MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.2 Series > MyBB 1.2 General Support > MAJOR PROBLEM > user can login to admin
Full Version: MAJOR PROBLEM > user can login to admin
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3

Camron

2006-05-06, 04:51 PM
Ok guys I use mybb on my forum. Something is real messed up and for some reason someone keeps logging into ALL of my admin's on the forum. We have changed our password NUMEROUS times but nothing?? He logs in even if our password is 25 characters. Are there security issues with mybb? I would like to know because right now my forum is at steak.

Please help or I may have to move my forum to a different software.

Camron

zaher1988

2006-05-06, 05:03 PM
Is he entering the admin cp ? or he is using your account ?

regards

Galen

2006-05-06, 07:25 PM
How exactly do you know he's doing this?

Dennis Tsang

2006-05-06, 08:11 PM
What version of MyBB are you using?

Camron

2006-05-06, 10:18 PM
I am using the latest version of IPB. I don't know if he can access the admin cp but he is editing people's post with my account and my other admin's account. He logged into the other admin's account and posting "I am going to hack this whole site" but then he logged into my account and posted below it that I would do it too?? So i am not sure how he is doing this. It's kinda freaking me out Confused

Dennis Tsang

2006-05-06, 10:31 PM
Are you using IPB or MyBB? For IPB support go to their site at www.invisionboard.com or something. If you use MyBB, can you tell me exactly what your version number is (see the Admin CP homepage, or the Version Check page).

Galen

2006-05-07, 04:57 AM
Either way, you have his IP address don't you? Block him via .htaccess

DENY FROM user_ip_address

Or better still, he's most likely a script kiddie and not smart enough to use a proxy. Lookup the WHOIS information on his IP and e-mail the abuse department of his ISP, noting the date, time, and IP he's coming from. It's been my experience that ISP's suspend accounts first and ask questions later.

Camron

2006-05-09, 03:39 AM
Sorry I mean mybb, I am using mybb latest version. I used to use ipb thats why i said ipb, sorry. Also I block him and I still get the same problem, he can log into my account and all the other admin's. Is he using proxy with our ips to cheat cookies in firefox?

Galen

2006-05-09, 06:44 AM
Are you able to place Apache password protection on the /admin/ directory ("password protect directories" in cPanel)? If so, do it. Or, you could allow only yourself to enter if you have a static IP address. Place this in a .htaccess file in the /admin/ folder:

DENY FROM ALL
ALLOW FROM your_ip_address

This would stop him for now at least until you can figure out how he's doing this.

zaher1988

2006-05-09, 08:46 AM
ip ban isn't the fix we look after, we need more info from camron to determine, wether it is a mistake he did, let's say impropriate permissions, or a failure from mybb software side (with i really doubt).

So cameron, is that user using your accounts or he is accessing admin cp with his normal user account.

Moreover how did you know that he is accessing the admin cp or using admins accounts.

regards
Pages: 1 2 3
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.2 Series > MyBB 1.2 General Support > MAJOR PROBLEM > user can login to admin