2014-02-11, 06:56 AM
my index got jacked too my guess is thay uploaded a shell and got in or thay hacked ur email or maybe even xss download
cp pin so theres extra security
change admin directory
install admin honypot plugin
make a few fake admin folders in ur dir
when ur not using ur mybb cp go into ur host and redirect it www.exsamplecom/admin to www.exsample/watever page u redirect it too
also try this
Change the “admin” directory
By default the admin CP is at example.com/admin or example.com/forum/admin, this is a potential MyBB security issue since MyBB users will know where the admin directory is. You can change this, to do so here’s how.
1. Use your web host’s file manager (or an FTP program) and navigate to your forum’s root installation.
2. Rename the “admin” directory to something else. If you want a secure admin directory, use this strong password generator to generate a new name for you.
3. Go in the inc directory and edit the config.php file, find (should be on line 26):
$config['admin_dir'] = 'admin';
Change admin to your new admin directory, should be ‘mynewadmindirectoryhere’. Save changes.
Hide admin CP links
Also in the config.php file is an option to hide the Admin CP links, good for MyBB security and for after changing your admin URL directory in case if your administrator account gets compromised. Find:
$config['hide_admin_links'] = 0;
Change the “0″ to “1″, make sure you remember where your admin directory is.
Backup your forum regularly and often
This is really important for MyBB security, either in case your forum gets compromised or your forum’s files are corrupted and beyond repair. In Admin CP > Tools & Maintenance > Database Backups is where you can run a New Backup of your forum’s database. In Task Manager there’s a task called Weekly Backups (disabled by default) to run backing up your database automatically for you. Enable this task, I prefer to run it daily though for extra MyBB security. These backups are stored on your server and you can download them anytime you want, make sure you chmod the backups directory to 777 inside your admin directory.
Also don’t forget to backup your forum directory using FTP, or if you use cPanel use the cPanel Backup option for your forum.
Use a strong password for your administrator account
Be smart, don’t use “password123″ for your forum administrator account password. Be creative and use a strong password of at least 6 characters. A mix of uppercase, lowercase characters are better for MyBB security, if you have other administrators or moderators on your forum, be sure to advise them to do the same.
Disallow HTML on forum
By default it is disallowed, and I recommend you keep it that way unless you know your members very well. Allowing HTML opens MyBB security vulnerabilities on your forum.
Hide MyBB version number
This can be changed in Admin CP > Configuration > General Configuration under Show Version Numbers, this is also disallowed by default which is good. If this was on, hackers with malicious intent could view these versions and find MyBB security exploits for them. That’s why it’s better to keep MyBB version numbers off.
Change the MyBB database table prefix
By default it’s “mybb_” which is not good for MyBB security risks if it’s well known. To protect your forum database and increase MyBB security on your forum, you should change this as soon as possible. If you’re installing a new copy of MyBB, you can do this on the Database Configuration step in Table Prefix (see here), an example of a change would be “newprefix_”. If you already installed MyBB, then you can rename it in phpMyAdmin. Afterward go into inc/config.php in your forum’s root installation and find:
$config['database']['table_prefix'] = 'mybb_';
Change mybb to your new database prefix.
Note: Make sure to do a database backup before attempting to change the database prefix.
Run File Verification occasionally for MyBB security checks
If you notice something not right or functioning properly like it’s supposed to, you should run File Verification in Admin CP > Tools & Maintenance. This tool will check for valid MyBB files upon installation, it will return missing or corrupted files if any. Use this knowledge to replace any forum files if needed, you should be able to do this easily with a forum directory backup.
hope this helps u in some way
cp pin so theres extra security
change admin directory
install admin honypot plugin
make a few fake admin folders in ur dir
when ur not using ur mybb cp go into ur host and redirect it www.exsamplecom/admin to www.exsample/watever page u redirect it too
also try this
Change the “admin” directory
By default the admin CP is at example.com/admin or example.com/forum/admin, this is a potential MyBB security issue since MyBB users will know where the admin directory is. You can change this, to do so here’s how.
1. Use your web host’s file manager (or an FTP program) and navigate to your forum’s root installation.
2. Rename the “admin” directory to something else. If you want a secure admin directory, use this strong password generator to generate a new name for you.
3. Go in the inc directory and edit the config.php file, find (should be on line 26):
$config['admin_dir'] = 'admin';
Change admin to your new admin directory, should be ‘mynewadmindirectoryhere’. Save changes.
Hide admin CP links
Also in the config.php file is an option to hide the Admin CP links, good for MyBB security and for after changing your admin URL directory in case if your administrator account gets compromised. Find:
$config['hide_admin_links'] = 0;
Change the “0″ to “1″, make sure you remember where your admin directory is.
Backup your forum regularly and often
This is really important for MyBB security, either in case your forum gets compromised or your forum’s files are corrupted and beyond repair. In Admin CP > Tools & Maintenance > Database Backups is where you can run a New Backup of your forum’s database. In Task Manager there’s a task called Weekly Backups (disabled by default) to run backing up your database automatically for you. Enable this task, I prefer to run it daily though for extra MyBB security. These backups are stored on your server and you can download them anytime you want, make sure you chmod the backups directory to 777 inside your admin directory.
Also don’t forget to backup your forum directory using FTP, or if you use cPanel use the cPanel Backup option for your forum.
Use a strong password for your administrator account
Be smart, don’t use “password123″ for your forum administrator account password. Be creative and use a strong password of at least 6 characters. A mix of uppercase, lowercase characters are better for MyBB security, if you have other administrators or moderators on your forum, be sure to advise them to do the same.
Disallow HTML on forum
By default it is disallowed, and I recommend you keep it that way unless you know your members very well. Allowing HTML opens MyBB security vulnerabilities on your forum.
Hide MyBB version number
This can be changed in Admin CP > Configuration > General Configuration under Show Version Numbers, this is also disallowed by default which is good. If this was on, hackers with malicious intent could view these versions and find MyBB security exploits for them. That’s why it’s better to keep MyBB version numbers off.
Change the MyBB database table prefix
By default it’s “mybb_” which is not good for MyBB security risks if it’s well known. To protect your forum database and increase MyBB security on your forum, you should change this as soon as possible. If you’re installing a new copy of MyBB, you can do this on the Database Configuration step in Table Prefix (see here), an example of a change would be “newprefix_”. If you already installed MyBB, then you can rename it in phpMyAdmin. Afterward go into inc/config.php in your forum’s root installation and find:
$config['database']['table_prefix'] = 'mybb_';
Change mybb to your new database prefix.
Note: Make sure to do a database backup before attempting to change the database prefix.
Run File Verification occasionally for MyBB security checks
If you notice something not right or functioning properly like it’s supposed to, you should run File Verification in Admin CP > Tools & Maintenance. This tool will check for valid MyBB files upon installation, it will return missing or corrupted files if any. Use this knowledge to replace any forum files if needed, you should be able to do this easily with a forum directory backup.
hope this helps u in some way