I just wanted to issue an update, I was able to log into the ACP here is what was done:
Once I logged in, I viewed the administrative logs..
1. Hacker was possibly able to delete some language files
2. Hacker was able to gain admin access, once in he/it/she modified the index template to the hacked page.
3. I'm not absolutely sure if any files were affected, it just seems like a lame index page/template hack. On second thought it seems the hacker was able to gain administrative access through some vulnerability, then proceeded to edit the index template for the forum and possibly change some other things in addition to modifying the index template.
4. Hacker is registered under the guise khodam, last user to register was khodam, and khodam was listed in the administrative logs as the one who modified the index template to the hacked page.
Here is what I did:
Banned the khodam account, in banning options both the hackers name "khodam", it's email address and IP address were banned in the ACP from being allowed to access the forum. I also ensured the account was no longer able to be logged into by changing the email and password.
I then proceeded to restore the index page/template back to what it was originally. Index page is able to be loaded normally, not sure how much else was affected.
The rest can be left up to the CG folks to patch up and fix this issue, I'm not sure if the hacker was able to gain access due to improper permissions on the files or if it was an SQL vulnerability exploit that allowed them to gain access.
In any case after the vulnerability is patched, an upgrade on the Mybb install should be performed to bring it up to the latest version.
Files and directories that are in need of write permissions:
Permissions for other files may need to be tweaked as well. I can provide the IP address of the hacker as well if it is needed. May I also suggest changing the name of the admin directory to something more difficult to guess?
Last edited by Xtreme2damax; July 1st, 2009 at 01:32..