MyBB Community Forums

I am using mybb 1.6.8 , is it possible that there is some unknown vulnerability ?? how can i secure my sql ??

offtopic:- I can buy plugins, dont need to use null. i moved from paid vbulleting license (used on lostonthe.net) to mybb for it was less server heavy and better security.

that blurred plugin was pmadmin, and i am not proud to have that in my board, installed it a year ago, because of someone pmming my members about their forum. never used since,but didnt tried to uninstall it :lazy: .

Also, it was a sql injection attempt, my password was reset,but thanks o mybb's "salt" in sql mybb_user, hacker was not able to login. than he defaced it .

It was a disaster , fortunately, my server was not affected. i might have to switch to another board if they try to hack again.

Your host might be lacking security. Generally in most cases, the server are configured incorrectly or lacks security and I'm fairly sure your host is not going to accept that thing. Another thing, the hacker may have planted a php shell in your website so verify each file with MyBB's latest package and check for any malicious or non wanted file name.

There are no known issues within the Mybb core. Several have been reported externally and each has been checked and found to be a false positive.

Since you have no plugins activated or anything, I'm led to wonder if you're running any other scripts on your server or whether your actual server has been compromised in some way.

hackers made it clear that it was an sql injection. They wrote that on the index page.

there r no changes made in website in last 4 months, except the upgradation of mybb 1.6.7 to 1.6.8.

Any chance you got a screenshot of the defacement? When I visited I was just getting a PHP error. As I said, there's no known vulnerability in the most recent release of MyBB.

i removed the deface asap i can , so no screenshots.

You most probably use a vulnerable plugin.

(2012-08-22, 08:27 PM)HostMafia Wrote: [ -> ]i removed the deface asap i can , so no screenshots.

here's the people payment

I'm not going to say that MyBB is 100% secure, because nothing is, but as has been said time and time again, there are no known vulnerabilities with MyBB. If someone were to find one, I highly doubt they'd make it's first use on a website with only around 2000 members.

Quote:MyBB is not safe, we recently were attacked by hackers. Please be patient until we make sure this doesn't happen again. You websites are safe, our server was not affected in any way.If you havething to say, you can mail me [email protected] Thank you for your cooperation. ~Linux

Blaming it on MyBB without giving any proof (or even evidence, for that matter) that it happened as a direct result of using MyBB is ridiculous, and leaving messages like that on your site really won't help to make people here feel inclined to help you.

Very unprofessional attitude from a host.