(2015-10-03, 12:37 AM)idbackbox Wrote: This is a technique fake root, so the shell is not on my server but other servers.
(2015-10-02, 08:33 AM)SentoWeb Wrote: I would reset the hosting account, export the database, reinstall mybb, reupload themes and plugins, import the database and make sure that nobody else has admin access besides me (make sure that for example the banned user group didn't get admin access). You can't re-use any of the old php files and if you have to reuse custom images I'd scan them before reuploading.
I've been doing it that way but I can not. http://forum.idbackbox.org/~kakiten1/
Fake root really sounds like just another fancy word for backdoor.
Can you describe why you can't reupload the site? Are you not able to start the setup?
http://forum.idbackbox.org/~kakiten1/
kakiten1 seems like an account on this server which doesn't have a working domain at the moment. Is it yours? Is it legitimate?
Is
http://forum.idbackbox.org your website (I think not), is
http://forum.idbackbox.org hosted on the same server with your website?
There are many missing pieces and you are not providing too much information.
You have to get rid of the hosting account, any leftover configuration can prevent you from properly reinstalling MyBB, or give the attacker access. If you haven't used potentially unsafe 3rd party extensions you are better off moving to a different host, for all we know it might be something with their system (misconfigured guest ftp, leftover account, easily bruteforcable ssh access and so on)
I would also advise you to check your own OS, the attacker could have stolen the login details via a keylogger. I'd advise you to run Malwarebytes and AVG to see if anything is found.