MyBB Community Forums

Full Version: Viagra hacked signatures of unsuspicious forum users
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

I believe our MyBB forum might be compromised after checking in a series of Viagra messages posted on member signatures that we trust. We enquired with them and they do not know how and why did this happen.

I do not know what can I do now or how to tackle this issue, but this has happened 3 times already and it sure seems like something got compromised even with the forum being at the latest version 1.8.29

Also, I got to add we had all the security done in Apache and when we switched to Nginx we couldn't find out how to do the same

Any ideas that might lead us in the right direction?

your users accounts hacked , make user to use complex password
I have asked them to change passwords. Thank you for the hint

Is there anything that will force users to now change to stronger passwords?
In ACP: Home » Board Settings » Login and Registration Options, enable Require a complex password?
Thank you Crazycat,

this will be useful for new registrations and you were right, it was OFF!

Is there a way to solve the already registered ones with lousy passwords?
Suppress their password from the database, they'll have to request a new one (think to notice users before).
But there is actually no plugin to force user to change their password.