Hey there,
I'm not here to say that MyBB is insecure, because it's secure, so don't misunderstand the thread! I am the super user (if I may call it that) on my board, and my account got hacked due to an email issue.
Hackers have grabbed a database backup from the MyBB admin control panel. What I'm wondering is, is there anything I should be wary of? Are the hackers able to decrypt the password hashes in there?
Any advice would be helpful through this time.
Thanks a lot guys 'n' gals
First thing you should do is change all your passwords and tell your members what has happened (and urge them to do the same). You'll also want to make sure the hackers didn't do anything else while they were in there by checking the administrator logs. I'd also advise putting security measures in place such as renaming the admin directory and hiding all links to it.
Thanks euantor for the speedy response. I have urged all members of the forum to change their passwords and keep their email accounts safe. I've checked the Administrator logs and have noticed this:
![[Image: DwW3.jpg]](https://camo.mybb.com/58d36069ee4a894c13b8c7bf9f08664ac30acd0e/687474703a2f2f7075752e73682f447757332e6a7067)
Is there any way I can find out just what they ran off with in that back up? I have taken your advice and hid links to the admin CP and changed the directory's name.
It's impossible to see what they backed up, but we can assume they took everything. What's worrying is the edit to the index template. I'd be checking that to try and track down what they've done as they could have added anything to it.
(2012-06-25, 10:40 AM)euantor Wrote: [ -> ]It's impossible to see what they backed up, but we can assume they took everything. What's worrying is the edit to the index template. I'd be checking that to try and track down what they've done as they could have added anything to it.
Oh it was noticeable, they completely changed the page to tell the world the site was "Hacked", which I fixed pretty quickly, so no worries there.
I guess I'll just have to soldier on and hope for the best. I'm really curious about whether or not they can decrypt the password hashes though :/
Ah, well at least you fixed that and they made it easy enough to track down
It might be a good idea to add a .htpasswd to your admin directory too in the future with a different password so there's an extra level of security. It's a precaution I always personally take anyway:
http://weavervsworld.com/docs/other/passprotect.html
(2012-06-25, 10:46 AM)euantor Wrote: [ -> ]Ah, well at least you fixed that and they made it easy enough to track down It might be a good idea to add a .htpasswd to your admin directory too in the future with a different password so there's an extra level of security. It's a precaution I always personally take anyway: http://weavervsworld.com/docs/other/passprotect.html
Ah yes, I should have taken steps to secure the forum, I'm putting the blame on myself for not being too cautious, but this was a warning for me
I'll definitely try out the htpasswd thing right now
Thanks
Well, I would change all passwords like euantor said and urge users too. After that, I would go through and verify the integrity of each file (use File Verification in the ACP). Then take a quick look through each folder for suspicious files which don't belong, so that you can remove any shells if found.
But renaming the admin directory, applying an htpasswd, and potentially using the ACP Pin tutorial will help you in the future, though the pin is annoying to re-add almost every upgrade.
I always delete the admincp backup file.
/admin/modules/tools/backupdb.php
It's still possible to get a backup if they have a shell installed but not if they simply broke into your admincp with a RAT or some other method.