Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
i got hacked.
#1
today, when i checked my forum, my admin username was changed to Don, and i couldnt login to my acc.

also, it seems that hacker also changed the email address for pass retrieval ,
and when i changed the email to mine again in sql (phpmyadmin>mybb_user),
the password retrieval email s still not working, moreover, i cannot login with my backup admin acc.

Please tell me what should i do in sql that would allow me to login to the forum ,and what are possible ways in which this could have been happened ?
#2
Run the query
UPDATE  `mybb_users` SET  `password` =  '73a7addb1702d8ce115235572e2a24bf' WHERE  `mybb_users`.`uid` =1 LIMIT 1 
(assuming your admin user id is 1 and assuming your table prefix is mybb_)
your password should be set to myforumsaregreat
#3
@Jordan, unfortunately that won't work as it doesn't factor in the salt.

If you run this one it will reset the password to "test" (no quotes)

UPDATE `mybb_users` SET `password` = '098f6bcd4621d373cade4e832627b4f6', `salt` = '' WHERE `uid` = 'X'

Change X to your uid.



As for how you were hacked...

Are all your passwords secure?

What plugins do you use?
-Paul H.

Cogisne lingua latina?
#4
i have had no new plugins installed for months,
Fortunately, my admin directory is in a secure location, so no real damage done, but i am afraid it may happen again. my email and other accounts are safe, coz i use different pws on each.

Btw, thanks for help, i was able to change my pass.


i have some custom php sripts coded by my programmer friend too,but they are secure.
#5
You have blocked one plugin from view in the screenshot, its also now deactivated. Maybe this plugin has caused your problem ? Why is it blocked from view ?
#6
This user has been denied support. This user has been denied support.
(2012-08-21, 09:25 PM)Frank.Barry Wrote: You have blocked one plugin from view in the screenshot, its also now deactivated. Maybe this plugin has caused your problem ? Why is it blocked from view ?

probably it's payed and he got it nulled

that's why he probably got hacked too Sad
#7
(2012-08-21, 09:47 PM)Glas Wrote:
(2012-08-21, 09:25 PM)Frank.Barry Wrote: You have blocked one plugin from view in the screenshot, its also now deactivated. Maybe this plugin has caused your problem ? Why is it blocked from view ?

probably it's payed and he got it nulled

that's why he probably got hacked too Sad
I was thinking that too.
PGP Key (Fingerprint: 23B6 F4C0 FE2D 45AA 61A0 1E86 DB87 09DC DD87 6E40)
#8
that is not a paid plugin,and even if it was, why would i blur it, you cannot know if its nulled or baught just by looking at it.
and i blurred it because i dont want it to be known. I can pm the unblurred image to mybb staff.

Also, i would rather buy stuff than use null.

it is always deactivated, its only there because i once installed it and after that never used it.


Moreover, now my website is defaced Toungue .

Please help me in it. http://hostmafia.net/forum/
#9
This user has been denied support. This user has been denied support.
(2012-08-22, 08:17 AM)HostMafia Wrote: that is not a paid plugin,and even if it was, why would i blur it, you cannot know if its nulled or baught just by looking at it.
and i blurred it because i dont want it to be known. I can pm the unblurred image to mybb staff.

Also, i would rather buy stuff than use null.

it is always deactivated, its only there because i once installed it and after that never used it.


Moreover, now my website is defaced Toungue .

Please help me in it. http://hostmafia.net/forum/

You should be more honest and collaborative, that arrogance won't take you far

Whatever good luck with that, kid
#10
(2012-08-22, 08:17 AM)HostMafia Wrote: that is not a paid plugin,and even if it was, why would i blur it, you cannot know if its nulled or baught just by looking at it.
and i blurred it because i dont want it to be known. I can pm the unblurred image to mybb staff.

Also, i would rather buy stuff than use null.

it is always deactivated, its only there because i once installed it and after that never used it.


Moreover, now my website is defaced Toungue .

Please help me in it. http://hostmafia.net/forum/
Well, I guess I'll give you the benefit of the doubt Wink. So I'll apologize for assuming that it was a nulled plugin or something like that. Unfortunately, too many people have done it and become hacked due to it, that it kind of becomes a popular guess, especially if something is blurred.

I hope you understand what I mean. :/
PGP Key (Fingerprint: 23B6 F4C0 FE2D 45AA 61A0 1E86 DB87 09DC DD87 6E40)


Forum Jump:


Users browsing this thread: 1 Guest(s)