(2011-06-18, 04:45 PM)labrocca Wrote: [ -> ]Entry could have been at many levels. From the server, to the services, to the site. It takes a seasoned system admin to figure it out.
Simply buying VPS with a control panel and installing a script doesn't give you any protection or insight on how security works.
I wish you luck.
FYI... I'm not using any control panel, script or whatever you say... Just MyBB... yes, just MyBB 1.6.3.
MyBB is not a perfect system. There is a bug in the polling system, even in the current version. I hope you find it...
In previous versions there are many forums that got hacked, and you always deny there are bugs in MyBB. Until MyBB released version 1.6.3 and tell if there is a bugs on MyBB, Sql inject ...
the reason I still use MyBB because I was too lazy to convert my forum with 19,000 members to other forum software...
Reference :
http://blog.mybb.com/2011/04/17/mybb-1-6...ty-update/
Thanks,
(2011-06-18, 05:06 PM)alzea Wrote: [ -> ]you always deny there are bugs in MyBB.
Nobody has ever said this...
(2011-06-18, 05:06 PM)alzea Wrote: [ -> ]FYI... I'm not using any control panel, script or whatever you say... Just MyBB... yes, just MyBB 1.6.3.
So you don't have Apache installed?? Interesting.
(2011-06-18, 05:06 PM)alzea Wrote: [ -> ]you always deny there are bugs in MyBB
Yes, that's why we have a site dedicated to bugs. Silly me.
Obviously there were bugs and security issues in other versions, which is why we fix the issues and release an update. If you're so sure you were hacked due to an issue in MyBB, please prove us all wrong and post the vulnerable code in this thread. Because unless you can do that, unless you can give the specific piece of code that caused the issue, then your argument that MyBB is to blame holds no water at all. Notice that at no point have we said that MyBB definitely was not to blame, but until you can prove that it was, you cannot say that MyBB was definitely to blame. You also assume the plugins you use are 100% secure. Funny how you point the finger at us but don't give them a second thought.
Quote:FYI... I'm not using any control panel, script or whatever you say
So no FTP, Cpanel, VPS login, Apache or anything? Does your site work from thin air?
It's like I said. You have a very poor understanding of web security. No one stated it can't be MyBB but it can be a plugin, script, service, or even the server. Heck even possible to be the host even as a VPS they've been known to have jailbreaks to the server. They are not 100% secure. Nothing really is.
Your problem is you're finger pointing without any valid proof. I'm straight up telling you that unless you can produce some sort of evidence about your penetration no one can help you. You are asking for help.
Quote:How could this happen?
No one knows. That's the answer. And it's not MyBB's responsibility to figure it out.