Hi,
I need help,
Accounts keeps getting compromised on my site even if I change my password to a 20 characater password from strongpaswordgenerator.
They manage to still go in my account.
I closed the board now but I need assistance as soon as possible.
Thank you
1) Is your MyBB installation up-to-date?
2) Are you sure that you are not using plugins that have known XSS vulnerabilities?
(2014-05-08, 06:00 PM)Darth Apple Wrote: [ -> ]1) Is your MyBB installation up-to-date?
2) Are you sure that you are not using plugins that have known XSS vulnerabilities?
I have sent you a private message.
I really need help anyone, send me a private message, it's urgent.
backup and delete all your forum files. Download a new copy of mybb and the plugins you used. make sure no one has remote access to you database. Also it might be a good idea to scan your computer for spyware
If you don't have any obvious security issues (such as core file edits making use of unsanitized data or poor database/cPanel passwords), it very much sounds to me that you have a plugin with an XSS vulnerability of some sort. If your MyBB installation is up-to-date, disabling all plugins should solve your issue until you are able to figure out which particular plugin is causing the issue. (ACP -> Configuration -> General Configuration -> Disable all plugins)
What plugins do you have installed?
Do you have any antivirus software installed, if so try scanning your computer as you may have a keylogger (or similar). Else install one anyway they are a great way of protecting yourself and your computer. It may be worth checking what IPs login to your account. Also, I would suggest adding some security plugins, here is a few that you might benefit from:
Geolocation Authentication,
MySessions and
Secure MyBB Admin Key (SMAK).