different login menu that keeps first field set as 'username'.... whoops. Sorry.
If they hacked through FTP then you can't view it in admin logs. Have you saw error logs ??

For future prevention, install this: ttp://mods.mybb.com/view/admin-cp-honeypot and or
http://www.mybbsecurity.net/topic-secure...n-key-smak
http://www.mybbsecurity.net/topic-add-se...-acp-login
thanks for this yaldaram. ill put it in too..
How could someone hack through ftp? When regular FTP is disabled. I'm going through the mysql.. where's the password data for users? I need to manually set the password in mysql.

Edit:
False alarm.. it was my own dumb fault.. I set login details to email & password from username instead of both, I use a javascript to generate login menu that keeps first field as username.... whoops. Sorry.
i had rename admin directory and upload fake admin directory fro admin honeypot...
than how can login to admin cp.
it give all time invalid details.
help me.
you need to edit the config.php file in /inc and change the admin folder setting
(2012-05-10, 02:42 PM)pavemen Wrote: [ -> ]you need to edit the config.php file in /inc and change the admin folder setting

1...what to edit in config.php
2....what to change admin folder setting? default permission is 755

please give easy answer, i cant understand what to do?
Open ./inc/config.php and find;
$config['admin_dir'] = 'admin';
and Change admin to the name you used for the new admin directory.
thanks......
Another method would be to:

1. Change you admin directory name.
2. Open ./inc/config.php and find (replace admin to your new directory name):

Quote:$config['admin_dir'] = 'admin';

3. Create a new folder called "admin" in your forum root, place an empty index.php file inside it.
Pages: 1 2