I am using the newest version, my admin directory has been changed, and all links to the admin directory via the forum have been removed. There must be some new exploit out there. Any ideas how to prevent this from happening again? I even changed the admin directory and my password after the first hack and it didn't seem to matter as the board was hacked again a day later. The password was quite advanced, too.
If you need board URL send me a PM.
Thanks.
We're not aware of any new security exploits.
Please send one of the staff members RAW access logs.
Are just the site access logs for the past two days good enough? It seems that's all I have available (that I can see in my FTP, anyway). It is full of normal site access as well as forum access, though. Is that ok? Which staff member is ideal?
Make sure your running the latest version and make sure you have the latest version of other scripts and applications too.
As stated above, I am running the latest version (1.2.12).
As far as plugins go, I'm only running four:
MYPS 1.22
Recent Threads on Profile 1.6.1
Unread PM Notification 1.0.2
YouTube BBCode 1.0
Hmm...
Check your filesystem for files that don't belong. They may have a backdoor. Also check your usergroups to make sure no one else has admin access. And also chmod inc/config.php to 644 so it's not writable. There really isn't a need for that file to be writable once mybb is installed.
And yeah..raw log files may help expose any exploits.
I also suggest that you change any FTP, cPanel, and database passwords (if you change this you also need to update inc/config.php).
This does seem to be an odd hack though. Typically, a hacker wouldn't just change and hide the admin directory, since the site owner can obviously see where the admin directory is...
Changing the admin directory would require them to have, at least, FTP access (presuming your MyBB installation isn't writable). Have you given out FTP details to anyone? Is your FTP password the same as your forum login?
jedk Wrote:As stated above, I am running the latest version (1.2.12).
As far as plugins go, I'm only running four:
MYPS 1.22
Recent Threads on Profile 1.6.1
Unread PM Notification 1.0.2
YouTube BBCode 1.0
Hmm...
Even if that is the case, there's always a period of time between the exploitable version and the fixed version. There is always a chance of still being hacked within that time frame.
ZiNgA BuRgA Wrote:This does seem to be an odd hack though. Typically, a hacker wouldn't just change and hide the admin directory, since the site owner can obviously see where the admin directory is...
Changing the admin directory would require them to have, at least, FTP access (presuming your MyBB installation isn't writable). Have you given out FTP details to anyone? Is your FTP password the same as your forum login?
You misread. The things I listed are what I did in order to prevent anyone from hacking my board. What they actually did was mess with my index page, delete some users, change admin passwords, etc.
Tikitiki:
Not sure what you mean. I've been upgraded to the latest version of MyBB for a long time now. Which time frame do you speak of?
Anyway, all suggestions have been executed: password changes, etc. So far so good.
Thanks for the support.
