Posts: 78
Threads: 28
Joined: Sep 2013
Reputation:
0
2013-12-03, 02:09 PM
(This post was last modified: 2013-12-03, 02:11 PM by d0m.)
This user has been denied support.
Hello!
I was hijacked with version 1.6.11
Think something like this http://www.slideshare.net/Chris1llusion/mybb-account-hijacking,not
100% sure,but i know was hijacked,or by pm,because password recovery function was used,when i saw my mail,i saw and admin username was changed by my,but i'm sure i use this version 1.6.11,so maybe somebody have same problem or i don't now what o say!
Thanks!
Posts: 479
Threads: 28
Joined: Feb 2013
Reputation:
16
If they sent it to your email, you (or other administrators) might have their email compromised, which allows for them to enter into your forum with your administrator privileges. Without logs or anything, we won't be able to tell you for sure.
Posts: 78
Threads: 28
Joined: Sep 2013
Reputation:
0
This user has been denied support.
"They" send me to email(Password recovery),and i don't have logs,because moved from this hosting,and install new,and check all security what i can!
So,i don't now,if it's happining again,i will send logs to somebody here who can understand what's happened,but i'm sure it's was this mybb version,because i check always for updates!
Posts: 21,668
Threads: 5
Joined: Aug 2011
Reputation:
2,316
2013-12-03, 04:05 PM
(This post was last modified: 2013-12-03, 04:05 PM by .m..)
^ unable to understand how you confirmed that your forum was hijacked / compromised. what you meant by
" user name change" is not clear for me. anyone can ask for password recovery by giving your mail address ..
Posts: 78
Threads: 28
Joined: Sep 2013
Reputation:
0
This user has been denied support.
(2013-12-03, 04:05 PM).m. Wrote: ^ unable to understand how you confirmed that your forum was hijacked / compromised. what you meant by
"user name change" is not clear for me. anyone can ask for password recovery by giving your mail address ..
First can't login with my password to forum,then i saw in email for password change,with difirent username and activiation code,i log normally,and see somebody in shoutbox send a messages what i didn't send!
Just maybe i can't explaine good,because eng is not my native lang.
Posts: 21,668
Threads: 5
Joined: Aug 2011
Reputation:
2,316
^ I understand that you changed web host and fixed everything - your forum is running normal now. is that right ?
Posts: 78
Threads: 28
Joined: Sep 2013
Reputation:
0
This user has been denied support.
(2013-12-03, 04:23 PM).m. Wrote: ^ I understand that you changed web host and fixed everything - your forum is running normal now. is that right ?
Right now yes,now waiting for attacker when he come back,to see logs ,why this happaned
Posts: 21,668
Threads: 5
Joined: Aug 2011
Reputation:
2,316
however as prevention is better than cure, try to take care of possible security measures - see security tutorials
Posts: 78
Threads: 28
Joined: Sep 2013
Reputation:
0
2013-12-03, 05:33 PM
(This post was last modified: 2013-12-03, 05:35 PM by d0m.)
This user has been denied support.
(2013-12-03, 05:15 PM).m. Wrote: however as prevention is better than cure, try to take care of possible security measures - see security tutorials Belive me,i did this,and add .httacess and other things,like change prefixs...etc,but i will see,if again something happining i willall of ppl let to know!
Anyway,thanks for repry.
|