Mybb 1.8.7 Forum Hack
#1
Last nigth someone managed to get  an existing admin user and password, enter the ACP and erase one year of hard work. Due to a bug in the backup code my backup in gzip is unnusable so i lost everything.
The one who did't registered with an user, then entered administrator and erase everything. I don't have more info  but is a serious security issue. The user name was Tix, so o think he used http://tix.sourceforge.net

In the other side, an error on backup code dated from 2015? Really? I think is  the only thing in the universe that must not have a bug. Very sad and dissapointed...
Reply
#2
https://github.com/mybb/mybb/issues/2125, I discussed a way to recover corrupted backups generated from MyBB's backup facility.
[Image: fSGNVQj.png]
Reply
#3
@Shade It is not working, allready did it and nothing! Sad
Reply
#4
Can you send me the backup through a temp link? I will try to recover it for you.
[Image: fSGNVQj.png]
Reply
#5
Can vouch for Shade if you're worried about sending database backups.
I have also passed this thread onto our team for review all of security issues and the alleged bug(s)

Owner and operator of Creators Wave
Reply
#6
I am not worried about sengind the backup, thanks guys. I am sengind the backup to him via p.m. I am not 100% sure if it is a brearch in the forum or just the admin has been hacked and used his passeord to enter. What i think is top priority is the backup issue.
Reply
#7
this is our fault dont save password in opera chrome firefox only use uc brwser pc version
dont get any file from ur friend because may be a rat in his file
always look in task manager and always observe that no new entered in r system
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)