Mybb Hacked/Defaced

  • Thread starter Deleted member 62835
  • Start date
echo_off

echo_off

Ponders things of unknowable validity
Joined
Mar 24, 2011
Messages
1,296
PenguinPaul said:
We have control of the domain. We are going through everything with "a fine tooth comb" to see if the hackers have compromised anything, which we are 99.99% sure they haven't, but we want to be 100% sure. Our blog will be back up shortly. In the mean time, you can still visit http://www.mybb.com for a simple page with updates or check out our twitter and facebook.
Click to expand...

Still saying Server Not Found for me.
 
Judge Dredd

Judge Dredd

Old Guy
Joined
Apr 20, 2011
Messages
3,144
An update:

Fri 1st June @ 4:25 AM GMT: We're currently in the middle of building out a few new servers to host/run MyBB on (perfect opportunity, right?), which means the relaunch of our website and community forums is still a work in progress. We'll have the MyBB blog back up shortly. Thanks for your continued patience.
Click to expand...
 
B

BHH

Enthusiast
Joined
Feb 1, 2010
Messages
196
mybb probably didn't get hacked. But they probably spoofed a few cookies from users visiting mybb.
 
T

TronXD

Aspirant
Joined
May 1, 2012
Messages
30
Sad to see this has happened. They have the blog post explaining why it happened now and also the majority of the site is back up.

Hopefully it wont happen again.
 
R

rusty105

Habitué
Joined
Nov 23, 2005
Messages
1,611
Maybe we can spin a positive on this. If this group is attacking the weak links, the chink in the armor, lets improve the armor! What can we take from this and apply it to our sites?
 
Ryan Loos

Ryan Loos

MyBB Liaison
Joined
Dec 21, 2007
Messages
161
echo_off said:
Still saying Server Not Found for me.
Click to expand...
It should be working for nearly everyone by now. DNS takes a while to propagate for everyone...
TronXD said:
Sad to see this has happened. They have the blog post explaining why it happened now and also the majority of the site is back up.

Hopefully it wont happen again.
Click to expand...
We hope so too! Chris has been changing all his passwords, and even forgetting them. So it should be fairly difficult for it to happen again, if not impossible.
rusty105 said:
Maybe we can spin a positive on this. If this group is attacking the weak links, the chink in the armor, lets improve the armor! What can we take from this and apply it to our sites?
Click to expand...
Make sure your passwords are safe, especially to your email account where password resetting emails will get sent to. That's basically how all of this started.


Much respect to all of the MyBB staff who have really come together over the last few days (bar myself, as I've been busy with family things) to get things back and running as quickly as possible. :)
 
TheChiro

TheChiro

Devotee
Joined
Jun 26, 2006
Messages
2,532
Ryan Loos said:
We hope so too! Chris has been changing all his passwords, and even forgetting them. So it should be fairly difficult for it to happen again, if not impossible.

Make sure your passwords are safe, especially to your email account where password resetting emails will get sent to. That's basically how all of this started.
Click to expand...

That's why it's good to have a password manager. I personally like Roboform, but that keeps me from forgetting passwords and I can set the passwords to whatever length with whatever characters I want (lower case, upper case, numbers, and symbols). It would take years to crack my passwords. The only way to get into my accounts would be to social engineer the support staff for any of the services I use.
 
Judge Dredd

Judge Dredd

Old Guy
Joined
Apr 20, 2011
Messages
3,144
Access to community forums restored, modifications site underway, updates & FAQ

As you’ve likely noticed, access to the MyBB Community Forums has now been restored. Because we don’t believe the MyBB database was compromised, we have opted to not require users to change their passwords on next login. If you’re having difficulty accessing the forums (for example, if it’s redirecting to www.mybb.com, or stylesheets aren’t loading correctly), then please clear your web browser cache and try again.
Click to expand...

Read more...
 
Ryan Loos

Ryan Loos

MyBB Liaison
Joined
Dec 21, 2007
Messages
161
Merged your thread with the existing discussion. No need for two threads on the same line of discussion. :)

I've spent most of today going over a lot of my accounts which matter most to me and changing the security settings/passwords. One of the security questions made absolutely no sense to me any more, the question was simply "Kingston?" and the answer was about 8 characters long, but I have no idea what it would have been. Probably something that made sense to a 16 year old version of me...

I should probably do this every year or so just in case it happens again.
 
Namorat

Namorat

Duder
Joined
Mar 1, 2010
Messages
3,273
I don't like security questions. Either they offer a range of questions that allow more than one answer for me or they have one answer only that anybody who knows me for ten minutes can answer correctly...
And if I have to think of a question myself it isn't much better honestly ^^
 
Ryan Loos

Ryan Loos

MyBB Liaison
Joined
Dec 21, 2007
Messages
161
I agree some of the default questions aren't the greatest, and with social networks being the norm for everyone, things like workplace, birthplace, first occupation or car registration can probably all be found if you don't set your security properly on Facebook/Google+/etc.

That said, they get you thinking about other similar questions that may have a more obscure answer (but not for you). Like the answer to my question is something that not even my parents would know. It surprised me that I remembered even.

In any case, they're a last resort. I shouldn't forget my password. May take a few seconds to figure it out but I should be able to work it out. :)
 
Namorat

Namorat

Duder
Joined
Mar 1, 2010
Messages
3,273
Ryan Loos said:
I agree some of the default questions aren't the greatest, and with social networks being the norm for everyone, things like workplace, birthplace, first occupation or car registration can probably all be found if you don't set your security properly on Facebook/Google+/etc.

That said, they get you thinking about other similar questions that may have a more obscure answer (but not for you). Like the answer to my question is something that not even my parents would know. It surprised me that I remembered even.

In any case, they're a last resort. I shouldn't forget my password. May take a few seconds to figure it out but I should be able to work it out. :)
Click to expand...

I agree, the security question is only the last part of the "defense".
I remember the lection we received on passwords and such in the army. Don't use a word, use a sentence, then use on the first letter of every word for example and things like that.
 
Ryan Loos

Ryan Loos

MyBB Liaison
Joined
Dec 21, 2007
Messages
161
bucket said:
Jamaica
Click to expand...
I didn't actually know the relation of the two until I Googled it just then. Yeah, my geography/general knowledge skills are terrible...

I actually think Kingston in my question had some relation to a Kingston branded USB drive I had. But still, I have no idea what it could have been. Anyway...
 
s_sayan

s_sayan

Aspirant
Joined
May 14, 2012
Messages
12
Ryan Loos said:
I didn't actually know the relation of the two until I Googled it just then. Yeah, my geography/general knowledge skills are terrible...

I actually think Kingston in my question had some relation to a Kingston branded USB drive I had. But still, I have no idea what it could have been. Anyway...
Click to expand...

Lol.

Now, ontopic, still many links to the forum are down. Everytime I search for something on google about Mybb I find down threads. I wonder if it has something to do with the hack.
 
PenguinPaul

PenguinPaul

MyBB Community Team
Joined
Feb 6, 2012
Messages
56
s_sayan said:
Lol.

Now, ontopic, still many links to the forum are down. Everytime I search for something on google about Mybb I find down threads. I wonder if it has something to do with the hack.
Click to expand...

The MyBB forum is up. You may be clicking on links to the archive, whose scheme changed in MyBB 1.6.8.
 
You must log in or register to reply here.
Top