Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Site hacked
#1
Hello guys.

Today, I noticed that my site had been hacked. It appears that the user used an exploit with the calender and was able to hack it. I would like to know how to secure my site so only selected admins can access the website?
#2
How do you know that it was the Calender? What plugins do you have installed? Take a look at list of known vulnerable plugins and see you had any of them.
#3
Well it only shows that he edited the calender.php file. But it may have been the MyYoutube cause I have that installed. I also have NewPoints.php

Edit: I am on New Points 1.9.7 which is not vulnerable.
#4
MyYoutube and NewPoints are not on the list. It may have been possible that the hacker injected an exploit into Calender. If you've a database backup, then I suggest you to re-install a fresh copy of MyBB.
#5
(2013-04-28, 02:36 AM)Jimmy. Wrote: MyYoutube and NewPoints are not on the list. It may have been possible that the hacker injected an exploit into Calender. If you've a database backup, then I suggest you to re-install a fresh copy of MyBB.

He didn't deface the site, only edit the 'calendar' template.
#6
The reason they edited calendar template is to upload a shell there.
#7
less the plugins more the security.
Always check for outdated plugins.
#8
(2013-04-28, 05:50 PM)Ryanwrz Wrote: less the plugins more the security.

Not always true.
PGP Key (Fingerprint: 23B6 F4C0 FE2D 45AA 61A0 1E86 DB87 09DC DD87 6E40)


Forum Jump:


Users browsing this thread: 1 Guest(s)