MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Security Management and Support > Site Hacked.
Full Version: Site Hacked.
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Dolphins

2012-08-01, 09:27 AM
Hey guys,

My site: Habjuke.com has been hacked and it's coming up with an error for it, as though it's all been deleted. Is there anyone who would be able to give me any pointers to recover it all and make it more secure for next time?

Many thanks,
Jimmy
Nevermind, Recovered it.

Vernier

2012-08-01, 12:50 PM
Hey,

Glad to see you've recovered it successfully! If I were you, I'd check how they gained access to help prevent something like this happening again. The access logs should give you a good indication of how they gained access. Smile

bowkilled

2012-08-01, 08:47 PM
(2012-08-01, 09:27 AM)Dolphins Wrote: [ -> ]Hey guys,

My site: Habjuke.com has been hacked and it's coming up with an error for it, as though it's all been deleted. Is there anyone who would be able to give me any pointers to recover it all and make it more secure for next time?

Many thanks,
Jimmy
Nevermind, Recovered it.

Well, first of all, as Vernier said, check how they gained access to your forum.
Secondly, change all your master passwords (mysql, ftp, ssh, mybb admin etc) to something harder (include a mixture of different characters between each character and number to avoid your password getting generated in some rainbow table).

If you got your own server and hosts your website on it, shut down and uninstall any unneccessary and unsecure services such as telnet (use only SSH and SFTP for file management). Try avoid using a control panel as well as it can easily be brute forced and exploited.

If you have any vurnerable content inside your robots.txt file like the path to some admin directory or something similar, try removing it (everyone can see which pages and directories you are hiding from the public).

-Forrest

2012-08-02, 11:28 AM
If I were you, I have had a forum hacked by a known hacker (Shadow008) it was a easy target for him and he knew it. So he hacked my site and put up his deface page, he knew what he was doing which made it frustrating for me. Anyway, if I was you, I would head over to HF and pay a known white hat hacker to help you. What white hat hackers will do, is hack your site, but report back to you how they done it and tell you of vulnerabilities. Obviously you need to make sure you can trust the person, but hiring a white hat hacker (that knows what they are doing of course) is your best bet, obviously there is noway to make your forum "hack" proof, but hiring a white hat hacker (the right one) will make it certainly come close. Anyway, glad to see you got your forum back. May I ask what made that hacker target your forum? mine was I advertised my site on Shadow's which annoyed him, I am just curious if there is a pattern in hackers ways.

Vernier

2012-08-02, 06:12 PM
I had a chat with him, it appears he was just getting an SQL error stating the server had insufficient memory available.
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Security Management and Support > Site Hacked.