MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Security Management and Support > MyBB account hijacking
Full Version: MyBB account hijacking
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

d0m

2013-12-03, 02:09 PM
Hello!
I was hijacked with version 1.6.11
Think something like this 
http://www.slideshare.net/Chris1llusion/mybb-account-hijacking,not
100% sure,but i know was hijacked,or by pm,because password recovery function was used,when i saw my mail,i saw and admin username was changed by my,but i'm sure i use this version 1.6.11,so maybe somebody have same problem or i don't now what o say!
Thanks!

Rymax99

2013-12-03, 03:23 PM
If they sent it to your email, you (or other administrators) might have their email compromised, which allows for them to enter into your forum with your administrator privileges. Without logs or anything, we won't be able to tell you for sure.

d0m

2013-12-03, 03:51 PM
"They" send me to email(Password recovery),and i don't have logs,because moved from this hosting,and install new,and check all security what i can!
So,i don't now,if it's happining again,i will send logs to somebody here who can understand what's happened,but i'm sure it's was this mybb version,because i check always for updates!

.m.

2013-12-03, 04:05 PM
^ unable to understand how you confirmed that your forum was hijacked / compromised. what you meant by
"user name change" is not clear for me. anyone can ask for password recovery by giving your mail address ..

d0m

2013-12-03, 04:18 PM
(2013-12-03, 04:05 PM).m. Wrote: [ -> ]^ unable to understand how you confirmed that your forum was hijacked / compromised. what you meant by
"user name change" is not clear for me. anyone can ask for password recovery by giving your mail address ..

First can't login with my password to forum,then i saw in email for password change,with difirent username and activiation code,i log normally,and see somebody in shoutbox send a messages what i didn't send!

Just maybe i can't explaine good,because eng is not my native lang.

.m.

2013-12-03, 04:23 PM
^ I understand that you changed web host and fixed everything - your forum is running normal now. is that right ?

d0m

2013-12-03, 04:39 PM
(2013-12-03, 04:23 PM).m. Wrote: [ -> ]^ I understand that you changed web host and fixed everything - your forum is running normal now. is that right ?

Right now yes,now waiting for attacker when he come back,to see logs ,why this happaned

.m.

2013-12-03, 05:15 PM
however as prevention is better than cure, try to take care of possible security measures - see security tutorials

d0m

2013-12-03, 05:33 PM
(2013-12-03, 05:15 PM).m. Wrote: [ -> ]however as prevention is better than cure, try to take care of possible security measures - see security tutorials
Belive me,i did this,and add .httacess and other things,like change prefixs...etc,but i will see,if again something happining i willall of ppl let to know!
Anyway,thanks for repry.
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Security Management and Support > MyBB account hijacking