Allow me to explain ...
A hacker was able to make themselves admin, god knows how, without using my account (the only admin account on the forum.) They then proceeded to ransack my templates, and redirect the entire forum to a porn site.
How is it a user could possibly do this? I was running 1.01 - would this have to do with the 1.02 update, and not yet having updated?
Luckily the fool, who masked his IP address, was caught in the admin log - he left his IP, and even a username.
I'm stuck in a bind though - I can't reopen my forum until I can be sure this can't possibly happen again. The typical user of my forum is under the age of 15.
Any help is greatly appreciated.
- Evan
Use htaccess to ban his IP
It could do with the upgrade since someone can examine the differences between the two and use the weakness in your older copy.
Look at your server logs (ask host or in CPanel) and look for any mention of the IP you have. You should either post some of the details here or send to developer.
can you link us your forums?
upgrade to 1.0.2 has some security patches but there have not high risk (only XSS ) and a long period of hacking can hack your forums by this method
upgrade your forums and waite for more security releases.
http://v-habbo.com/forum/
I'm going to upgrade now. I still have no idea how this could possibly happen. The person did prune the admin log though, but still left around 6 or 7 actions with his real IP.
Hmph.
Wow. That would suck. Hope that everything's ok now. BTW, what's a "habbo"?
Quote:upgrade to 1.0.2 has some security patches but there have not high risk (only XSS ) and a long period of hacking can hack your forums by this method
It also has some updates in regards to SQL injection.
evo, I'm interested in the IP address and username which were used in this attack, as well as any server (Apache/IIS or whatever) logs you have available. Send me a PM.
Make sure you update your forums to 1.02 - and subscribe to the mailing list so you are alerted of new versions.
imei Wrote:can you link us your forums?
upgrade to 1.0.2 has some security patches but there have not high risk (only XSS ) and a long period of hacking can hack your forums by this method
upgrade your forums and waite for more security releases.
That sounds VERY concerning! Are you saying that MyBB is pretty easy for a dedicated hacker to attack?!?
I am getting ready to migrate my board to MyBB, and because it is somewhat controversial, it will almost certainly be targeted by hackers on occasion. I *need* a board that is rock solid in terms of security - so if there is some frailty of MyBB, I really need to know about it.
- Dan
Let's put it this way: MyBB beats every free BB and most of the "paid" ones.
Plus, a patch was released the DAY AFTER I posted the XSS exploit to the public (found originally by imei).
Quote:That sounds VERY concerning! Are you saying that MyBB is pretty easy for a dedicated hacker to attack?!?
I am getting ready to migrate my board to MyBB, and because it is somewhat controversial, it will almost certainly be targeted by hackers on occasion. I *need* a board that is rock solid in terms of security - so if there is some frailty of MyBB, I really need to know about it.
There isn't anything we know about.
The way I interpreted imei's post was that he meant there are security issues up until 1.02 - so you should be using that version.
i am also baffled as to how this could have happened.. how long did it take the hacker to do all those nasty stuffs?? was it when you woke up the next day everyting's changed?
Quote:A hacker was able to make themselves admin, god knows how, without using my account (the only admin account on the forum.) They then proceeded to ransack my templates, and redirect the entire forum to a porn site.
unless the hacker had access to your admin account, created his own admin account, did all the things you mentioned, and then deledeted his own account, all these actions are possible to do and doesnt take long.. (perhaps ftp access as well).. but if it's hacking in terms of script/sql injections, etc.. it's not that easy to do all those things.. so yeah the hacker could've gotten administrative access..