MyBB Community Forums

Hey all,

I've read some similar posts on this. Basically I have the problem where someone uploaded (actually created a folder) and uploaded about 10 files. Some very large.

They actually created a cgi-bin & php folder within the sub-folder of /forum/uploads/

I caught this pretty quickly and removed all those files. I'm kind of worried about logging into the admin now in case I missed anything.

I dont want my PW being sent off to them.

Could I possibly directly change the password via the md5 pass directly in the database and the salt?

Anyone have an example for the md5 & salt for say password "changeme"

?

Or am I being to paranoid? The pass is used elsewhere so this is why I want to change it directly via the DB and not login once with it and change it.

And will setting the uploads folder to 555 for now allow it to work correctly (show images) and not allow uploads?

I know this works on 1.4, might be slightly different for 1.2 but it should still work.

Run this query:

UPDATE `mybb_users` SET `password` = '098f6bcd4621d373cade4e832627b4f6', `salt` = '' WHERE `uid` = 'X'

Change the X to your user ID and make sure your table prefix is correct. This will turn your password to simply 'test'.

You should also consider upgrading to 1.4.4

And 555 should allow things to show fine, yes.

Yes I will be upgrading... Does the latest 1.4.4 require PHP 5 or still 4.3+ ?

Really appreciate that info Matt!

No problem... according to the requirements, PHP 4.3 should be fine

Do you happen to know what goes on with this hack? Why is it uploading a bunch of files and does it probably e-mail the admin password to them?

Would think a template would need to be altered?

---

Was this an issue in: v 1.2.12 ?

That is what I have now. will upgrade.

It's probably your host. Upgrading to 1.4.4 probably still won't solve the problem.

I'm not aware of anything majorly wrong with 1.2.12 but this could have been a host vulnerability and they managed to get access to your files via the host, not via MyBB. You should at least upgrade to 1.2.14.

Edit: Damn my typos >.<

What type of vulnerability could it be? This has me quite worried. Its a VPS and not shared.

From the 1.2.13 release thread:

Quote:MyBB 1.2.13 is a security update to the MyBB 1.2 series. It fixes 1 HIGH risk and 1 Medium risk security vulnerability.

I don't know what they were, but maybe if you had updated when newer versions were available, it wouldn't have happened... 1.2.13 was released over 10 months ago, 1.2.14 around 8 months ago, so you've been running on software that has known issues for a while....

Not good. Process of updating now. Is setting the board offline enough for now or should I rename the folder it is someone is trying to attack it?