REGISTER or LOGIN to have the annoying ads removed.
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[email protected] - Joined made himself an admin
#1
oh joy a hacker!

dude joined ,made himself an admin and did nothing else

how can i avoid this, my mybb version is 1.4.7

*edit i had the old version!* patched it now. is there away to get email updates when a new mybb is released?
Reply
#2
Same email at my site that hacked me but that's not his real email. He signed up under spamcero.com I believe then using the exploit changed both his email and signup IP address. I was able to pull out mysql logs to see the actual queries.
Reply
#3
I need to learn more about this kinda stuff... lol
Reply
#4
(Jun 24, 2009, 02:05 AM)labrocca Wrote: Same email at my site that hacked me but that's not his real email. He signed up under spamcero.com I believe then using the exploit changed both his email and signup IP address. I was able to pull out mysql logs to see the actual queries.

and to think, you encourage this by having a Forums about Hacking
Reply
#5
lmfao He has a forum about computer shit. You might wanna study the site before criticizing it bro! Labrocca himself doesn't really support the act of hacking at all. The site is more about the skills and such hackers have and scripting and such! Seriously check it out before you knock it. Not to mention if it wasn't for hack forums he may not have ever known as much about hacking as he does now which makes it easier for him to protect himself!
Reply
#6
(Jun 24, 2009, 10:48 AM)ridwan sameer Wrote:
(Jun 24, 2009, 02:05 AM)labrocca Wrote: Same email at my site that hacked me but that's not his real email. He signed up under spamcero.com I believe then using the exploit changed both his email and signup IP address. I was able to pull out mysql logs to see the actual queries.

and to think, you encourage this by having a Forums about Hacking

You're ignorant if you think that's true. Yes I have a forum about hacking but I don't encourage cracking at all. Maybe you should take the time to read my posts at the site.

And btw...I was one of the first exploited sites from this and because of me this exploit was patched very quickly before most sites could be harmed.

http://blog.mybboard.net/2009/06/15/mybb...ty-update/

Quote:Thank you to Jesse Labrocca for alerting us of this vulnerability.
Reply
#7
Yup yup! And for those of us who don't know much about MyBB and security features it's good to have you lookin out! lol
Reply
#8
I got the same guy on my site... and then replaced the index template to display some message about the Iran election... so i sorted a clean install up to 1.4.8 and they managed to use the same exploit to do it again...
Reply
#9
Did you delete themes.php from ./cache/themes/?? Shouldn't be there, that's the backdoor they leave.
Reply
#10
(Jul 03, 2009, 06:35 AM)kaitora Wrote: I got the same guy on my site... and then replaced the index template to display some message about the Iran election... so i sorted a clean install up to 1.4.8 and they managed to use the same exploit to do it again...

By clean install did you delete all the files and re upload and start with a fresh database and restored it with a back up ?

Or did you just re upload and overwrite the existing files excluding your config file. Like Matt mentioned did you delete that theme.php file ?

Please let us know because now I am starting to worry and another thing is to I wonder if the hacker has read the config file and knows your database name and password. It would not hurt to change the password and user name for the database.
Reply


Possibly Related Threads...
Thread Author Replies Views Last Post
  How to change Posts/Threads/Joined time? Anime 2 2,345 Dec 13, 2014, 09:47 AM
Last Post: Anime
  How to modify or delete all forums post from admin panel. rajeevrrs 1 1,723 Nov 26, 2014, 06:44 AM
Last Post: Nasyr
  inc/languages/englishgb/admin/style_editorthemes.lang.php does not exist PianoMike 2 1,560 Aug 29, 2013, 07:14 PM
Last Post: mathewscott
  How do I get my admin account back if I accidently delete it? xarzu 1 1,440 Aug 25, 2013, 06:01 AM
Last Post: teluguresearcher
  Admin Control Panel isn't working. no1dead 1 1,072 Jun 25, 2012, 02:52 PM
Last Post: Oliver Evans

Forum Jump:


Users browsing this thread: 1 Guest(s)