Not Solved Mybb security issue!
#1
Not Solved
Dear folks, 

Actually Im getting attack on mybb 1.8.19
Here how things appears: 

Member is offline, (user Cpanel) but he is online less than one min.
If i search logs of the same member, I see he is hitting unreadPosts:
this in the last few hrs for unreaded posts: 48876 55.93% 1215 4.39%    4.58 MiB GET  HTTP/1.1 /xmlhttp.php?action=unreadPosts_getUnreads&fid0

Over 500 members are effected with being offline and showing online less than one min.
Note that, there IP's still showing the original one!

Now, If I change any of these members password, he will not able to keep showing online less than a minute.

Also I would like to ask about task.php 
what is this file used for and is it normal for it to be accessed by forum visitors directly (I see it in access.log).

Kindly advice.
https://mhhauto.com
World's most trustworthy automotive forum!
Reply


Messages In This Thread
Mybb security issue! - by mhh_rabih - 2019-01-30, 02:57 PM
RE: Mybb security issue! - by WallBB - 2019-01-30, 04:43 PM
RE: Mybb security issue! - by mhh_rabih - 2019-01-30, 06:50 PM
RE: Mybb security issue! - by frostschutz - 2019-01-30, 08:14 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)