How to reinstall a fresh copy of MyBB without data loss

[kingkong]

Hello!

I'm using the latest version of MyBB software and i'm new to it.My forum's root directory was infected by some abuser who uploaded a login folder to my root directory by creating a phising link,i have removed the link but i am having continous FTP password changes on my forum.

My ACP password isn't changed but the FTP has been changed already twice in the last month.

The FTP pass is the same that is used to access the Control Panel.That means,i am neither able to access CP nor FTP.

What could be causing this?I think there are some infected files in the forum's root directory and i would like to reinstall a fresh copy of MyBB.

But my problem is how to do it without losing the database and every single setting?

Please help me.

I'm worried.

Thankyou.

[Serpius]

Hello!

I'm using the latest version of MyBB software and i'm new to it.My forum's root directory was infected by some abuser who uploaded a login folder to my root directory by creating a phising link,i have removed the link but i am having continous FTP password changes on my forum.

My ACP password isn't changed but the FTP has been changed already twice in the last month.

The FTP pass is the same that is used to access the Control Panel.That means,i am neither able to access CP nor FTP.

What could be causing this?I think there are some infected files in the forum's root directory and i would like to reinstall a fresh copy of MyBB.

But my problem is how to do it without losing the database and every single setting?

Please help me.

I'm worried.

Thankyou.

For starters... you need to change the AdminCP password. I'm surprised that you haven't figured that out.

Then... change the password for the FTP and the cPanel, but DO NOT make them the same password for both. Don't do it. 

In short... you need 3 different passwords. 

Do it now before someone does take over your entire setup.

[Devilshakerz]

You can save a backup of all files and the database for analysis later, then change your passwords for the server/hosting management panel, the email account it's tied to, etc., all the way down to MyBB administrator accounts; to make sure the filesystem is clean, you can:

• use some software (e.g. WinMerge on Windows) to list differences between the set of files than your board runs off and a fresh MyBB package and manually delete/restore files that might be malicious, or
  
• remove files (saving a copy of the uploads/ directory, and other ones if needed, like inc/plugins/, but you would have to review their content to make sure they don't contain malicious code) and upload files from the fresh MyBB package, upload inc/config.php (here is the code that generates it - it shouldn't contain anything else) and make sure the installation can connect to the database (with content intact) and restore the content in uploads/,
  

after that you would need to make sure there are no additional administrator accounts or unsafe settings (like allowed HTML in posts); the guide at https://docs.mybb.com/1.8/administration...rotection/ should help, but also take a look at other security-related ones at https://docs.mybb.com/1.8/administration/security/.

The DVZ Integrity Tools plugin can point out specific differences between current and original files as well as changes in the database structure.

[kingkong]

Thanks for the explainations.

I would like to add that i am not using any strange softwares on my PC,it has been formatted since the last password change.I use filezilla to transfer FTP files.

The plugins i am using on my forum are:

   

   

My ACP password has been changed since the last FTP password change from abuser and since then i have already changed the name of my admin directory using the Honeypot plugin.

So,now my question is "how is it possibile that the FTP pass is changed again for the second time?"

Is it possibile that the hosting company is facing security issues?

And could you let me know if this is the proper way to make a backup?

   

Thankyou.

[kingkong]

Hello!

I followed the procedure indicated by you till saving the following files/folders.

   

But i have some doubts and i would like to have them cleared before i do something wrong,i think i have already told you that i'm a new comer to MyBB and i'm not profi like you guys.

My question is,should i delete the existing folders one by one and replace them one by one with the new ones?

or

Should i make a fresh new installation?


I was asking it because,for example,when i delete the folder images from my database and then upload the new fresh folder named images,i will be losing all those images i have set for the variuos usergroups.

How can i proceed?

And here is the screenshot of DVZ integrity tools:

   

Thanks for your patience.

[.m.]

^ you can replace changed files with the original files.

some plugins (eg. Google SEO) modify functions.php file
in that case do not replace such changed files.

generally speaking,
php files (NOT lang.php files) & js files should be original
unless you have modified them manually / through plugins for a purpose.

And in general,
there should be no need to replace images (though shown as changed)

[kingkong]

Well,i have the following changed files:

   

So,the one is because of google seo plugin,the language file has been modified by me and the other two i have deleted.

I don't see any other changed files.

---

Well,nobody can help me?

If i don't see the any file changes,what could i do and how to do?

Thanks

[Azah]

Nuking the cPanel account, remaking it, and restoring the database backup is always an option.

[kingkong]

I have replaced every single file with the fresh file from MyBB copy.

The only files that hasn't been replaced are those of plugins.So,let us see,if the problem solves or not.

[Azah]

Which plugins are they?