MyBB Community Forums

Hey guys,

My name is Swank and I am the webmaster of http://forums.webproxytalk.com. I have always been a fan of MyBB and love the feel of it.

I will go straight into the specifics, my site WPT got hacked yesterday when I was using 1.4.2 version. What happened was the hacker managed to get in and change the #1 admin user and password to something else, after I got my dedi host admin to restore the forum, the hacker hacked the system again after 5 mins. We finally managed to restore the forum and update the system to the latest MyBB 1.4.4 version.

However today the site got hacked again even with the latest version of MyBB, this time round the hacker decided to drop the whole Mybb_users table. My server admin restored the site again and we deactivated all plugins as we thought the hacker might have gotten in through one of the plugin loopholes. With that we even changed the cPanel and FTP password. After doing the above, 15 mins later the hacker hacked the site again and dropped the mybb_users table.

I have no idea how the hacker managed to keep consistently hack into the forum. The hacker emailed me and sent me the message below:

"Check the web will be continuous, if the admin provide 1 map for bags, bags will not do any more complaints and help fix errors Site"

I have no idea what he meant by that. When I asked him to stop hacking the site and to fix the errors, he wants me to pay him thousands of dollars to do that. Its really pissing me off.

Someone help me please, any advice is grateful. Thank you!

first of all protect your admin directory http://forums.webproxytalk.com/admin
the same problem happened with me and i found out that the dog was going there and trying passwords , which used to make my user a normal user not admin .
Protecting your forum should be from your cp , in addition to some security addons found in http://mods.mybboard.net/mods/admin-panel

if the problem persist ., i guess you should change ur hosting

I will rename the admin folder now. Between WPT is hosted on my own server so I cant change hosting.

Here are some further information I have gathered:

The hacker did not hack into any of my admin accounts to get into the database, I can verify this because I changed all the admin account passwords today to very long complicated passwords. I believe the hacker got directly into the database and phpmyadmin.

Well, the hacker has apparently admin access to your hosting account/database since he can drop tables.

First, change your hosting account password to something REALLY difficult and hard to crack. My suggestion is to use this password generator: http://www.pctools.com/guides/password/. Do NOT share this password, do not put it in your email. Memorize it like your phone number and address.

Next, change the database user's password to something difficult but do not use the same password as your hosting account. Actually, I like to have REALLY complicated database passwords. For example: k4|#XfwB<-yN

That's the best advice I can give for dealing with hackers.

The person who hacked your account has your passwords then - Change all your passwords and make sure they are STRONG passwords. Also make sure you've got all the security patches and any other programs on your host are up-to-date as well.

How do I change the datasbase user's password? I am using cPanel but do not see any option to change the database user's password. Thank you so much for all your help so far, I really appreciate the quick response and help

Changng your database password is done by using ur domain control panel , and when you finish changing it in the cp , go to mybb/inc/config.php and write ur new password here :
$config['database']['password'] = 'newpassword ';

(2008-12-21, 07:59 PM)Swank Wrote: [ -> ]How do I change the datasbase user's password? I am using cPanel but do not see any option to change the database user's password. Thank you so much for all your help so far, I really appreciate the quick response and help

In CPanel, you have to delete the user altogether and then re-create the user with a different password. Don't forget to re-add the user to the database and add all the permissions again.

I'd suggest downloading all files in your hosting account to your pc, then deleting all the php / html files, and uploading a new copy of mybb, along with any customizations that you've made.

He keeps getting in some way, either he has your password, or has left some files on your hosting account that allow him to read your config.php file.

You might have a trojan bud.