Hacking my myBB
1 - delete user, NOT DATABASE
2 - recreate user with different password
3 - open up inc/config.php from your server and find:
$config['password'] = "passwordhere";
replace passwordhere with your new user password.

if you also changed the usar name, find:
$config['username'] = "usernamehere";
and replace usernamehere with your new username.
It's sorted, thanks for your time. Smile
Posted a similar thread in bugs after my forum got hacked. I have the logs if any of the developers want them.
If you have logs of some people accessing URLs that could have led to SQL injection or similar exploits, please feel free to let us know...
Dennis Tsang
Former MyBB Team Member
Web: http://dennistt.net
We got hacked. I was locked out of admin, and now I even seemed to be locked out by my domain. I've been getting this error:
mySQL error: 1045
Access denied for user '...'@... (using password: YES)
but I don't know if this has anything to do with it.

I have read some threads on this board about it, and dare say I'm not confident about being able to carry out some of the suggestions. Or even that I understand them, as I'm not too literate in computer programming. But I will have a go.

I've downloaded PR2 which I will upgrade as soon as I am know how safe it now is to back to using the board.

1)how confident can I be that we will be protected from this intrusion?
2) And how about this 'injection' thing, and about knowing what 'infection' is left on the db?
3) Is there a 'for dummies' way to effect these protections?Rolleyes


First hint of hacking were these messages on 14th and 15th August. which, not knowing any better I sent to my ISP, who were no help:

(14 aug)
A user has tried to access the Administration Control Panel for .... They were unable to succeed in doing so.
Below are the login details:

Username: \' or 1=1 /*
Password: (MD5: d41d8cd98f00b204e9800998ecf8427e)

IP Address:

(and 15th Aug )
Username: \' or 1=1 /*
Password: (MD5: d41d8cd98f00b204e9800998ecf8427e)

IP Address:
Hostname: adsl-174-143-192-81.adsl2.iam.net.ma

More recently (two days ago) found myself locked out! And all other admin accounts were deleted. First I could go on and see the board, but then I was like I was banned and now I get the SQL error 1045 as quoted above.

Through the sql db I have found this user//email: (which is now deleted)
Avt_Phenix // [email protected]

and through DNSStuff got this info: (though I don't know how useful it is)

domain: XAKER.RU
nserver: ns1.nextmail.ru.
nserver: ns2.nextmail.ru.
person: Egor B Polusmak
phone: +7 095 5063196
fax-no: +7 095 5063196
e-mail: ******@mail.ru
created: 2000.06.30
paid-till: 2006.07.03
source: TC-RIPN

There's loads of changes in admnlogs that I don't understand but if they might be useful I would send them to someone.

Grateful for useful responses
Check your inc/config.php and see if the hacker changed those values.
Dennis Tsang
Former MyBB Team Member
Web: http://dennistt.net
Those are really simple SQL injection attacks and I really hope myBB is now immune to something that trivial after the last patch *crosses fingers*

You might want to try renaming your admin directory to something other than /admin.

Here's the thread on how to do it


Make it as long and confusing as possible.

Forum Jump:

Users browsing this thread: 1 Guest(s)