MyBB

hellothere123 · 2014-01-08, 11:37 AM

Hi,

I love MyBB and am not here to try damaging it's reputation and I'm not pointing fingers. My gaming forum was hacked, they had deleted all the posts and threads that were on the forum and I had to do a database backup.

Now, he gained access to staff members account, which I have no idea how he got into because I definitely trust that staff member 110%. He then went on in a PM on forum to tell me how he is trying to work on a dox for me and there is worse to come, but this was on the 24th November when the hack occurred.

He also stated he had a copy of my mySQL database. HOWEVER! The stats on the forum remained the same, he deleted all threads and posts but the board stats were the same, he didn't delete any members or anything else. So, was he just lying about gaining mysql access and just deleted all the posts and threads from the staff members account?

MasterZuFu · 2014-01-08, 01:26 PM

Well, let me see if I can get this straight:

(2014-01-08, 11:37 AM)hellothere123 Wrote: "...because I definitely trust that staff member 110%..."
"...He then went on in a PM on forum to tell me how he is trying to work on a dox for me..." and there is worse to come, but this was on the 24th November when the hack occurred.
"...So, was he just lying about gaining mysql access and just deleted all the posts and threads from the staff members account?..."

These three sentences bring up some questions. 1. How can you say you trust someone 110% when it seems very clear to me that you don't know the person (why would he have to do a dox on you if he knew you, and furthermore, why would you be worried about a dox if you know him enough to trust him 110%?) 2. The fact that he would lie to you about this seems contradictory. Considering the above, it appears that he doesn't know you, or that you never knew him before. What would be the motive for lying to you?

Here's what to do:

1. Ban that account. Whether he does a dox or not, there's nothing you can do about public information anyways.
2. Do a restore from a backup you have from before the hack. If there is none, then contact your hosting company and ask them if they have one.
3. Don't make people administrators of your forum unless you can say that you actually know who they are and THEN that you trust them 110%.
4. If you do have a vulnerability on the site, it's very important you get it checked out. Check your plugins for vulnerabilities and whatever other custom codes you've added to your site.

Dean0bi · 2014-01-08, 01:26 PM

Whats the link to your site?

FBI · 2014-03-11, 04:41 PM

Once you can login admin panel, delete any user with admin group account.
Change password.

Greg Winston · 2014-03-12, 02:16 AM

(2014-01-08, 01:26 PM)MasterZuFu Wrote: 3. Don't make people administrators of your forum unless you can say that you actually know who they are and THEN that you trust them 110%.

I agree 100% with the comment above. I never make anyone an Administrator except myself. Moderator privileges are enough, are they not?

Xen0n · 2014-03-13, 08:27 PM

(2014-03-12, 02:16 AM)Greg Winston Wrote:
(2014-01-08, 01:26 PM)MasterZuFu Wrote: 3. Don't make people administrators of your forum unless you can say that you actually know who they are and THEN that you trust them 110%.

I agree 100% with the comment above. I never make anyone an Administrator except myself. Moderator privileges are enough, are they not?

It can be helpful to have a second admin in case something goes wrong (ex. staff member hacked).

Knerba · 2014-03-13, 11:31 PM

(2014-03-13, 08:27 PM)Xen0n Wrote:
(2014-03-12, 02:16 AM)Greg Winston Wrote:
(2014-01-08, 01:26 PM)MasterZuFu Wrote: 3. Don't make people administrators of your forum unless you can say that you actually know who they are and THEN that you trust them 110%.

I agree 100% with the comment above. I never make anyone an Administrator except myself. Moderator privileges are enough, are they not?

It can be helpful to have a second admin in case something goes wrong (ex. staff member hacked).

Well if you have 1 admin being yourself and there's an issue, you can always fix it through MyBB, especially if you've lost administrator rights.

Xen0n · 2014-03-14, 01:09 PM

(2014-03-13, 11:31 PM)Knerba Wrote:
(2014-03-13, 08:27 PM)Xen0n Wrote:
(2014-03-12, 02:16 AM)Greg Winston Wrote:
(2014-01-08, 01:26 PM)MasterZuFu Wrote: 3. Don't make people administrators of your forum unless you can say that you actually know who they are and THEN that you trust them 110%.

I agree 100% with the comment above. I never make anyone an Administrator except myself. Moderator privileges are enough, are they not?

It can be helpful to have a second admin in case something goes wrong (ex. staff member hacked).

Well if you have 1 admin being yourself and there's an issue, you can always fix it through MyBB, especially if you've lost administrator rights.

Nobody's awake 24/7.

Kaeden · 2014-03-14, 01:49 PM

Please don't bump old threads without good reason. The OP has only posted once.

Login
Username:
Password:	Lost Password?
	Remember me