MyBB Central

Full Version: Stupid Hackers - I got hacked
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
I got mildly hacked I guess today. Some moron was able to log into my forum, join and make themselves an admin. They went and shut the board and put the reason the board was shut as:

Quote:HACKED BY THESECO Sercan GULER WAS HERE TURKEY. SEVÄ°YORUM SENÄ° M. YENTÃœMÃœR.

Had two users join. I cannot get a hold of my server by phone today. There seems to be a problem with the telephone lines in that state.

So, anyway, I changed ALL my passwords on all domains, server control panel, ftp, sites and admin access. Banned the two users he registered as, banned all IP's associated with him and banned all the emails too.

I wanted to see if the hosting company could tell where this moron got in from and I remember something on the Mybb board saying to secure the board by putting your admin.php "someplace else" -

I searched this board and got no results hoping it would be here - haven't gone to the Mybb board and figure that something like this would be useful here so if anyone got hacked through the admin.php file they can know what to do.

Anyone here know how to protect my board better? I'm using the latest version of 1.4+ and all security updates are installed.
OK went and found the link on the Mybb site.
http://community.mybboard.net/thread-9991.html

And I followed the directions, took out the version numbers too. And now I'll be doing this for all my Mybb boards today.

I got hold of the hosting company and they said no unauthorized entry from their side could be found so I guess I'm right when they accessed through the board directly - makes sense anyway since they actually registered for an account!

I hope this helps someone.

Anyone with more security to add to this I'd be grateful.
So you're on 1.4.7??

This is my 'generic' sort of reply for this kind of issue issue. I'd reupload all the MyBB files, to make sure you have the latest ones, and that they're clean. Also, download your ./inc/settings.php, delete it, and let it regenerate, then you'll know it's clean; you download it incase it doesn't regenerate, so you can reupload it again, you may have to click around on the forum a bit to get it to regenerate. Then, delete your config.php, and remake it with this, again, so we know it's clean. Make sure you change the admin directory setting if it isn't the default 'admin'. Also CHMOD config.php to 444. What are all your other files and folders CHMOD to?? Files should be 644, folders should be 755, anything that requires extra can be found here.

That's about all I can think of for now but it's a good start. Regular database backups are also vital. It's the only thing that can't be replaced, unlike files, plugins, and themes, which can be if anything happens to them.
Yep thanks Matt - I'm on this now as you were replying!

What a PAIN in the tuckus!
It is indeed a pain... just remembered another thing, check your templates for malicious code. Code is usually added to the index, header, headerincldue, or footer template, as these are loaded most, and it's usually weird code in <script> tags that steals passwords or other crap. If you see anything like that, remove it ASAP.
Thanks! Seems all good in that regard. Good info to know too.

Wouldn't my virus blocker (avast) pick it up surfing the site though if something were in there?

The guy only spent literally 4 mins online between the two names he/she joined with. Long enough to hack into the admin panel, make himself admin on one account and close the board with his/her dopey message. Maybe they were in there "preparing" for future stuff but it really looked like some dopey kid making internet 'graffiti'.

You'd think people like this would find more constructive things to do.
They didn't guess his password. They used the 1.4x exploit that is fixed in 1.4.7.
(Jun 23, 2009, 11:22 PM)labrocca Wrote: [ -> ]They didn't guess his password. They used the 1.4x exploit that is fixed in 1.4.7.

his? Sad

I have the latest updates on the software. Well at least it says so in my admin panel. I WILL be double checking and updating that if it isn't.
Stephon, trust me, they don't guess my passwords - they are changed often and are not easy to figure out.
Gotta love the title of this thread. Seriously i do. No offence intended at all mate. Just they seem to be the smart ones i would have thought.
Damn a couple mins and there into your forum with admin privilages!!!
Either MyBB got some serious issues (i doubt) or you have allowed a security hole in your server some how.
That aside. Sorry to hear you got hacked so easily mate. There must be some issue there. Check all other scripts you run and chmod settings etc would be my first call. But wow. A couple of mins and they got you. Damn i wish i new how they did it. And also why would be good to know?
Did you provoke some serious hackers? Or was it simply a random attack?

Also are you or were you the only admin at the time? Could you have a dirty rat in your camp?
Yeah I know, they might be the smart ones but they are "criminals" of a sort and all criminals are stupid IMO. Surely people have better things to do with their lives than graffiti websites. That right there makes them stupid.

It's a recipe site. I don't think I provoked anyone.

All file permissions were ok according to my server. They got in through Mybb registration nowhere else. I had v 1.4.6 and have since updated.