Well a member registered on my forums, while I was away. I am the only admin that has access to the ACP, he actually registered directly as the Admin, not only that he edited some templates but besides that everything seems to be fine, atleast that's what the Admin Logs indicate. It all seems really bizarre, I can't believe someone who has accessed my ACP, stays online for about 14 mins and then leaves with some template edits on only one theme. Not buying it. I'm really perplexed atm. Could anyone guide me on what to do?
http://mattrogowski.co.uk/?p=314
Read all of it. In this specific case though, you'll want to change all of admin account's passwords and look for hidden admin accounts the hacker may have created (by setting the display group to registered but the actual usergroup to admins).
(2011-05-29, 11:54 AM)faviouz Wrote: [ -> ]http://mattrogowski.co.uk/?p=314
Read all of it. In this specific case though, you'll want to change all of admin account's passwords and look for hidden admin accounts the hacker may have created (by setting the display group to registered but the actual usergroup to admins).
I've revereted all the template edits, the hacker made apprentyl he edited the "Search" templates. How can I asses the overall nature and damage of the attack? I mean the CPanel logs indicate no intrusion from any IP besides mines.
Check the Admin Logs in the ACP too to make sure no other changes were made.
If you reverted all the templates back to default, you should be fine. Make sure nothing else was changed.
I also recommend using
http://community.mybb.com/thread-94406.html which creates a fake admin directory and when someone tries to access it, their information is recorded and is emailed to you.
Oops, completely missed that. Good catch
So he registered as an admin right off the bat? That's extremely odd. Have you got a link to your forum? Also, what plugins have you got?
(2011-05-29, 12:28 PM)euantor Wrote: [ -> ]Check the Admin Logs in the ACP too to make sure no other changes were made.
I did, only about 3 edits were made, if there isn't anyway to prune these logs without making another log, I think it's alright. I don't why he only made changes to one theme while there was others, lol.
Edit; Yes that's how it went, I'd pass a link but for some reason my host is causing some issues atm, I have the basic plugins what every myBB forum uses (5-6 plugins in total) It was pretty hilarious to see another admin in the "New Member List" of the stat plugin. Haha.
(2011-05-29, 12:35 PM)faviouz Wrote: [ -> ]If you reverted all the templates back to default, you should be fine. Make sure nothing else was changed.
I also recommend using http://community.mybb.com/thread-94406.html which creates a fake admin directory and when someone tries to access it, their information is recorded and is emailed to you.
Why thank you for the link, With the minimum amount of changes he made, is it alright for me to contnue with this data base or should I try contacting my host for a recent back-up?
I think it's fine, if all he's really done is edit a couple of templates (which you just reverted).
Last question; I'm not mocking this hacker, but why even go through all the trouble for some basic template edits? It doesn't make any sense, plus I wan't online for a day so he had a whole day to do whatever he wanted.