(2014-11-15, 12:13 AM)aaronnz Wrote: [ -> ] (2014-11-11, 07:48 PM)theezy Wrote: [ -> ]I did not create this topic, they got into my account here too somehow.
So you report that your forum got hacked on a Support forum then insist that you did not create the topic. Seems odd. But I have heard of a lot of forums getting hacked lately.
Okay, now that is funny. Im sorry but it is, not the fact that someone's forum got hacked but the fact that hackers would hack someone's account to report that a forum got hacked. Makes no sense.
(2014-11-15, 12:29 PM)Michael2014 Wrote: [ -> ]Okay, now that is funny. Im sorry but it is, not the fact that someone's forum got hacked but the fact that hackers would hack someone's account to report that a forum got hacked. Makes no sense.
It's for the drama and attention. Hackers don't want to be unnoticed, and quite frankly, they have gotten their fair share of attention and drama about the whole thing lately.
However, I talked to theezy a couple days ago, and can say that nothing here was made up. His password was compromised as a part of the hack, so this thread was not posted by him.
One of my administrators passwords was compromised as well.
This is why you should use complicated passwords like:
Sa88int06fr17ancis
(2014-11-15, 03:12 PM)Darth Apple Wrote: [ -> ] (2014-11-15, 12:29 PM)Michael2014 Wrote: [ -> ]Okay, now that is funny. Im sorry but it is, not the fact that someone's forum got hacked but the fact that hackers would hack someone's account to report that a forum got hacked. Makes no sense.
It's for the drama and attention. Hackers don't want to be unnoticed, and quite frankly, they have gotten their fair share of attention and drama about the whole thing lately.
However, I talked to theezy a couple days ago, and can say that nothing here was made up. His password was compromised as a part of the hack, so this thread was not posted by him.
No doubt, I was thinking maybe it was a friend that hacked his account, it doesn't surprise me as hackers have the capability and the time and bots to hack accounts, I had my yahoo account hacked, once, and the hacker blasted a spam email to all my contacts.
My forum is going through security and version upgrade right now.
Admin PIN + f843us0aks9 passwords...
= TOP.
You should also consider blockinging access to admincp by ip via htaccess , the issue is what level did they intrude on your site, is it just the site itself or the server its hosted on? This could be your own server or a shared hosting plan.
The reason i ask is there are two various leves of security that need addressing.
Firstly sever level, no amount of patching software is going to prevent a breach if your server isn't secured. Look at installing ipfilters, intrusion detection, brute force detection, anti-virus along with firewalls. Keep your software updated.
Secondly the software level(site software and files). Firstly i'd recommended delete everything and reinstall a back up , its the only way to thoroughly ensure there are no shells/backdoors left by the hackers. Then install the latest forum software with minimum plugins. Its possible the threat is within the plugins. htacess or rewrites will help restrict file types in the upload folders and can be used to lockdown admin panels by ip. Check file upload permissions along with allowed upload filetypes. Be sure to use the admin folder pin too, there's also other plugins for site security.
Cloudflare will block ips so its worth using but its not the be all and end all, i personally use it just for the cdn.
Hope this helps a little and good luck resolving this.
I searched on wayback time machine website, and saw wober looks like its back to normal now. Congrats theezy bro. Im glad wober didnt get completely hijacked with all accts deleted..what are your options if that really happened? I suggest to all mybb forum owners, make an annex forum as backup. The more you delay..the likelyhood another attack may come again
How do i back ug my forum, am new in this stuff, you may pm me