Hi all, I just found out someone was trying to hack in my website.
They did manege to upload a picture to change the Admin avatar avatar_1.gif and managed to upload an html file in my tmp folder which had to be set up to let joomla work. Somehow they managed to upload a picture, next time.... Is there a way to prevent this from happening beside turning the upload off in the admin?
The way I found out was because of my statistics and simply followed the links back and got me to:
http://www.zonetr.com/Hacker/Cyber-RaiderTim/3 I wonder, is there not a way to get these people out of business? They are violating with the software from MyBB I think. Not to mention my site.
Which MyBB version are you running?
@destroyer, have the latest of MyBB running.
I'm very strict in updating everything
@maatty, have not done this one, however I did change the mysql table names so they have no cleu on what to use.
knol Wrote:have not done this one, however I did change the mysql table names so they have no clue on what to use.
Please change the name of your admin directory first and disable the display of your mybb version . I don't think that changing the mysql table names will help prevent hackers from practicing their Satanic perpetrations.
Regards
maatty Wrote:Please change the name of your admin directory first and disable the display of your mybb version . I don't think that changing the mysql table names will help prevent hackers from practicing their Satanic perpetrations.
Regards
Another time someone on this forum suggested to change the table-names to prevent MySQL injection if I'm not mistaking.
Don't have the version displayed as far as I know.
As for changing the Admin folder, today we are celebrating my daughters birthday so... it will have to wait a bit
knol Wrote:[quote=maatty]
As for changing the Admin folder, today we are celebrating my daughters birthday so... it will have to wait a bit
I'm not even sure that taking whatever security measures suggested so far will suffice to keep hackers away. We need to consult a hacker.
A very happy birthday to your daughter.
Regards
I think the writers of MyBB know a lot to defend it all, its more a server problem I think. Some folders need to have the permissions to write in otherwise no avatars are being uploaded at all.
Perhaps the creators can find a way of disguising the true folder-locations of images in the source-code and an optional folder-location for Admin and Images/Uploads during install of MyBB.
P's, thank you for your wish for my little one...
There are no known vulnerabilities in the current version of MyBB. I suspect it's an exploit somewhere else in the server.
I'm starting to think so also.
Maybe there is a possibility to use htaccess in those vulnerable folders to stop uploads if they are not coming from within the software? If so maybe you know of a way?