Hey guys,
My partner runs a forum thats still on version 1.03, what's the procedure for upgrading from a version this old?
She's just had her site hacked by some 13yr old tw@ (no doubt), that thinks they are 'elite' just because they can code some javascript *sighs* and take down a baby discussion forum.
Updated.
Quote:She's just had her site hacked by some 13yr old tw@ (no doubt), that thinks they are 'elite' just because they can code some javascript *sighs* and take down a baby discussion forum.
I'm 13, and I don't do those kind of things.
BTW, check the title out:
www.coolestech.com/forumz
"Coolest Tech Forumz (Powered by MyBB 1.1.4, hacker proof)"
lol!
Well that's a bit optimistic though
Forum just got hacked today. Didn't notice there was a security update =/
Need to make sure I check this site everyday.
The "hackers" added a post to portal (news forum) under an admin account. Nothing else seems to be out of whack yet but going through and checking everything still.
I think I caught it pretty early before they could really do anything.
Looks like they managed to create 2 admin accounts somehow and put a post up with one of the legitimate admin accounts.
I just upgarded to 1.1.4 from 1.1.3 but it still says 1.1.3 in the admin panel. Is this okay?
So far I've
- removed the unauthorized admin accounts
- upgraded 1.1.4
- changed my ftp and directadmin passwords
- changed the .htaccess password to the admin folder
- changed the name of the admin folder from gibberish to more gibberish
- changed my database passwords
Anything else that I should do?
Thanks!
Shochu Wrote:Forum just got hacked today. Didn't notice there was a security update =/
Need to make sure I check this site everyday.
The "hackers" added a post to portal (news forum) under an admin account. Nothing else seems to be out of whack yet but going through and checking everything still.
You could also sign up for the newsletter.
http://www.mybboard.com/mailinglist.php
Shochu Wrote:I just upgarded to 1.1.4 from 1.1.3 but it still says 1.1.3 in the admin panel. Is this okay?
Thanks!
As long as you have patched usercp.php, it's fine. The version number update is optional and to your preference.
By the way, you can also check the "Latest Version" page in the Admin CP.
Quote:I just upgarded to 1.1.4 from 1.1.3 but it still says 1.1.3 in the admin panel. Is this okay?
As long as you placed all of the correct code in it's correct spot, you should be fine, the Version Number is just a variable in functions.php.
I always customize my version numbers, just for fun.
Right it's set to "1.1.4 Customized"
I would also recommend that users set the "default administrator" settings to all "No" and set the individual permissions for your administrators individually. This prevents malacious users from inheriting all the default permissions if they do succeed in getting into an Administrator usergroup.
and how can i change the default permissions?