Well yesterday night my forum got randomly attacked by nazi hackers. After a few seconds my site refreshes to meatspin.com So I spent all night fixing the broken forum. Today my website was good until 10 minutes ago when my site got attacked where I was just banned off my forum. After unbanning myself they said they wrote a code in my header which said Mybb security requires you to fix your database download index.exe to fix. I fixed it and then they just made my index redirect to meatspin. Fixing that I then looked at the control panel seeing both the admin and my account were both not possessing admin privileges. I deleted my forum and reinstalled it to repair but these security issues still are hurting me and such. Why are they attacking me? I didnt do anything to hurt anyone. I would like to know also how to make my forum more secure.
Hi there,
You should not execute any executables from them. I'd imagine they look to steal passwords from you.
Run a scan with a quality antimalware program (Malwarebytes, etc). If you confirm that your computer is clean, proceed to change ALL passwords (cPanel, FTP account(s), admincp, MySQL user).
Then go to your ACP and run File Verification in the tools section. If you have not knowingly modified a file, then replace it with one from a fresh MyBB download.
Also check config.php or init.php for any suspicious code (gibberish, looks encrypted). Often times hackers will edit config.php and paste a backdoor after a few thousand space lines.
If nothing suspicious turns up, then check your htaccess file for any abnormal redirects.
If you need any clarification, feel free to let me know and I will be very happy to help you!
Also check your access logs to see if you can track down their IP addresses. If so, deny them in cPanel.
problem is I cant reinstall my forum,cause when i do they will instantly attack my site again. I've been deleting all their hidden code and such and have a clean backup of the forum, im just wondering how can I stop them from getting into my site.
check your access logs to see how they are getting in
all i know is from checking logs is they made an account with fake email but somehow got authorized without using email. Then they somehow hacked the admin account and started doing their troubles. idk how they uploaded an exe to my website though
If they uploaded an exe they must have ftp access?
how though, the only way to get ftp is by getting cpanel account. Also my friend told me a few weeks ago this group, the same hacking me hacked mybb software and are attacking mybb forums is this true?
Since its not mentioned, contact your host.
Unless you host yourself.
I know its weird but why contact my host? I installed and set up mybb myself. This is only happening to my site with the use of mybb.
They should be able to stop them.