New theme by WallBB! See the announcement thread for more information!
MyDonations 1.4.1 released and Hide Content 1.4.1 released .
GitHub Account Compromised
#1
Hi everyone,

Please read the official announcement: http://blog.mybb.com/2014/11/15/github-a...mpromised/
To download our paid plugins and receive support you must be a paid subscriber. Click here for more information.
Reply
#2
This forum was compromised?
Reply
#3
Nope Smile
To download our paid plugins and receive support you must be a paid subscriber. Click here for more information.
Reply
#4
Okay, thanks for the info. ^^

But why all the forums are committed? Not all limited to GitHub? I don't understand this part.
Reply
#5
The problem was that anyone that accessed their ACP and if a version check was done, it would execute JS code that would download a DB backup and send it to a remote website.
To download our paid plugins and receive support you must be a paid subscriber. Click here for more information.
Reply
#6
I don't understand anything lol.

What happend and what is wrong?
I have forum with 2 members so it's not important but I just wanna know...

How it's possible that all forums is commited because of one "hack" lol?

EDIT: Oh I understand now, thanks Pirata... My forum is affected than, I will just change pass...
MyBB-Plugins Croatian translator

Translations for 1.8 will be made after translating MyBB 1.8, and it can take awhile
Reply
#7
(11-16-2014, 06:41 AM)Pirata Nervo Wrote: The problem was that anyone that accessed their ACP and if a version check was done, it would execute JS code that would download a DB backup and send it to a remote website.

Thank you, I understand now. ^^
Reply
#8
I actually did 2 manual backups during this time, but both are showng my IP Address.
The times recorded are correct and I cant see anything untowards.
Does the attack record anything in the Admin logs or does it use an existing backup if it found one.
Reply
#9
@Zyon please reset the update_check cache as well! On 1.8 it might have cached the data and it would run new backups the next time i gets executed. If you see again a new backup in your admin logs, please follow the same procedure as before to make sure they don't know your new password.
@Wozzer the IP would show as yourself in fact. If you're running 1.8, please check update_check cache just like mentioned in the updated blog post.

Please everyone re-read the blog post. In case you want to know more about the issue: http://community.mybb.com/thread-162942-...18562.html
To download our paid plugins and receive support you must be a paid subscriber. Click here for more information.
Reply
#10
Thanks - all  checked.
Although I dont seem to be affected, it has 'pushed' me into reviewing my site security Smile
Reply





Users browsing this thread: 1 Guest(s)

About MyBB-Plugins

Plug Yourself into the best MyBB AddOn.

Copyright © 2009-2020 MyBB-Plugins Forums.

Statistics

  • 51,000+ Posts
  • 19,000+ Members
  • 3,600+ Threads

Impressed? For sure
Check Full Stats here