Well, nowadays people can hack easily an admin account on MyBB. Idk how, but they can, i wonder if you can list the installers IP and create a .htaccess file in the admin folder contaning this:
<limit GET>
satisfy any
order allow,deny
allow from xx.xx.xx.xx
allow from xx.xx.xx.xx
require valid-user
</limit>
Just change the xx.xx.xx.xx to IP's IF that works, because i'm still a newbie to PHP & .htaccess.
Technically, what this does, it only allows the installers IP and if there is any other admin, to access the Admin. So there is a safer way to not getting your forums destroyed.
(2009-12-31, 05:11 PM)wubaz Wrote: [ -> ]nowadays people can hack easily an admin account on MyBB.
Um... what?? No they can't. Let's not worry people with false information when you even said yourself you don't know how it happens, eh??
(2009-12-31, 05:19 PM)MattRogowski Wrote: [ -> ] (2009-12-31, 05:11 PM)wubaz Wrote: [ -> ]nowadays people can hack easily an admin account on MyBB.
Um... what?? No they can't. Let's not worry people with false information when you even said yourself you don't know how it happens, eh??
Happened me 2 times, my friend once and another forum that i
used.
Any software is vulnerable to weak passwords, chap.
And based on that it means MyBB is always easily hackable, just like that?? How can you be so quick to blame the software and not consider whether it could have been something you did?? I wonder why we don't have loads of threads each day saying people have been hacked then if it's such a simple thing to do... most of the people who get hacked are running old versions with known security issues, have insecure passwords, overly generous CHMODs, insecure plugins, or a hacker gets in via something other than MyBB, a 3rd party script installed on the server or something. I used to fall off my bike lots, doesn't mean that all bikes in general are dangerous and all people are going to fall off, just because it happened a lot to me. Saying MyBB is easily hackable is just incorrect and will just worry people unnecessarily. Plus you can't backup your claim with any real evidence or proof, you admitted that yourself.
As for the suggestion itself, sure it'd physically work, but it's nearly useless if you have a dynamic IP, or use lots of different computers, and seeing as users would have to put this information in themselves, I'm not sure what we could exactly include as default...
The acp of those forums you mentioned might have been compromised due to a weak password, easily guessed or brute forced which has nothing to do with mybb. I can say with compentence that Mybb is pretty secure in every direction and what ''s more the acp has got another added layer of security that allows you to rename the acp folder and remove the link from the board which it will make it harder to get hacked by the ways mentioned above.
A tutorial for this would probably be best. This would require a lot of customization if you have multiple admins, in multiple locations.