pr3sident@whit3house.gov - Joined made himself an admin

[Psinetic]

haha, awesome. Can't wait when it comes out

[MattR]

Same advice as everybody else has been given, once you've deleted the admin account, make sure there's no files that shouldn't be there in your ./cache/themes/ folder, and I'd also reupload all the files from the 1.4.8 package.

[MattR]

If it deletes stuff, your FTP client is setup wrong. It only adds files and updates/replaces ones, it shouldn't delete anything.

If I have 50 files in my ./inc/plugins/ folder, and upload the default MyBB package on top of it, which only includes the hello.php, it won't delete anything else in the folder.

[labrocca]

A better question is why you haven't updated in 3 weeks to fix the exploit. WTF

[Psinetic]

Ok. here are some simple steps for you to follow:

1. GET ON THE MAILING LIST!!!! I made the same mistake as you by not checking my updates simply because I assumed someone else would do the job. You should get on the mybb mailing list so that when a new version of mybb comes out you'll know by email to update all of your mybb forums. GET ON THIS LIST NOW!!!

http://www.mybboard.net/mailing-list

2. Check your administrator logs and look what that user account did while in admin (AdminCP -> Tools And Maintanence -> Administrator Log) and look what he did and undo it. Most likely, if it's this hacker, he most likely only changed the index page and uploaded a backdoor in the cache directory. It's been mentioned in this thread before, delete it ASAP.

3. Follow the guidelines in this thread to improve your website's security:

http://community.mybboard.net/thread-44977.html

4. DON'T LET THIS GO UN-REPORTED!!! A common mistake people do is they DON'T report incidents like this, which, unfortunately, allows malicious hackers to remain anonymous on the web with very little information, if any at all, about them. This particular hacker I have setup a blog again, you may visit it here: http://www.psinetic.org/nobodycoder

Be sure you report any hacking incidents to the correct people as soon as they happen and include all the details you can, this is what helps with security updates to protect you and others like you from having the same attack again.

5. Use your brain, learn how your forum and site operates and what should be locked up and what shouldn't. If you don't know how your beast behaves, how are you supposed to operate it?

6. Like Labrocca said so eliquently (lmao XD), UPDATE!!!!! http://www.mybboard.net/download/latest

that should help you out.

-Psinetic

[MattR]

(Jul 07, 2009 02:43 PM)RPG2 Wrote:  Becuase I didn't check there was an update.

If it's been 3 weeks, the version check in your ACP would have come up, it comes up every 2 weeks... don't say you ignore that when it comes up...