MyBB Forum HACKED!
- Thread starter NeoCHI
- Start date
We've seen similar defacements before. So far none of them have been exploited via XenForo itself. It can be through weak server credentials, poor security on shared hosts, exploits via other software, that kind of thing.
The most important thing to do right now is to change every password and liaise with your host and/or server support people to ascertain the point of entry and close it.
The most important thing to do right now is to change every password and liaise with your host and/or server support people to ascertain the point of entry and close it.
If it was an exploit via the forum software (mybb) could they have actually gotten root access to my whole server? If so I'd think they would've hacked all my sites but they didn't. So if they only had access to that 1 account, if I just terminate that 1 account I should be ok right?
KawaiiHannah
Active member
This is why I use 2fa for everything and changed default ports and set strong passwords like stated contact your host and work with them to investigate hoebthey gained entry
Dixie McCall
Well-known member
Anonymous hacking group calls for 'lulz and resistance' in 2017's Million Mask March Anonymous pledged to march in Trafalgar Square, Westminster, on 5 Novemberl
Tons of info on this group
Tons of info on this group
ENF
Well-known member
You can't really call a site defacement 'hacking' any more. People aren't really hacking, they're just exploiting bad configs with freely available scripts. We see tons of attempts in our logs by these scripts to find known paths to software that could be installed on a server somewhere. They aren't even targeting a forum package except the last group that went after vB sites. We saw a metric ton of requests trying to load that shell script on servers where vB wasn't even running.
Nonetheless... a change of host or complete wipe and restore is in order to assure no nasty surprises were left behind to pop up later.
Nonetheless... a change of host or complete wipe and restore is in order to assure no nasty surprises were left behind to pop up later.
Forsaken
Well-known member
They'll usually do it through a chain of IP's, at least if they're smart.
Some of these are also automated through botnets.
ManagerJosh
Well-known member
Without a forensic analysis, it's hard to say one way or another.
ŽivaAkcija
Well-known member
hacking any forum script is not easy, hacking bad host its very easy, so allways blame a hosting
Neutral Singh
Well-known member
Knownhost is a mighty good service provider! Easier to blame a host, but keeping redundant or obsolete applications on the server is our own folly...
Last edited:
DanielP
Member
Hi NeoCHI, if you haven't already, please make sure to open a support ticket with our staff. To be honest, we see this kind of thing all the time. If you had an outdated MyBB install then I can almost guarantee this is how they defaced the website.
I'd say this is a little extreme. No need to wipe an entire server if it's simply a single account compromised. Wipe/Reinstall/Restore from backup that account sure, but without further evidence of it going past the user level that could be a lot of work for no real reason. If evidence of a root compromise then yes, 100% the only way to guarantee a clean server is to burn it with fire
.My apologies, but I'll 100% disagree here. Defacing a website or finding un-sanitized input in code is far easier than trying to exploit base services almost every time.
Thanks for the positive feedback, we appreciate it!
This is wrong on so many levels, I suggest you do some research into the subject.
Similar threads
- Question
- Question
