Posts: 72
Threads: 20
Joined: Apr 2012
Reputation:
0
2012-07-25, 03:57 AM
(This post was last modified: 2012-07-26, 03:31 AM by RedCP.)
My forum board, , was hacked today.
Any way I can fix this? All accounts were deleted, and it seems I've been IP banned.
I know how to add security after all this was fixed.
I also cannot get on my laptop right now, which means no database backups.
Thanks a ton.
Posts: 8,509
Threads: 386
Joined: Feb 2011
Reputation:
279
Quote:Dear users of Script Station,
MyBB has failed us with it's tons of exploits, and someone (we've found you) has hacked the forums.
The database was deleted, a misconfiguration in my laptop also deleted the backup database servers I had.
Script Station is not over, we will stand strong. We are now upgrading to IP.Board, which is tons more secure and way better. It also has a nice mobile theme for all your mobile devices.
We will not let you all down!
Thanks,
Thomas
CEO/Founder
MyBB has no know severe exploits. You can't blame your being hacked on MyBB. You probably had an insecure password or plugin. If you care to tell us any of the "tons of exploits" let us know, but until then don't go saying we have them. MyBB has a relatively clean security record as compared to other softwares.
-Paul H.
Cogisne lingua latina?
Posts: 9,760
Threads: 389
Joined: Jan 2010
Reputation:
526
LOL, so they used the tons of exploits MyBB has to hack a small forum instead of some big one, right?
You just did used MyBB the wrong way, and probably tons of the unofficial MyBB plugins.
Soporte en Español
Discord at omar.gonzalez ( Omar G.#6117 ); Telegram at @omarugc ;
Posts: 1,859
Threads: 113
Joined: Nov 2011
Reputation:
194
MyBB has no known exploits / vulnerabilities. Can you prove it was because of MyBB? If MyBB did have a known vulnerability (which it doesn't), why would they hack a small forum & not a big forum?
Check your access logs, they will tell you everything.
What plugins did you actually have installed?
MyBB Support Technician
Please do not PM me for support.
MyBBatically - A quick and easy way to update your board!
Posts: 72
Threads: 20
Joined: Apr 2012
Reputation:
0
Pitiful, I checked my localhost forums and found a few.
I rather blame the hacker, I'm just saying, though. I never "really" blamed it on you all.
Posts: 9,348
Threads: 266
Joined: Oct 2007
Reputation:
232
Quote:MyBB has failed us
Sounds like passing the blame to me.
What are the vulnerabilities you found?
Posts: 8,509
Threads: 386
Joined: Feb 2011
Reputation:
279
(2012-07-26, 03:31 AM)RedCP Wrote: Pitiful, I checked my localhost forums and found a few.
I rather blame the hacker, I'm just saying, though. I never "really" blamed it on you all.
If you have indeed found some, please report them on http://dev.mybb.com instead of saying we failed you. MyBB isn't a group of developers, its every user of the software. We all contribute. If you found a problem report it so we can fix it
-Paul H.
Cogisne lingua latina?
Posts: 345
Threads: 78
Joined: Mar 2012
Reputation:
10
I try to do case studies of these since the human engineering hack done on MyBB a few months ago. If you would be as so kind RedCP, would you please share what happened via your server log files and/or share about HOW you were hacked? Sometimes it's been an old administrator account that some pissed off person logs into and makes havoc, or there was a dictionary password for an admin account or for phpmyadmin via MySQL host url. Once the database is accessed the passwords can be unhashed and other online accounts you use (discovered by social engineering) can then be hacked to if you're like most "normal" people and use the same passwords everywhere.
SO PLEASE... share some intel!
Security Tips- Use different strong passwords on ALL online accounts
- Obfuscate ur real life give false information
Posts: 72
Threads: 20
Joined: Apr 2012
Reputation:
0
2012-07-27, 06:03 AM
(This post was last modified: 2012-07-27, 06:07 AM by RedCP.)
Thanks, and the exploit was through the plugins, in case I didn't give that info out.
Thanks, people. I honestly love MyBB, seeing how smooth it is. Just a few days into phpBB, and I'm throwing up (no offense, ha ha).
(2012-07-26, 06:19 AM)GunnerAIO Wrote: I try to do case studies of these since the human engineering hack done on MyBB a few months ago. If you would be as so kind RedCP, would you please share what happened via your server log files and/or share about HOW you were hacked? Sometimes it's been an old administrator account that some pissed off person logs into and makes havoc, or there was a dictionary password for an admin account or for phpmyadmin via MySQL host url. Once the database is accessed the passwords can be unhashed and other online accounts you use (discovered by social engineering) can then be hacked to if you're like most "normal" people and use the same passwords everywhere.
SO PLEASE... share some intel! I haven't a ton, all I know is some person I don't even know (well, now I do) used the command die); and used an exploit found in one of the plugins (I didn't even have any installed, he must have found the ACP and cracked a password).
Posts: 1,859
Threads: 113
Joined: Nov 2011
Reputation:
194
(2012-07-27, 06:03 AM)RedCP Wrote: Just a few days into phpBB, and I'm throwing up (no offense, ha ha).
We've all done the same
In all seriousness, MyBB is very secure software. I'm glad you've found the cause of it, though!
MyBB Support Technician
Please do not PM me for support.
MyBBatically - A quick and easy way to update your board!
|