rum was hacked by hackers, before that hackers have sent an email to my email he says there are bugs in MyBB post thread, and calendar, and I find tutorials on a hacker site, this is it
http://www.spyrozone .net/hacking/2011/01/how-to-upload-webshell-via-mybb-control-panel.jsp
HOW MyBB forum to enhance security?
sorry my bad english , because i come from indonesia
They can only do it if they have admin access...
This is the one thing that has plagued mybb's security for awhile but if they never gain admin access it doesn't really matter.
but.why they can get the admin password and username?
Please, let me know how to improve security in MyBB?
Don't know honestly. I'm not aware of security issue regarding that at this time. It may have been a badly coded plugin for all I know. I would recommend contacting the staff through the contact form with more information about your site.
http://www.mybb.com/contact
All that that "hack is" is arbitrary PHP execution in the templates system. Labrocca raised the issue a long time ago and I believe it was already fixed (I could be wrong).
Anyway, the hack's not much use unless ( as said above) the attacker somehow gains access to your ACP or you download a theme from a shady site with this kind of content.
Also, that was posted back in January 2011 - just to let you know
(2011-06-08, 07:35 AM)euantor Wrote: [ -> ]All that that "hack is" is arbitrary PHP execution in the templates system. Labrocca raised the issue a long time ago and I believe it was already fixed (I could be wrong).
Anyway, the hack's not much use unless ( as said above) the attacker somehow gains access to your ACP or you download a theme from a shady site with this kind of content.
Also, that was posted back in January 2011 - just to let you know
I use a theme Breeze, and Breeze theme is the result of converting from vBulletin skins, I download these themes from mybbvn.com
You're probably al-right
MyBBVN is fairly well known. If you want to double check, you can sue the search in templates tool to look for suspicious code like that outlined in the post you linked to.