My Forum is Hacked !

Also it would be a good idea to find out how your site got hacked/defaced. If you don't then it could just happen again and again and again.
 
Do you used Facebook connect mod of mybb ?

If yes just remove the last user from mybb_users table on database.

Also check on .htaccess if he made any redirects. if yes ,remove it.

After checking little i am sure it is some kind redirecting hack. your index.php is redirecting to another page<br /><br />-- 26 Apr 2012, 21:42 --<br /><br />After viewing it correctly i found they changed your index.php i think. So re - update index file from mybb download pack. If that doesn't work then post here your .htaccess code which will be in your forum directory
 
Re-loaded all files and Got back 😉 , anyone know about bestest MYBB secutiry mod ??
 
Make sure you change your password for cPanel. That is most likely how they did it. Also make sure myBB is up to date and your only using trusted plugins for it.
 
i think i need good and better hosting , but can't offord yet ! anyone know the free and good and trustable host for MYBB software ???
 
theres a mybb 6 methods to secure the forum i think it would be helpful for you to follow it. one of its method is to change the directory name. look for it in google "methods to secure mybb forum"
 
yup am working on it , and hope so will never this happen again , 😀
 
I agree with Sshadow. It's most likely they got your cPanel details because that's the only way I can think of them being able to re-name and edit files... Have you given anyone your cPanel details lately or haven't changed it since the last time you gave it to someone? If not maybe that's the person who hacked you. Change the password immediately and make it complex...
 
Sshadow said:
Make sure you change your password for cPanel. That is most likely how they did it. Also make sure myBB is up to date and your only using trusted plugins for it.
Click to expand...
Actually getting a cPanel password is one of the hardest way to hack a forum. Unless the server admin is a moron, the security settings will stop anybody doing a brute-force attack to get the password (usually blacklisting the IP).


Rocky said:
I agree with Sshadow. It's most likely they got your cPanel details because that's the only way I can think of them being able to re-name and edit files... Have you given anyone your cPanel details lately or haven't changed it since the last time you gave it to someone? If not maybe that's the person who hacked you. Change the password immediately and make it complex...
Click to expand...
Incorrect. One can re-name and edit files by executing scripts, and is much easier to do (if one were to find a vulnerability in software) than hacking a cPanel password.

If you're using a bridge, they most likely got in using that. From experience, forum software is usually pretty good with security, but the bridges are usually not updated as well. Bonus points if the software you're bridging isn't secure. If you don't have any bridges installed, portals and other addons might have a vulnerability. MODs that have style changes or do simple code edits you can eliminate.
 
Watch Me Sink said:
Sshadow said:
Make sure you change your password for cPanel. That is most likely how they did it. Also make sure myBB is up to date and your only using trusted plugins for it.
Click to expand...
Actually getting a cPanel password is one of the hardest way to hack a forum. Unless the server admin is a moron, the security settings will stop anybody doing a brute-force attack to get the password (usually blacklisting the IP).


Rocky said:
I agree with Sshadow. It's most likely they got your cPanel details because that's the only way I can think of them being able to re-name and edit files... Have you given anyone your cPanel details lately or haven't changed it since the last time you gave it to someone? If not maybe that's the person who hacked you. Change the password immediately and make it complex...
Click to expand...
Incorrect. One can re-name and edit files by executing scripts, and is much easier to do (if one were to find a vulnerability in software) than hacking a cPanel password.

If you're using a bridge, they most likely got in using that. From experience, forum software is usually pretty good with security, but the bridges are usually not updated as well. Bonus points if the software you're bridging isn't secure. If you don't have any bridges installed, portals and other addons might have a vulnerability. MODs that have style changes or do simple code edits you can eliminate.
Click to expand...

It may be hard(most of the time) to do but if your hacked it's always the first thing you should do as a "just in case" measure.

I agree with the second part and my generalized statement about plugins hinted at that but I was in a hurry. I have learned by experience that outdated software or poorly written/outdated plugins are very dangerous.
 
You must log in or register to reply here.

About Us

Since 2007, Forum Promotion has specialized in providing advertising solutions to webmasters looking to promote their communities. We pride ourselves in being the bridge that connects forum administrators, bloggers, and more.

Sponsors

Affiliates

    Universal Gaming The Coffee House

Stay Connected

Back
Top Bottom