2021-07-26, 10:18 AM
Is there a service or software that one can use to completely clean a mybb MariaDB database from an infection?
When we tried a new theme and got more involved with the files, we discovered this file that shouldn't have been there:
dbkiss.php
We were unable to pinpoint when it was loaded, and how, but it must have been before February 2018. Our Database was created in 2015.
Then when we delved deeper we found more files that didn't belong. This could have happened because of failure on our part to regularly update the myBB script. There must have been an exploit or something. Our bad.
I personally don't think that the database was damaged. I only joined the community as Admin in March 2018. I have never had cause for suspicion that something was happening with the files or there were members doing things they shouldn't be doing. I think that if indeed the database was compromised that there must have been a dump of a kind and the perpetrator then moved on.
However, we are living in different times and bottom line is we now are aware of personal information of our membership having been compromised. We immediately wrote to every one to inform them and ask them to change their passwords. We were even prepared to give up on the Forum, until our members asked us to reconsider. They obviously still trust us.
So we are hoping for the following assistance from mybb if possible:
1. Suggestion of how to completely clean the database from an exploit involving dbkiss.php
2. Is there a plugin available for managing personal information of our members - similar to the purge spammer one? That would make it easier to comply with GDPR?
Cheers
When we tried a new theme and got more involved with the files, we discovered this file that shouldn't have been there:
dbkiss.php
We were unable to pinpoint when it was loaded, and how, but it must have been before February 2018. Our Database was created in 2015.
Then when we delved deeper we found more files that didn't belong. This could have happened because of failure on our part to regularly update the myBB script. There must have been an exploit or something. Our bad.
I personally don't think that the database was damaged. I only joined the community as Admin in March 2018. I have never had cause for suspicion that something was happening with the files or there were members doing things they shouldn't be doing. I think that if indeed the database was compromised that there must have been a dump of a kind and the perpetrator then moved on.
However, we are living in different times and bottom line is we now are aware of personal information of our membership having been compromised. We immediately wrote to every one to inform them and ask them to change their passwords. We were even prepared to give up on the Forum, until our members asked us to reconsider. They obviously still trust us.
So we are hoping for the following assistance from mybb if possible:
1. Suggestion of how to completely clean the database from an exploit involving dbkiss.php
2. Is there a plugin available for managing personal information of our members - similar to the purge spammer one? That would make it easier to comply with GDPR?
Cheers