Hello guys.
Today, I noticed that my site had been hacked. It appears that the user used an exploit with the calender and was able to hack it. I would like to know how to secure my site so only selected admins can access the website?
Well it only shows that he edited the calender.php file. But it may have been the MyYoutube cause I have that installed. I also have NewPoints.php
Edit: I am on New Points 1.9.7 which is not vulnerable.
MyYoutube and NewPoints are not on the list. It may have been possible that the hacker injected an exploit into Calender. If you've a database backup, then I suggest you to re-install a fresh copy of MyBB.
(2013-04-28, 02:36 AM)Jimmy. Wrote: [ -> ]MyYoutube and NewPoints are not on the list. It may have been possible that the hacker injected an exploit into Calender. If you've a database backup, then I suggest you to re-install a fresh copy of MyBB.
He didn't deface the site, only edit the 'calendar' template.
The reason they edited calendar template is to upload a shell there.
less the plugins more the security.
Always check for outdated plugins.
(2013-04-28, 05:50 PM)Ryanwrz Wrote: [ -> ]less the plugins more the security.
Not always true.