MyBB Community Forums

Full Version: Accounts Hack
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Now i'm not sure how this happened nor how it can be fixed. Yesterday I got on my forums with people complaining that they were hacked. I banned those accounts, and they contacted me saying that they were done messing around, although I cant have an exploit like this just possible. The hackers claimed what they did was a SQL Injection, which allowed them to get the logins for the accounts, and they also claimed that it was impossible to fix. I want to not believe that, although they could be correct. So with that said, is it possible to fix this "SQL Injection"? My friend claimed that it was something to do with vulnerable plugins, so I put together a list of plugins that I have on the mybb site. Click here to see my plugins. This might be asking a bit much, but this is really serious for the health of my community, and I feel that it should not be this easy to just get into a mybb account.

This might have been what was used to get into the site.


Regards,
Xenonzo
What is your version of MyBB? According to the video, the hack was done on MyBB 1.8.1.
(2015-08-25, 05:59 AM)Phantomer Wrote: [ -> ]What is your version of MyBB? According to the video, the hack was done on MyBB 1.8.1.

MyBB 1.8.5

Would you like my MySQL version as well?
I think this is already patched.
(2015-08-25, 09:41 PM)John J. Wrote: [ -> ]I think this is already patched.

Hmm do you possibly know how some user accounts were breached? They did confirm with me that it was SQL Injections, although I'm not sure what else they did.
I tried it with the current version, had no success.
(2015-08-26, 07:36 PM)John J. Wrote: [ -> ]I tried it with the current version, had no success.

Might not be that but I can assure you some sort of SQL injection is going on.
Three more accounts got hacked.
(2015-08-26, 09:40 PM)xunofar Wrote: [ -> ]
(2015-08-26, 07:36 PM)John J. Wrote: [ -> ]I tried it with the current version, had no success.

Might not be that but I can assure you some sort of SQL injection is going on.
Three more accounts got hacked.

Well then you should try removing unused plugins.