MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.4 > MyBB 1.4 General Support > how to prevent Sql Injection in MyBB
Full Version: how to prevent Sql Injection in MyBB
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

mbalire

2010-09-24, 08:09 AM
my forum has been hacked and when you loin the home page appears for some seconds and then the index page changes to the index page of the hackers displaying his images and other information. i have tried to delete it and restore the backup copy and it worked but the hosting system admin has talked me that they is lacking of filtering of Sql Injection which the person uses to change the index.so i need your help of solving it.


http://americandream.in/

version 1.4.9

Alan S.

2010-09-24, 08:25 AM
There have been security updates since 1.4.9, update to 1.6, or at least 1.4.14

Cayo

2010-09-24, 08:27 AM
First of all, you should consider about updating your MyBB - at least to the latest 1.4.x version Wink
Furthermore, this tutorial (Administrating MyBB - good practices) could be also useful for you.

Matt

2010-09-24, 09:46 AM
You're running a version over a year old, where there have been 5 versions released after yours, and you're asking how to prevent SQL injections?? Should be obvious you need to upgrade.

SQL injections are prevented in the code, by things being escaped properly. I don't think any SQL injection vulnerabilities have been fixed since 1.4.9 though, you could have been hacked via something else, a plugin, or your host, but running a version so old isn't going to be doing you any favours.
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.4 > MyBB 1.4 General Support > how to prevent Sql Injection in MyBB