A Admin of mybb forums hacked my forum some days ago cause of some problem we hade betwen each other.
and after that he hacked my email and hacked my forum :[
after that all i changed my databse evreything he hacked me again and maked a costum permison that all my general member that is in Elite group they gota have accses to Mod cp.
i undrestand that now as i saw my posts where like 300 and today it was like 250 then i serached Mod logs i found all Elite group members were Moderator
now i deleted that group and permision and maked a new group for members now i want to delet General member group but i cnat becuse thats standard hope somebody help me before other thing gota happen
cant help directly, but this is why i will never have another admin, at least not with anywhere near full privledges.
Ban him? And you weren't hacked, you just had a member of staff go rogue.
(2011-06-16, 03:59 PM)pyridine Wrote: [ -> ]Ban him? And you weren't hacked, you just had a member of staff go rogue.
Sir when somebody deface your forum with a picture of a guy jerking what you going to call it?
(2011-06-17, 06:43 AM)Chill Guy Wrote: [ -> ] (2011-06-16, 03:59 PM)pyridine Wrote: [ -> ]Ban him? And you weren't hacked, you just had a member of staff go rogue.
Sir when somebody deface your forum with a picture of a guy jerking what you going to call it?
I call it the picture of a guy jerking.
OT: pyridine is correct. This isn't hacking, you just picked the wrong person.
Instead of deleting groups, just change their permissions.
Quote:What to do if you get hacked
Upgrade to most recent release
Upgrading to the most recent release won’t solve the results of you being hacked, but it will make sure your forum is secure.
Reset passwords
Once you are able to, you should immediately change your forum password, and also the password to your database. This is to make sure that the hacker can’t just login to anything again; new passwords mean they’re back to where they were before. If you change your database password you will need to update it in ./inc/config.php too.
Check for new users
Check all new users registered after the time the hacker gained access to the forum; there may be a chance one of them has been added to a group with ModCP or ACP access, or they may have even created a new usergroup for a user. If you see anything like this, delete it.
Reupload all files
Download the MyBB package, and upload all of the MyBB files, except ./inc/settings.php. This will make sure that all of your files are clean, and there isn’t any malicious code in any of them. Make a note of any file changes you have made before doing this, though, so you can make them again after. This process will also make sure you have all the most recent files; you may have missed an important file in a security upgrade which contained the exploit that was used to hack you.
Check your CHMOD permissions
As above, check your CHMOD permissions after you have reuploaded the files. Make sure you’re not giving files or folders extra permissions that they don’t need.
Delete settings.php
Head to your ./inc/ folder and download your copy of settings.php… and then delete it from your server. It will be generated again, with the correct values from the database, and then we’ll know it’s a clean copy of the file, with no malicious code. You may need to click around on the forum a bit to get it to regenerate; the downloaded file is there so you can upload it again should it fail to regenerate automatically.
Rebuild config.php
You can manually remake your config.php to make sure it’s clean. Use this code to rebuild the file, and enter in your database details. Also make sure you change any other settings you need to, for example, the admin directory, hiding ACP links, or super admins.
Check your templates for malicious code
A common result of being hacked is having malicious code added to your templates, meaning it’s executed whenever a page is loaded. A common place for code to be added is the header, headerinclude, index, and footer template, as these templates are loaded the most. Check all templates, however, that aren’t default (have their name in green) and remove any code that isn’t supposed to be there. It’s usually in <script> tags and is usually a load of random numbers and letters. This should be removed as soon as possible.
http://mattrogowski.co.uk/?p=314
PM me if you would like me to help.