Accounts Hack
#1
Now i'm not sure how this happened nor how it can be fixed. Yesterday I got on my forums with people complaining that they were hacked. I banned those accounts, and they contacted me saying that they were done messing around, although I cant have an exploit like this just possible. The hackers claimed what they did was a SQL Injection, which allowed them to get the logins for the accounts, and they also claimed that it was impossible to fix. I want to not believe that, although they could be correct. So with that said, is it possible to fix this "SQL Injection"? My friend claimed that it was something to do with vulnerable plugins, so I put together a list of plugins that I have on the mybb site. Click here to see my plugins. This might be asking a bit much, but this is really serious for the health of my community, and I feel that it should not be this easy to just get into a mybb account.

This might have been what was used to get into the site.


Regards,
Xenonzo
Reply
#2
What is your version of MyBB? According to the video, the hack was done on MyBB 1.8.1.
Reply
#3
(2015-08-25, 05:59 AM)Phantomer Wrote: What is your version of MyBB? According to the video, the hack was done on MyBB 1.8.1.

MyBB 1.8.5

Would you like my MySQL version as well?
Reply
#4
This user has been denied support. This user has been denied support.
I think this is already patched.
Reply
#5
(2015-08-25, 09:41 PM)John J. Wrote: I think this is already patched.

Hmm do you possibly know how some user accounts were breached? They did confirm with me that it was SQL Injections, although I'm not sure what else they did.
Reply
#6
This user has been denied support. This user has been denied support.
I tried it with the current version, had no success.
Reply
#7
(2015-08-26, 07:36 PM)John J. Wrote: I tried it with the current version, had no success.

Might not be that but I can assure you some sort of SQL injection is going on.
Three more accounts got hacked.
Reply
#8
This user has been denied support. This user has been denied support.
(2015-08-26, 09:40 PM)xunofar Wrote:
(2015-08-26, 07:36 PM)John J. Wrote: I tried it with the current version, had no success.

Might not be that but I can assure you some sort of SQL injection is going on.
Three more accounts got hacked.

Well then you should try removing unused plugins.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)