(2012-06-25, 07:11 PM)labrocca Wrote: [ -> ]I always delete the admincp backup file.
/admin/modules/tools/backupdb.sql
It's still possible to get a backup if they have a shell installed but not if they simply broke into your admincp with a RAT or some other method.
I think you mean backupdb.php.
Also deleting the backup database task is a good idea too.
I think I'll do that too... That's a really good idea that I missed.
(2012-06-25, 07:22 PM)Nathan Malcolm Wrote: [ -> ] (2012-06-25, 07:11 PM)labrocca Wrote: [ -> ]I always delete the admincp backup file.
/admin/modules/tools/backupdb.sql
It's still possible to get a backup if they have a shell installed but not if they simply broke into your admincp with a RAT or some other method.
I think you mean backupdb.php.
Also deleting the backup database task is a good idea too.
The task is not enabled by default though.
(2012-06-25, 07:41 PM)labrocca Wrote: [ -> ] (2012-06-25, 07:22 PM)Nathan Malcolm Wrote: [ -> ] (2012-06-25, 07:11 PM)labrocca Wrote: [ -> ]I always delete the admincp backup file.
/admin/modules/tools/backupdb.sql
It's still possible to get a backup if they have a shell installed but not if they simply broke into your admincp with a RAT or some other method.
I think you mean backupdb.php.
Also deleting the backup database task is a good idea too.
The task is not enabled by default though.
I was about to say an attacker with ACP access could simply enable it but it occurred to me that to find where the backup is located they would need to view the backupdb module...
I too never keep backupdb file, it's a risk to prone at sometimes.
Well... I had it enabled
Thanks guys for the advice, I'll provide you with a little update on what's going on with it. The hacker replied to the thread I made on our forums and said that he was going to sell the dump of our database, which I predicted he would do anyway.
He claims that I've left a security hole in my forum, which I can't seem to find. I don't see any reason why our forum would be insecure - so I'm kind of confused now.
They can sell an old database all they want, just move forward with your forum. If they are communicating with you in your forum, be nice to them, and see if they might be friendly enough to disclose the vulnerability. Some hackers have the compassion and, for lack of a better word, sense, to do that.
Though if they're selling the dump, they may very well not disclose it.
(2012-06-26, 05:04 AM)Josh H. Wrote: [ -> ]They can sell an old database all they want, just move forward with your forum. If they are communicating with you in your forum, be nice to them, and see if they might be friendly enough to disclose the vulnerability. Some hackers have the compassion and, for lack of a better word, sense, to do that.
Though if they're selling the dump, they may very well not disclose it.
About being nice, I was being nice to him as I don't see a reason to be angry, it's not going to make anything better - but a bunch of members started attacking him and I don't think that would have made a positive impact on things
I've tried asking what the security hole was and he refuses to tell me, so I don't know :/
There are no currently known vulnerabilities in the core so you should be safe there. What plugins do you have installed? Also, do you have any software other than MyBB installed?