MyBB

SillyRabbit · **RE: MyBB RC4 Security Update [16/08/05]**

I got the same emails.

I was absolutely SWAMPED with work and didn't patch. I suffered the consequences. M*****F****** hackers should rot in hell. Anybody know how to fix?

-rabbit

Marth · 08-26-2005, 12:54 AM

Well first, those "hackers" you speak of is crackers or Black-Hat Hackers

Second: Unless you've backed up your forums via PHPMA, you're pretty much screwed just like me. I might be wrong on that judgement, though.

SillyRabbit · 08-26-2005, 12:55 AM

Yes...Black-Hat...my mistake. I was able to recover in PHPMA comparing a new version with the original.

Thanks,

Kevin

squall_leonhart69r · 08-26-2005, 11:11 AM

my own computer has been hit by
Attempted Intrusion "MSSQL StackOverflow" against your machine was detected and blocked.
Intruder: 61.180.43.188(3418).
Risk Level: High.
Protocol: UDP.
Attacked IP: 0.0.0.0.
Attacked Port: ms-sql-m(1434).

and another from

Attempted Intrusion "MSSQL StackOverflow" against your machine was detected and blocked.
Intruder: 218.89.167.83(4317).
Risk Level: High.
Protocol: UDP.
Attacked IP: 0.0.0.0.
Attacked Port: ms-sql-m(1434).

people should contact thier hosts and have these ip addresses blocked

HomeDawg · **RE: MyBB RC4 Security Update [16/08/05]**

Get a firewall, and dont use microsoft products, or keep them updated.

squall_leonhart69r · 08-26-2005, 02:49 PM

i am using a firewall thats how i got this info

***Chris Boulton*** · 08-28-2005, 10:19 AM

Those attempted attacks have nothing to do with MyBB at all.

SundayNiagara · 08-28-2005, 10:26 AM

Chris:
I think most of us realize that this doesn't involve Mybb. However, people do need to know that this is happening.
Mark

Peter · 08-28-2005, 04:11 PM

squall_leonhart69r Wrote:people should contact thier hosts and have these ip addresses blocked

No, people should not. For all we know, somebody cracked those computer and used them for the attacks, so the owners are innocent. Alternatively, those might be dynamic IP's.

n00b2kill · 08-28-2005, 05:51 PM

SundayNiagara Wrote:Twice in the last few days, I have received an email from my own Mybb and it reads like this:

A user has tried to access the Administration Control Panel for MyBB
Demo Forums. They were unable to succeed in doing so.
Below are the login details:

Username: \\\' or 1=1 /*
Password:��(MD5: d41d8cd98f00b204e9800998ecf8427e)

IP Address: 86.129.228.54
Hostname: host86-129-228-54.range86-129.btcentralplus.com

Users beware.��I'll bet I'm not the only one.
Mark

Its another SQL injection Bug in mybb, anyone is able to access the admin panel by typing

Code:

' or 1=1 /*

into the username box (and leaving "password" blank).

The bug was sent to full disclosure.
[1] http://seclists.org/lists/fulldisclosure.../0395.html

Quote:Solution:
The developers were contacted and never responded.
No patch is available.
Turn magic_quotes_gpc ON or do not use this Application

Not good...