MyBB-Plugins Forums
GitHub Account Compromised - Printable Version

+- MyBB-Plugins Forums (http://forums.mybb-plugins.com)
+-- Forum: MyBB-Plugins (http://forums.mybb-plugins.com/Forum-MyBB-Plugins)
+--- Forum: MyBB-Plugins News (http://forums.mybb-plugins.com/Forum-MyBB-Plugins-News)
+--- Thread: GitHub Account Compromised (/Thread-GitHub-Account-Compromised)

Pages: 1 2


GitHub Account Compromised - Diogo Parrinha - 11-16-2014

Hi everyone,

Please read the official announcement: http://blog.mybb.com/2014/11/15/github-account-compromised/


RE: GitHub Account Compromised - Joseahfer - 11-16-2014

This forum was compromised?


RE: GitHub Account Compromised - Diogo Parrinha - 11-16-2014

Nope Smile


RE: GitHub Account Compromised - Joseahfer - 11-16-2014

Okay, thanks for the info. ^^

But why all the forums are committed? Not all limited to GitHub? I don't understand this part.


RE: GitHub Account Compromised - Diogo Parrinha - 11-16-2014

The problem was that anyone that accessed their ACP and if a version check was done, it would execute JS code that would download a DB backup and send it to a remote website.


RE: GitHub Account Compromised - Ikerepc - 11-16-2014

I don't understand anything lol.

What happend and what is wrong?
I have forum with 2 members so it's not important but I just wanna know...

How it's possible that all forums is commited because of one "hack" lol?

EDIT: Oh I understand now, thanks Pirata... My forum is affected than, I will just change pass...


RE: GitHub Account Compromised - Joseahfer - 11-16-2014

(11-16-2014, 06:41 AM)Pirata Nervo Wrote: The problem was that anyone that accessed their ACP and if a version check was done, it would execute JS code that would download a DB backup and send it to a remote website.

Thank you, I understand now. ^^


RE: GitHub Account Compromised - Wozzer - 11-17-2014

I actually did 2 manual backups during this time, but both are showng my IP Address.
The times recorded are correct and I cant see anything untowards.
Does the attack record anything in the Admin logs or does it use an existing backup if it found one.


RE: GitHub Account Compromised - Diogo Parrinha - 11-17-2014

@Zyon please reset the update_check cache as well! On 1.8 it might have cached the data and it would run new backups the next time i gets executed. If you see again a new backup in your admin logs, please follow the same procedure as before to make sure they don't know your new password.
@Wozzer the IP would show as yourself in fact. If you're running 1.8, please check update_check cache just like mentioned in the updated blog post.

Please everyone re-read the blog post. In case you want to know more about the issue: http://community.mybb.com/thread-162942-post-1118562.html


RE: GitHub Account Compromised - Wozzer - 11-17-2014

Thanks - all  checked.
Although I dont seem to be affected, it has 'pushed' me into reviewing my site security Smile