MyBB Community Forums 1.8 Support Security Management and Support v
fixed

Threaded Mode
fixed
Authority Offline
Posts: 41
Threads: 24
Joined: Mar 2019
Reputation: 1
#1
2019-09-08, 02:51 PM (This post was last modified: 2019-09-17, 04:01 PM by Authority. Edited 2 times in total.)
fixed
Find
Reply
KimChoJapFan Offline
Posts: 11
Threads: 4
Joined: Jan 2017
Reputation: 0
#2
2019-09-08, 03:00 PM
Did he also manage to delete the access logs, if not then you can check those out and see if there are any strange queries from around the time you noticed the site got backdoored.

This will determine if the vulnerability was in the MyBB code or in a vulnerable plugin that you had added to the forum.
Find
Reply
Nathan Malcolm Away

Former Staff
Posts: 13,611
Threads: 220
Joined: May 2010
Reputation: 541
#3
2019-09-08, 04:00 PM
Very doubtful that he "used a backdoor in mybb". Considering the fact you're asking how to prevent it from happening again instead of requesting the team fix this alleged backdoor, it sounds like you don't know how it happened.

If you're going off his word, perhaps consider that someone malicious enough to destroy your forum might also be a liar.
No longer involved in the MyBB project.
Find
Reply
Ashley1 Offline
Posts: 2,136
Threads: 103
Joined: Oct 2015
Reputation: 223
#4
2019-09-08, 04:10 PM
Sounds like he used the frontdoor instead of a backdoor.
What goes around comes around
Find
Reply
User 6029 Offline
Posts: 1,001
Threads: 55
Joined: Nov 2006
#5
2019-09-08, 06:30 PM (This post was last modified: 2019-09-08, 06:32 PM by User 6029. Edited 2 times in total.)
Just a thought while enjoying some cookies, but perhaps look at your server and or any possible human related issues that may have compromised your security details and any potential issues found there first rather than assuming mybb as the potential initial culprit. Best of luck.
Find
Reply
NoRules Offline
Posts: 798
Threads: 25
Joined: Jun 2006
Reputation: 77
#6
2019-09-08, 06:52 PM
Hi,

(2019-09-08, 02:51 PM)Authority Wrote: anyone know how i can prevent this from happening again?
https://docs.mybb.com/1.8/administration...rotection/

(2019-09-08, 06:30 PM)vintagedaddyo Wrote: Just a thought while enjoying some cookies

Cookies....., yummy!
I don't answer questions about localhost forums or forums without URL, I'm not a seer.  Cool
Find
Reply
0xB9 Offline
Posts: 48
Threads: 4
Joined: Feb 2018
Reputation: 3
#7
2019-09-15, 08:08 AM
Did this dude you know ever have access to your FTP client or web hosting CP? Sounds like he uploaded a web shell, not a flaw in MyBB.
| Twitter | GitHub | Exploit-DB |
Find
Reply
s3_gunzel Offline
Posts: 3,101
Threads: 57
Joined: Dec 2011
Reputation: 114
#8
2019-09-15, 09:54 AM
(2019-09-15, 08:08 AM)0xB9 Wrote: Did this dude you know ever have access to your FTP client or web hosting CP? Sounds like he uploaded a web shell, not a flaw in MyBB.

If he has access to the FTP, it's not a web shell. It's as easy as uploading a new index file with header location in it.
[Image: kAhpvOW.png]

About Me | About My Business
Website Find
Reply
User 6029 Offline
Posts: 1,001
Threads: 55
Joined: Nov 2006
#9
2019-09-15, 09:55 PM
(2019-09-08, 06:52 PM)NoRules Wrote:
(2019-09-08, 06:30 PM)vintagedaddyo Wrote: Just a thought while enjoying some cookies

Cookies....., yummy!

Indeed... Cool
Find
Reply
0xB9 Offline
Posts: 48
Threads: 4
Joined: Feb 2018
Reputation: 3
#10
2019-09-16, 01:20 AM
(2019-09-15, 09:54 AM)Ben Cousins Wrote:
(2019-09-15, 08:08 AM)0xB9 Wrote: Did this dude you know ever have access to your FTP client or web hosting CP? Sounds like he uploaded a web shell, not a flaw in MyBB.

If he has access to the FTP, it's not a web shell. It's as easy as uploading a new index file with header location in it.

Correct, but in his original post he said that the guy didn't have any access or passwords at the time the site was hacked. That's why I asked if the guy ever had access in the past.
| Twitter | GitHub | Exploit-DB |
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)