MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > Admin Help
Full Version: Admin Help
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

John404

2011-01-11, 05:46 PM
Hi,

I've recently installed myBB on my forums..(My friend did it for me), and he installed 1.6.0 since the exploit was out, and just incase I changed the cpanel pass, he would use the vulnerability exploits in 1.6.0 to get administrator again, so.. should I upgrade to 1.6.1 THEN change the cpanel pass?(The cpanel is fully mine)


Also, how would I go about getting administrator on my forums? He registered first, so he automatically became an administrator..(I think that's how it works by looking at the installation guide), how would I do this? I want to delete all accounts and make myself an admin.(I'm already an admin, but I don't have full features like he has)

I need help,
Thanks.

Yaldaram

2011-01-11, 05:57 PM
Open ./inc/config.php and find;
$config['super_admins'] = '1';
and change 1 to your own UserID, most probably have 2

- G33K -

2011-01-11, 06:52 PM
(2011-01-11, 05:46 PM)John404 Wrote: [ -> ]Hi,

I've recently installed myBB on my forums..(My friend did it for me), and he installed 1.6.0 since the exploit was out, and just incase I changed the cpanel pass, he would use the vulnerability exploits in 1.6.0 to get administrator again, so.. should I upgrade to 1.6.1 THEN change the cpanel pass?(The cpanel is fully mine)


Also, how would I go about getting administrator on my forums? He registered first, so he automatically became an administrator..(I think that's how it works by looking at the installation guide), how would I do this? I want to delete all accounts and make myself an admin.(I'm already an admin, but I don't have full features like he has)

I need help,
Thanks.

You have to change ALL your passwords, including ftp, phpmyadmin, database, mysql root account if available, not just cpanel password. If you don't change the database password, he can easily log in to phpmyadmin and change his or your password and login again. I'm sure he got in due to that and not an exploit in MyBB 1.6.0.

You should also do an audit of all the user accounts on your forum and system for any hidden admins, as well as an audit of all the files on your www for any files that he may have put there as a backdoor to the forum.

Unless you do all the above there is no way of guaranteeing that he won't be able to log himself back in even after you update to 1.6.1 and then you'll claim again that it was a mybb exploit.

John404

2011-01-11, 09:37 PM
I've fixed it already and upgraded to mybb 1.6.1, thanks guys.
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > Admin Help