MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.2 Series > MyBB 1.2 General Support > My forum has been hacked!!..How??!
Full Version: My forum has been hacked!!..How??!
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2

arashpour

2006-11-26, 08:35 PM
Some short time hacker(!) came into my forums and started to do some weird things tonight. He first registered then started to change passwords and emails of the users... I immediately banned his IP but he came with various IPs and changed the password and email of the ADMIN (that's obviously me!)!
I was unable to login to the AdminCP. Then I had to change the forums folder to prevent more damage.
Fortunately the support team of my host were online and suspended my account.
They (support team) say that this refers to a bug in Mybb and specially the AVATAR/UPLOAD folder of the forums and insisted that I had to change to permissions to 755.
Isn't that weird? Apparently I can not install and run Mybb without the permission of 777 to avatar folder, but if i do so, I cannot run Mybb.
I'm pretty much pissed off and confused. I cannot start from scratch a new database!
Please help me to avoid these kind of undesired coincidents.
thanks

User 2877

2006-11-26, 09:29 PM
What version of mybb are you?

Also read this thread.

http://community.mybboard.net/showthread.php?tid=10111

arashpour

2006-11-26, 09:39 PM
The version is 1.2.1
I just updated (installed from scratch) from 1.2
in addition, I had changed the admin folder to some other name to avoid hacking. seems useless!

Martin M.

2006-11-26, 09:55 PM
Please PM me a copy of the access logs of your server/host.

arashpour

2006-11-26, 09:57 PM
how do I get a copy of access log please?

Martin M.

2006-11-26, 10:01 PM
If you got Cpanel read here.

You should look in the panel of your host. You should find it. Under logs or something. If not you should ask your host if they can provide it themselfs.

User 2877

2006-11-26, 10:58 PM
Seems all rather odd to me.  How did this person find your brand new install of mybb?  Did you use a common password when you created your admin account? Also are you sure your computer isn't compromised with a keylogger?

Is it also possible your host is crap?  I have to wonder really because so many of us run 1.2.1 and have not had a problem.  Seems very odd a new install would attract a hacker.  Normally they browsse this site or search engines to find already established forums.

EDIT: DOH...I read your post again...sorry if your forums wasn't a fresh install.

Christian

2006-11-26, 11:03 PM
arashpour Wrote:in addition, I had changed the admin folder to some other name to avoid hacking. seems useless!

If a user gains access to an account with admin permission, they they will have a direct link to your ACP. That's totally irreverent in this case..

Martin M.

2006-11-26, 11:18 PM
Christian, Although the admin link can be hidden with a change in the config file.

Christian

2006-11-26, 11:22 PM
Ahh. Yes, that is true, I totally forgot about that. hehe
Pages: 1 2
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.2 Series > MyBB 1.2 General Support > My forum has been hacked!!..How??!