MyBB Community Forums

Hi,

I was hacked. www.christianradio.me.uk

How can I recover from a hacked board?

Thanks. God Bless.

I just downloaded the security update.

I did save a backup of the database files. Can I reinstall those files then update with the security patch?

Aaron.

Did they just close the forum or did they delete it? if they just closed it go to http://www.christianradio.me.uk/mybb/admin/index.php and open it again.
If they deleted it you can insert the backed up database files into the database again using phpMyAdmin or something.

Mine just got hacked as well. Problem is that whoever did it somehow took over the administrator user and password. Mine no longer work. What's my next course of action? I've disabled the index.php that gets people into the board but have no clue what to do next.

Art Martin

I would goto phpMyAdmin and restore the database that way. If you don't know how(I don't) go into the Cpanel and click on backups then restore a database.

If I go into phpMyAdmin, do I lose all the forums, threads, etc? I'm really a newbie here and am way over my head. I've enough database background that I've been able to go into database tools offered through my web host and delete the user that created the problem. Looks like he deleted my user name as well though.

Art

Ok, where's phpMyAdmin? Do I need to be on a linux website to have that?

Art

Do you have Cpanel? If so, phpMyAdmin is in Cpanel.

To see if you have Cpanel, try this: http://www.[YourDomainName].com/cpanel - that's generally where Cpanel is on most servers.

And if you do have Cpanel, phpMyAdmin is usually installed here: http://[YourDomainName].com:2082/3rdparty/phpMyAdmin/index.php

Let us know if you have phpMyAdmin and have access to it (test it by working out URLs fitted to your domain like thee above). From there we can try and help you fix it.

If it ends up that neither of those work on your domain (Cpanel/phpMyAdmin) contact your host and ask them where phpMyAdmin is located or something else that you can access MySQL databases by.

Hi guys,

Thanks for your help.

Yes, my hacker deleted the user name. I have a .csv file about 12 megs that unfortunately does not seem to be restoring correctly.
error:
Fatal error: Allowed memory size of 16777216 bytes exhausted (tried to allocate 13629432 bytes) in /data/members/paid/c/h/christianradio.me.uk/htdocs/www/phpmyadmin/libraries/read_dump.lib.php on line 23

So. Can I edit the table by hand (with phpmyadmin)? If so what table and what field do I edit?

phpMyAdmin 2.6.4

This user deleted all users. And now when I click on the login page it doesn't even give me the form to login it refreshes to the closed forum screen.

I updated config.php to match the mybb_users. usergroup value is 4 yet I still cannot login.

The hackers IP 80.82.54.188 username xakep

User goes by Ph!1lipp3

Here's my hackers Golden Information.


http://www.christianradio.me.uk/miscimages/hacker.JPG

What else can I do to make my bb safer from attacks?

Thanks. God Bless.

Aaron.

I apparently don't have cpanel. The hosting service (Brinkster) does offer a database manager and 20 minutes ago I was able to access the MYSQL tables for MyBB. I found the MyBB_Settings table and updated the values for closing the forum and the message it presents. (the guy had put a nasty message on the closed screen). However, it still appears locked. My forum and administrator username is gone. (I was uid = 1 and that isn't in the MyBB_Users anymore). Now I can't even get into the MYSQL tables anymore so I have no idea where things are.

The good news it appears none of the forums or messages were deleted. Just have to figure out how to get back into the admin functions.

Art

Well back in the sql server now. The jerk deleted all the forums. The posts and threads are still there but the relationships are all missing now.

Here's the idiot's ip address if any of you know how to take revenge:

80.82.54.188

Ah just looked at the other post. Same info from the guy. Hope someone finds him and nails the dude.

Art