Not really, its a core feature.
I have already PM'ed you with my solution.
I saw it, I would really like to try that but I am not able to at this moment.
Umm I checked my IP logs and found the hacker constantly using the "Password reset feature". I saw a few server based IPs trying it again today.
This is solved for now but i thought I'd let you know again.
You don't need FTP for file changing. That's what shells are for. My guess is that when you were originally hacked they installed a shell and you never removed it. Whatever exploit you originally had....you still have. I can guarantee you that MyBB is not at fault. At least not if you're using the latest version.
And host or not you can do a daily backup on your own. Most hosts do not take responsibility for backups.
Plus add .htpasswd secured access to your admincp. So even if they get a login with sql injection or shell they can't get into the admincp. That's not to say they can't pwn you with injection or the shell but at least they don't have admincp tools to make it easier. Most of these people are skids that without step by step instructions have no idea how to do anything.
(2011-02-06, 09:04 PM)labrocca Wrote: [ -> ]Plus add .htpasswd secured access to your admincp. So even if they get a login with sql injection or shell they can't get into the admincp. That's not to say they can't pwn you with injection or the shell but at least they don't have admincp tools to make it easier. Most of these people are skids that without step by step instructions have no idea how to do anything.
Yeps,
the easiest way to protect your admin folder.
file .htaccess
AuthType Basic
AuthUserFile "/home/site.com/public_html/admin/.htpasswd"
require valid-user
and file .htpasswd
your_username:password.