Hey MyBB community so my forum got hacked for a second time and its making me mad cause its SQL encrypted witch makes it more vulnerable for SQL injection. how would i change it to VPS hosting?
Is there a way i can change my password manually cause he changed the email of my account so i cant just do the "Password Recovery" also neither of us can get in the AdminCP thanks to JammerX2 for the admin pin plugin
What do you mean SQL encrypted? Also, if you're getting hacked I would recommend not switching to VPS hosting, it has many more places you could get attacked if you don't know what you're doing.
(2014-06-04, 11:15 PM)Pirata Nervo Wrote: [ -> ]I had posted in a previous thread of yours in the past:
http://community.mybb.com/thread-154207....ght=script
That's not what he's asking for this time. He doesn't need to change the board on or off. What he needs to do this time is edit the email through phpMyAdmin (or any database management tool like Navicat MySQL if doing it remotely). Once the email is changed, you can do the forgot password routine. You will not be able to manually change the password back in the database without knowing the previous "password" and "salt" entries that was saved into the database.
Paul H. I think he's talking about the encryption MyBB uses when it saves the passwords to the database.
(2014-06-05, 01:32 AM)Vashnik Wrote: [ -> ]Paul H. I think he's talking about the encryption MyBB uses when it saves the passwords to the database.
I thought that was a possibility as well, but then the sentence as a whole makes no sense: " its SQL encrypted witch makes it more vulnerable for SQL injection"
(2014-06-05, 02:39 AM)Paul H. Wrote: [ -> ]I thought that was a possibility as well, but then the sentence as a whole makes no sense: " its SQL encrypted witch makes it more vulnerable for SQL injection"
He probably thought the passwords were encrypted by the database (at least the first part), but the sentence over all I'm not entirely sure about. I posted just going off "SQL encryption" and interpreting it as MyBB password encryption since that what really happens when passwords are saved to the database. The last bit I have to admit I shrugged off, since I'm not to sure what he means about "making it more vulnerable for SQL injection." I'm thinking it might be misinformation and isn't related to the solution he's actually asking for.
Stop advertising yourself as Administrator should be the first step, the second start think about using less heavy plugins.
(2014-06-05, 01:32 AM)Vashnik Wrote: [ -> ] (2014-06-04, 11:15 PM)Pirata Nervo Wrote: [ -> ]I had posted in a previous thread of yours in the past:
http://community.mybb.com/thread-154207....ght=script
That's not what he's asking for this time. He doesn't need to change the board on or off. What he needs to do this time is edit the email through phpMyAdmin (or any database management tool like Navicat MySQL if doing it remotely). Once the email is changed, you can do the forgot password routine. You will not be able to manually change the password back in the database without knowing the previous "password" and "salt" entries that was saved into the database.
Paul H. I think he's talking about the encryption MyBB uses when it saves the passwords to the database.
Ah sorry I misread it.
(2014-06-05, 03:06 AM)Vashnik Wrote: [ -> ] (2014-06-05, 02:39 AM)Paul H. Wrote: [ -> ]I thought that was a possibility as well, but then the sentence as a whole makes no sense: " its SQL encrypted witch makes it more vulnerable for SQL injection"
He probably thought the passwords were encrypted by the database (at least the first part), but the sentence over all I'm not entirely sure about. I posted just going off "SQL encryption" and interpreting it as MyBB password encryption since that what really happens when passwords are saved to the database. The last bit I have to admit I shrugged off, since I'm not to sure what he means about "making it more vulnerable for SQL injection." I'm thinking it might be misinformation and isn't related to the solution he's actually asking for.
Passwords are hashed, not encrypted.
If he's getting hacked so many times, starting a new board wouldn't be a bad idea considering he can restore later the parts he needs.
I bet my reputation (which I don't have
) he has a ton of vulnerable plugins installed!
You're asking for help but you're not giving anyone any good basis to start helping you from.
Some server logs, plugins installed, current version, number of administrators/staff members, hosting environment, etc. would all help.