Hello There, Guest! › Register

MySubscriptions 2.2 released.
Looking for a custom plugin for your site? Ask here for a quote.

Website Hacked
#11

Hmm interesting. I had a similar hack on my site in November last year.

I alerted the myBB team. I use a unique password for all my sites so I don't think it was that. I actually found a thread on hackforums in relation to my site and the hack they were trying.

I managed to open a dialogue with the hackers who claimed they are "greyhat" hackers and don't do it for any particular reason, essentially claiming nihilism, which is ironic since saying you did it for no reason, really does not hold water, there is a reason somewhere.

They didnt end up knocking over the site and were using it as a proof of concept.

They somehow obtained admin panel access without using my account and I am still unsure exactly how they did it. I removed the ability to run any shell, and am fairly sure their access came through a social plugin that allowed uploads in the code even though it wasn't completely exposed.

I handed the logs to the mybb team and every other bit of info, the thread on hackforums was removed very quickly after I made contact with those involved.

They messed up a custom plugin of mine and I had to recode half of it, but such is life.

anyway I would look for any plugins that allow upload as I am almost certain this is how they got in and got shell access
Reply
#12

I run barely no plugins here and I don't believe they'd allow someone to get my password or access to my account so I don't think that's the issue. My password was likely compromised from another website where it was exactly the same.

Thank you for your suggestion though Smile
To download our paid plugins and receive support you must be a paid subscriber. Click here for more information.
Reply
#13

(04-24-2014, 09:11 PM)Pirata Nervo Wrote: I run barely no plugins here and I don't believe they'd allow someone to get my password or access to my account so I don't think that's the issue. My password was likely compromised from another website where it was exactly the same.

Thank you for your suggestion though Smile

The exact same thing has happened to my forum before. Reusing passwords is a common mistake, even the best administrators make it. Live and learn. Tongue
Reply




Users browsing this thread: 1 Guest(s)