Thread Rating:
  • 1 Vote(s) - 1 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Hacked.
#1
My forum board, , was hacked today.

Any way I can fix this? All accounts were deleted, and it seems I've been IP banned.

I know how to add security after all this was fixed.

I also cannot get on my laptop right now, which means no database backups.

Thanks a ton.
#2
Quote:Dear users of Script Station,
MyBB has failed us with it's tons of exploits, and someone (we've found you) has hacked the forums.
The database was deleted, a misconfiguration in my laptop also deleted the backup database servers I had.

Script Station is not over, we will stand strong. We are now upgrading to IP.Board, which is tons more secure and way better. It also has a nice mobile theme for all your mobile devices.
We will not let you all down!

Thanks,
Thomas
CEO/Founder

MyBB has no know severe exploits. You can't blame your being hacked on MyBB. You probably had an insecure password or plugin. If you care to tell us any of the "tons of exploits" let us know, but until then don't go saying we have them. MyBB has a relatively clean security record as compared to other softwares.
-Paul H.

Cogisne lingua latina?
#3
LOL, so they used the tons of exploits MyBB has to hack a small forum instead of some big one, right?

You just did used MyBB the wrong way, and probably tons of the unofficial MyBB plugins.
#4
MyBB has no known exploits / vulnerabilities. Can you prove it was because of MyBB? If MyBB did have a known vulnerability (which it doesn't), why would they hack a small forum & not a big forum?

Check your access logs, they will tell you everything.

What plugins did you actually have installed?
[Image: information.gif] MyBB Support Technician
Please do not PM me for support.


MyBBatically - A quick and easy way to update your board!
#5
Pitiful, I checked my localhost forums and found a few.
I rather blame the hacker, I'm just saying, though. I never "really" blamed it on you all.
#6
Quote:MyBB has failed us

Sounds like passing the blame to me.

What are the vulnerabilities you found?
#7
(2012-07-26, 03:31 AM)RedCP Wrote: Pitiful, I checked my localhost forums and found a few.
I rather blame the hacker, I'm just saying, though. I never "really" blamed it on you all.

If you have indeed found some, please report them on http://dev.mybb.com instead of saying we failed you. MyBB isn't a group of developers, its every user of the software. We all contribute. If you found a problem report it so we can fix it Smile
-Paul H.

Cogisne lingua latina?
#8
I try to do case studies of these since the human engineering hack done on MyBB a few months ago. If you would be as so kind RedCP, would you please share what happened via your server log files and/or share about HOW you were hacked? Sometimes it's been an old administrator account that some pissed off person logs into and makes havoc, or there was a dictionary password for an admin account or for phpmyadmin via MySQL host url. Once the database is accessed the passwords can be unhashed and other online accounts you use (discovered by social engineering) can then be hacked to if you're like most "normal" people and use the same passwords everywhere.
SO PLEASE... share some intel! Big Grin
Security Tips
  • Use different strong passwords on ALL online accounts
  • Obfuscate ur real life give false information
[Image: GRwe_E7s_F.png]
#9
Thanks, and the exploit was through the plugins, in case I didn't give that info out.

Thanks, people. I honestly love MyBB, seeing how smooth it is. Just a few days into phpBB, and I'm throwing up (no offense, ha ha).

(2012-07-26, 06:19 AM)GunnerAIO Wrote: I try to do case studies of these since the human engineering hack done on MyBB a few months ago. If you would be as so kind RedCP, would you please share what happened via your server log files and/or share about HOW you were hacked? Sometimes it's been an old administrator account that some pissed off person logs into and makes havoc, or there was a dictionary password for an admin account or for phpmyadmin via MySQL host url. Once the database is accessed the passwords can be unhashed and other online accounts you use (discovered by social engineering) can then be hacked to if you're like most "normal" people and use the same passwords everywhere.
SO PLEASE... share some intel! Big Grin
I haven't a ton, all I know is some person I don't even know (well, now I do) used the command die); and used an exploit found in one of the plugins (I didn't even have any installed, he must have found the ACP and cracked a password).
#10
(2012-07-27, 06:03 AM)RedCP Wrote: Just a few days into phpBB, and I'm throwing up (no offense, ha ha).

We've all done the same Wink

In all seriousness, MyBB is very secure software. I'm glad you've found the cause of it, though! Smile
[Image: information.gif] MyBB Support Technician
Please do not PM me for support.


MyBBatically - A quick and easy way to update your board!


Forum Jump:


Users browsing this thread: 1 Guest(s)