MyBB Community Forums

someone tried hacking my forum.

he is adding these codes after my site url.

forumdisplay.php?fid=2&sortby='];readfile('inc/config.php');exit;

and

search.php?action=results&sid=1136cfe92fc2e6695c54536a3664a0d9&sortby='];readfile('inc/config.php');exit;

and

calendar.php?action=event&eid='%20UNION%20SELECT%20uid,uid,null,null,null,null,password,null%20FROM%

20mybb_users/*

what can i do to prevent my site hacked

im using 1.2.9 version.

Upgrade!

Quote:Upgrade!

i have many plugins and mods installed and style changes im afraid to lost all that in upgrade.

This is not hacking trick/code!

Do the manual upgrade then. If your mods are done as plug ins then you can upgrade your board.

This is the exploit 1.2.11 fixed. Unfortunately, when MyBB patches an exploit, it basically tells others how to use it.

You can manually patch 1.2.9, if you don't want to upgrade to 1.2.10 first.

where can i find manual upgrade ???

Quote:You can manually patch 1.2.9, if you don't want to upgrade to 1.2.10 first.

how to do that??

It's VERY important that you upgrade AS SOON AS POSSIBLE! There are 2 HIGH risk vulnerabilities out there.

For more information Click here

The solution is to upgrade. If you leave your forums with old versions you are open to being hacked.