MyBroadband admin security issue, code injection in footer

rpm

rpm

Admin
Staff member
Joined
Jul 22, 2003
Messages
66,740
marine1 said:
Question: so there was an attack. Do you have an ip address of the attacker? Can we then proceed to trace the attacker?
Click to expand...
We do indeed have an IP address, but for now we would not like to publish it.
 
rpm

rpm

Admin
Staff member
Joined
Jul 22, 2003
Messages
66,740
Rocket-Boy said:
Sounds like a similar situation to the one that occurred recently with the ubuntu forums.
They sent a bunch of pm's to other admins though and got further access like that, they also got hold of the db in that instance.
Click to expand...
This was not the same type of situation. We will give more info as soon as we confirmed what we suspect happened.
 
N

nand

Senior Member
Joined
Nov 2, 2012
Messages
742
Doesn't vBulletin have a lock-out system that that would cause an account to lock after a couple of incorrect login attempts? If so - it's seems implausible that it would be due to a weak password.
 
|tera|

|tera|

Master of Messengers
Joined
Mar 31, 2006
Messages
25,906
Reply with Quote doesn't work at all, for the whole day. Tested on Chrome and IE.

Edit is slow and irritating...

For some reason every other post wants to be a double post and transfers me to a wait for 5 seconds screen....
 
R

roconnor04

Member
Joined
Sep 19, 2012
Messages
20
might be worth investing in a SSL Certificate...would make it much more secure (still not 100% but better than what you have now) so if your admins are doing any work in any dodgy coffee shops they can't easily sniff the user account details.

Although SSL Certs can be faked for a MITM attack if the users of mybb/admins can check the certificate or have it automatically done by browser plugins like

https://addons.mozilla.org/en-us/firefox/addon/certificate-patrol/ for firefox (not idea the google alternative) then they have a good chance of spotting when someone is trying to attack them using a MITM.

Just a suggestion
 
marine1

marine1

Honorary Master
Joined
Sep 4, 2006
Messages
49,491
rpm said:
We do indeed have an IP address, but for now we would not like to publish it.
Click to expand...

Time to get a 205 subpoena demand the details of the user at that time and proceed with criminal case against the person.
Let's make an example of him/her
 
Ockie

Ockie

Resident Lead Bender
Joined
Feb 16, 2008
Messages
52,925
I am holding Ockie username hostage. I want a gazillion dollahs paid to my swiss bank account or he gets it!!!!!!!:mad:
 
rpm

rpm

Admin
Staff member
Joined
Jul 22, 2003
Messages
66,740
marine1 said:
Time to get a 205 subpoena demand the details of the user at that time and proceed with criminal case against the person. Let's make an example of him/her
Click to expand...
Not a South African IP address :(
 
F

froot

Honorary Master
Joined
Jun 2, 2009
Messages
11,347
No, the problem comes in with getting an overseas company to give you their subscriber details. It doesn't really happen. Definitely not for South Africa, at least.
 
marine1

marine1

Honorary Master
Joined
Sep 4, 2006
Messages
49,491
froot said:
No, the problem comes in with getting an overseas company to give you their subscriber details. It doesn't really happen. Definitely not for South Africa, at least.
Click to expand...

You would be surprised ;) Depends who you get to assist
 
F

froot

Honorary Master
Joined
Jun 2, 2009
Messages
11,347
Although mind you, since it's hosted on Hetzner.... Hetzner DE could assist :p
 
W

Wyzak

Expert Member
Joined
Mar 12, 2007
Messages
4,034
RichardG said:
Also experiencing the same issue as @Seriously you cannot "Reply with Quote". This problem occurred about 3 - 5 days ago if not mistaken or even last week sometime on firefox. Also noticed that sometimes my browser keeps on freezing being on this website (not sure if it is the flash content).

Should we also monitor our email for anything suspicious.
Click to expand...

Yeah I'm seeing the same issue.

If I click on Reply with quote, the wheel just starts spinning forever. If I click on it again it takes me to a new page with only the quote (think advanced window) and there it works.
 
koeksGHT

koeksGHT

Dealer
Joined
Aug 5, 2011
Messages
11,857
rpm said:
Not a South African IP address :(
Click to expand...

I suspect Russian, is it listed on honeypot?

Edit broke, when I post it says "double post" I think this forum needs a fresh re install and then restore database
 
Last edited:
phLOx

phLOx

Well-Known Member
Joined
Feb 4, 2008
Messages
352
Sounds like the work of a bot anyway. A user would have snooped more.
 
You must log in or register to reply here.
Top