MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Security Management and Support > Hacked
Full Version: Hacked
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Wires

2014-12-19, 12:48 AM
Got a few very clear threads in the past, but I'm the not the type to give in or become worried quickly. A lot of threats I seem to dismiss.

However, this one I feel slightly different over. ACP is secured, however the thread is over the database. Fill verification has showed the following

admincplink/inc/class_page.php	Changed
admincplink/modules/tools/backupdb.php	Changed
inc/languages/english/member.lang.php	Changed
inc/languages/english/memberlist.lang.php	Changed
inc/mailhandlers/php.php	Changed
index.php	Changed
jscripts/general.js	Changed
managegroup.php	Changed
showteam.php	Changed

The only threat hanging over my heat is the database.

List of plugins:
Disable portal.php Plugin (1.1)
Max Post Views Guest (1.0)
Subforums In Columns (1.0)
Additional Usergroups on profiles (1.2)
Banned User Stat (1.0)
Checkbox Validation (1.1)
Contact Form (3.1)
Easy Refer (2.0)
Forum Icons (3.0)
Fit on Page (2.3)
Force Password Change (1.2)
Guests Can't View Threads (1.1)
Usergroup Legend (3.0)
Hello World! (1.0)
Last Visitors in Profile (1.1)
Mods Cant Edit Admins Posts (1.1)
MentionMe (2.3.2)
Minimum Posts Required to Get Access (0.2)
My Awards (2.2)
MyAlerts (1.05)
NewPoints (1.9.9)
Extra Groups To Access The Forum When Being Off-Line. (1.0)
Online 24 (2.2)
Page Manager (1.5.2)
PHP and Template Conditionals (2.0)
PluginLibrary (12)
Private Message Log (1.1)
Post Activity (1.0)
Warning for private messages (1.0)
ProStats /proʊˈstæts/ (1.9.5)
Register Time (1.2.1)
Registration Security Question (1.2)
Referral in Profile (1.1)
Spoiler BBCode (1.6)
Tabbed Menu (2.0.2)
Tapatalk (4.2.0)
Thread Close Open Yourself (0.2)
Terms of Service Page (1.0)
Thank You/Like System (1.5)
2StepAuth (1.0)
Undo Delete (1.2.1)
Username History w/ Time Restriction (2.0)
Username Style (1.0.4)
Welcome PM/Email (1.1)
YourCode (1.1.1)

.m.

2014-12-19, 02:03 AM
are you sure that forum is hacked - which version of MyBB you are using and have you inspected those changed files
hacked guidance => 1 | 2

Omar G.

2014-12-19, 02:44 PM
My guess is you are using an outdated version of MyBB 1.6.

VoIP

2014-12-19, 04:35 PM
(2014-12-19, 02:44 PM)Omar G. Wrote: [ -> ]My guess is you are using an outdated version of MyBB 1.6.

Probably 1.6, most of the plugins are specifically 1.6


@OP please give us a version id you're running, and please change passwords for your accounts. This could be the root admin uid=1, your ftp credentials, and your cpanlel credentials(if you're using a cpanle with shared/free hosting)

ozgroundz

2014-12-19, 11:35 PM
removed

Nebulon Ranger

2014-12-22, 09:27 AM
(2014-12-19, 04:35 PM)Orianthi Wrote: [ -> ]
(2014-12-19, 02:44 PM)Omar G. Wrote: [ -> ]My guess is you are using an outdated version of MyBB 1.6.

Probably 1.6, most of the plugins are specifically 1.6


@OP please give us a version id you're running, and please change passwords for your accounts. This could be the root admin uid=1, your ftp credentials, and your cpanlel credentials(if you're using a cpanle with shared/free hosting)

16* on the compatibility line means 1.6 AND every revision thereof, such as 1.6.16.

Wires

2014-12-22, 02:08 PM
(2014-12-19, 02:03 AM).m. Wrote: [ -> ]are you sure that forum is hacked - which version of MyBB you are using and have you inspected those changed files
hacked guidance => 1 | 2
I have not as of yet inspected these files. Will do, and update this post.
(2014-12-19, 02:44 PM)Omar G. Wrote: [ -> ]My guess is you are using an outdated version of MyBB 1.6.
1.6.16.
(2014-12-22, 09:27 AM)Nebulon Ranger Wrote: [ -> ]
(2014-12-19, 04:35 PM)Orianthi Wrote: [ -> ]
(2014-12-19, 02:44 PM)Omar G. Wrote: [ -> ]My guess is you are using an outdated version of MyBB 1.6.

Probably 1.6, most of the plugins are specifically 1.6


@OP please give us a version id you're running, and please change passwords for your accounts. This could be the root admin uid=1, your ftp credentials, and your cpanlel credentials(if you're using a cpanle with shared/free hosting)

16* on the compatibility line means 1.6 AND every revision thereof, such as 1.6.16.

As said above, 1.6.16. I'm using a VPS.
File verification shows red on the files below;

showteam.php - I edited this to link to a custom staff page.
<?php 

define('IN_MYBB', 1); require "./global.php";

add_breadcrumb("Staff List", "showteam.php"); 

eval("\$html = \"".$templates->get("showstaff")."\";"); 

output_page($html);

?>

Managegroup.php has been replaced with default mybb file.
jscripts/general.js has been replaced with default mybb file.
index.php has been replaced with default mybb file.
inc/mailhandlers/php.php has been replaced with default mybb file.
inc/languages/english/memberlist.lang.php has been replaced with default mybb file.
inc/languages/english/member.lang.php has been replaced with default mybb file.

The only bit that has been added to acp_link/modules/tools/backupdb.php is
<?php die('Backups Disabled');

Secret pin has been added to acp_link/inc/class_page.php
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Security Management and Support > Hacked