2004-12-30, 03:51 AM
Hi all,
I have MyBB installed (about two weeks ago, replacing phpBB) onto my server.
The version is MYBB RC 4 with security patch ( http://mybboard.com/community/showthread.php?tid=692 )
Yesterday I was hacked
My site index was changed so all users were redirected to one bad page...
I have checked Apache logs and found that hackers gained control using myBB software (PHP code injection into request URI - file showthread.php).
That vulnerability allows attacker to execute any PHP and OS shell commands, write/delete files etc.. I does not want to place an exploit here before admin will fix the vulnerability (to avoid some bad people from getting idea to hack for example, forum on this site).
I would like to give an advice to all myBB software users: SWITCH YOUR FORUM INTO MAINTENANCE MODE AND RENAME/DELETE FILE showthread.php UNTIL THIS VULNERABILITY WILL BE FIXED. Your forum will be unaccessible for attackers, but also for normal visitors. Choose your poison. Anyway, if you will decide to leave your forum online, making daily backups is a good idea. Also pay some attention to your log files...
TO ADMIN: CONTACT ME AS SOON AS POSSIBLE AND I WILL SEND YOU LINES FROM APACHE LOG FILE SO YOU CAN FIX THAT SECURITY HOLE.
My email is [email protected]
I have MyBB installed (about two weeks ago, replacing phpBB) onto my server.
The version is MYBB RC 4 with security patch ( http://mybboard.com/community/showthread.php?tid=692 )
Yesterday I was hacked
My site index was changed so all users were redirected to one bad page...
I have checked Apache logs and found that hackers gained control using myBB software (PHP code injection into request URI - file showthread.php).
That vulnerability allows attacker to execute any PHP and OS shell commands, write/delete files etc.. I does not want to place an exploit here before admin will fix the vulnerability (to avoid some bad people from getting idea to hack for example, forum on this site).
I would like to give an advice to all myBB software users: SWITCH YOUR FORUM INTO MAINTENANCE MODE AND RENAME/DELETE FILE showthread.php UNTIL THIS VULNERABILITY WILL BE FIXED. Your forum will be unaccessible for attackers, but also for normal visitors. Choose your poison. Anyway, if you will decide to leave your forum online, making daily backups is a good idea. Also pay some attention to your log files...
TO ADMIN: CONTACT ME AS SOON AS POSSIBLE AND I WILL SEND YOU LINES FROM APACHE LOG FILE SO YOU CAN FIX THAT SECURITY HOLE.
My email is [email protected]