MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > How to implement security with MyBB 1.6
Full Version: How to implement security with MyBB 1.6
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

SteelD

2010-10-12, 03:26 PM
Apologies if this information is already posted somewhere but I have searched and browsed and there is nothing obvious for version 1.6 though I daresay that the principles are the same.

I have a seldom used MyBB 1.4 forum that I looked at last evening and found that it had been hacked. The index.php files had been overwritten with something else that displayed a scrolling banner. Everything else, including the data appears to be there, so though it's a pain in the backside to sort out, I haven't lost everything.

So, I am going to start afresh with MyBB 1.6, export the data from the old and import into the new BB, and employ tighter security. I have used CHMOD when setting up MyBB but once I have everything set up, how may I lock it down as much as possible? I am not an expert in htaccess files but I guess that this is another option. I'm sure I saw a document explaining how to implement good security several months ago but cannot find it readily. So, can somebody point towards a procedure of what files should be secured with what security? Ideally, in words for somebody who isn't a Linux expert.

Thanks!

faviouz

2010-10-12, 03:35 PM
http://community.mybb.com/thread-44977.html
http://mattrogowski.co.uk/2009/06/24/myb...en-hacked/

Read both. Lots of cool tips. Smile

SteelD

2010-10-12, 03:39 PM
Excellent. Just the material I am looking for.

Many thanks

David

Matt

2010-10-12, 05:37 PM
What version of 1.4 were you running??

SteelD

2010-10-12, 07:07 PM
I've not got the Admin CP up and running yet to see what it reports but the admin index.php says "index.php 4163 2008-08-31 16:57:07Z Tikitiki"
It appears to have been hacked by "H4cK3d By nO lOv3"/"nO>==== Team.aanT!. ViruS====<nO" and it also says Algeria. I really want to get to the Admin CP but running any scripts there seems to swap in their hacked file no matter what I do. I suspect that there is something lurking in there like a .htaccess file doing some kind of redirection but I'm not expert enough to track this down. :o(

Anybody any pointers for me?

TIA

Matt

2010-10-12, 10:07 PM
Look in ./inc/class_core.php, what version is in here?? You'll see something like this:

public $version = "1.6.0";
public $version_code = 1600;

Reupload a new copy of ./index.php, seems to be the only page with the problem, other pages are fine.

FBI

2010-10-12, 11:38 PM
I think is your server related security, not MyBB itself Wink
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > How to implement security with MyBB 1.6