MyBB Community Forums

Full Version: Avatar got hacked?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2
Today my forum got hacked. The hacker replaced all avatars with his own image. But not all the avatars changed, some still remain as usual... Huh

How could this happen? I only use two plugins, ezIRC and Sidebox with the most recent version. And I use MyBB version 1.6.3. And strong password, change admin directory, etc...

Note: I am using a VPS. Not shared host.

Thanks.
Sleepy
(2011-06-18, 03:54 PM)mobesta Wrote: [ -> ]whay mybb hack & hack & ...??? where is security in mybb 1.6.3 ????
Angry

Please dont flame, i need help...
(2011-06-18, 03:54 PM)mobesta Wrote: [ -> ]whay mybb hack & hack & ...??? where is security in mybb 1.6.3 ????
Angry

You know it's definitely an issue with MyBB do you??

Rolleyes

The best way of finding out what happened would just be to review your server logs.
(2011-06-18, 03:56 PM)MattRogowski Wrote: [ -> ]
(2011-06-18, 03:54 PM)mobesta Wrote: [ -> ]whay mybb hack & hack & ...??? where is security in mybb 1.6.3 ????
Angry

You know it's definitely an issue with MyBB do you??

Rolleyes

The best way of finding out what happened would just be to review your server logs.

Another way please?
I'm not really sure what other way you're expecting there to be. Someone did something on your server, logs are taken for a reason, you'll need to look at the logs and see what this person did. There isn't a big flashing message that will tell you what happened, it doesn't quite work like that.
Sleepy
(2011-06-18, 04:03 PM)MattRogowski Wrote: [ -> ]I'm not really sure what other way you're expecting there to be. Someone did something on your server, logs are taken for a reason, you'll need to look at the logs and see what this person did. There isn't a big flashing message that will tell you what happened, it doesn't quite work like that.

I mean, how this happen... Where is the hole... Sad
log files are deleted.
(2011-06-18, 04:10 PM)alzea Wrote: [ -> ]
(2011-06-18, 04:03 PM)MattRogowski Wrote: [ -> ]I'm not really sure what other way you're expecting there to be. Someone did something on your server, logs are taken for a reason, you'll need to look at the logs and see what this person did. There isn't a big flashing message that will tell you what happened, it doesn't quite work like that.

I mean, how this happen... Where is the hole... Sad

Again, you would need to look at your logs. I don't know how you expect us to be able to tell you what happened without looking at any information. Bit like trying to get a mechanic to fix your car without him looking at it, he's not a magician.

(2011-06-18, 04:10 PM)alzea Wrote: [ -> ]log files are deleted.

What, all your server logs?? Apache access logs, all gone??
Entry could have been at many levels. From the server, to the services, to the site. It takes a seasoned system admin to figure it out.

Simply buying VPS with a control panel and installing a script doesn't give you any protection or insight on how security works.

I wish you luck.
Pages: 1 2