MyBB Community Forums

So I am just coming here asking the community if it is possible to backdoor a mybb forum in a way that has not really been seen before.

My friend was back doored but it was different, This backdoor was very harmful as it could access the database by reading the mybb files on the server and remotely update the database.

Is there any word of this happening to anyone else? I know how it was coded I viewed the source code but don't have it anymore.

---

Is there more backdoors I should worry about?

Maybe a solution to fix this?

We would need some more details to know if this was caused by a security flaw in MyBB (that we have not been made aware of), or whether it was caused by a plugin, the webhost, an outdated install or something else. Please ask your friend (or you) to post in Private Inquiries with some details of what has happened so we can investigate a bit.

Sounds like a Shell.

It's most likely caused by a vuln plugin.

It sounds like you've been shelled. You should check your access logs and check for vulnerabilities within your plugins.

If you do not know which plugins may be vulnerable here please post a list of your installed plugins and we will be able to assist you.

It can be also your theme with a malicious php code, but that only works if you have the plug-in to enable php on themes. Maybe the theme told you to upload a malicious file not related to styling.