2013-07-11, 10:29 PM
2013-07-11, 10:31 PM
it all depends on how it was defaced
2013-07-11, 10:34 PM
(2013-07-11, 10:31 PM)pavemen Wrote: [ -> ]it all depends on how it was defaced
So if he uploads a file to it, I just delete the file?
2013-07-11, 10:49 PM
2013-07-11, 10:56 PM
Well if someone uploads the deface page, you should double check if there were any file changes or any suspicious files uploaded to your forum or not. I would recommend you to double every file or even better, upload a fresh copy of MyBB. Be sure not to delete .inc/settings.php and .inc/config.php or to overwrite them when uploading a fresh copy of MyBB. Check your error logs to see how the hacker got access to your forum. Also, check if the hacker uploaded any kind of shell on your server or not.
Check the admin logs after doing the above to find any suspicious activity. Check all new accounts under 3 days. Often hackers first create an account to understand how a specific website functions/operates.
Check for changes in themes by heading over to the "Tools & Maintenance" tab in your ACP.
After all that, I would recommend you to disable all plugins and do a quick google search on each one of them to see if you are using an outdated version or not and check if any of them have any known vulnerabilities.
A deface is not necessarily done by uploading the deface page to the root of your forum, it can also be done by editing your default themes index page and replacing it with the coding/script of the deface page.
Some XSS vulnerabilities could also lead to some pages being defaced. It's vital you first find out how someone got access to your forum.
After all that being done, change your forums e-mail address and password including all security measurements. Change your password of your cpanel and hosting accounts.
Another tip would be is to inform your host that your forum was hacked so they can help you investigate by reading access/errors logs and such stuff. They would even be able to tell if there was any suspicious file uploaded on to your server after your site was defaced.
Best thing to do is keep daily backups of your database and site files if you change your files around daily.
Check the admin logs after doing the above to find any suspicious activity. Check all new accounts under 3 days. Often hackers first create an account to understand how a specific website functions/operates.
Check for changes in themes by heading over to the "Tools & Maintenance" tab in your ACP.
After all that, I would recommend you to disable all plugins and do a quick google search on each one of them to see if you are using an outdated version or not and check if any of them have any known vulnerabilities.
A deface is not necessarily done by uploading the deface page to the root of your forum, it can also be done by editing your default themes index page and replacing it with the coding/script of the deface page.
Some XSS vulnerabilities could also lead to some pages being defaced. It's vital you first find out how someone got access to your forum.
After all that being done, change your forums e-mail address and password including all security measurements. Change your password of your cpanel and hosting accounts.
Another tip would be is to inform your host that your forum was hacked so they can help you investigate by reading access/errors logs and such stuff. They would even be able to tell if there was any suspicious file uploaded on to your server after your site was defaced.
Best thing to do is keep daily backups of your database and site files if you change your files around daily.
2013-07-12, 02:13 AM
see also this guidance