MyBroadband admin security issue, code injection in footer

[rpm]

Question: so there was an attack. Do you have an ip address of the attacker? Can we then proceed to trace the attacker?

We do indeed have an IP address, but for now we would not like to publish it.

 

[rpm]

Sounds like a similar situation to the one that occurred recently with the ubuntu forums.
They sent a bunch of pm's to other admins though and got further access like that, they also got hold of the db in that instance.

This was not the same type of situation. We will give more info as soon as we confirmed what we suspect happened.

 

[nand]

Doesn't vBulletin have a lock-out system that that would cause an account to lock after a couple of incorrect login attempts? If so - it's seems implausible that it would be due to a weak password.

 

[|tera|]

Reply with Quote doesn't work at all, for the whole day. Tested on Chrome and IE.

Edit is slow and irritating...

For some reason every other post wants to be a double post and transfers me to a wait for 5 seconds screen....

 

[roconnor04]

might be worth investing in a SSL Certificate...would make it much more secure (still not 100% but better than what you have now) so if your admins are doing any work in any dodgy coffee shops they can't easily sniff the user account details.

Although SSL Certs can be faked for a MITM attack if the users of mybb/admins can check the certificate or have it automatically done by browser plugins like

https://addons.mozilla.org/en-us/firefox/addon/certificate-patrol/ for firefox (not idea the google alternative) then they have a good chance of spotting when someone is trying to attack them using a MITM.

Just a suggestion

 

[marine1]

We do indeed have an IP address, but for now we would not like to publish it.

Time to get a 205 subpoena demand the details of the user at that time and proceed with criminal case against the person.
Let's make an example of him/her

 

[Ockie]

I am holding Ockie username hostage. I want a gazillion dollahs paid to my swiss bank account or he gets it!!!!!!!

 

[The_Unbeliever]

I am holding Ockie username hostage. I want a gazillion zim dollahs paid to my swiss bank account or he gets it!!!!!!!

FTFY

 

[Necuno]

I am holding Ockie username hostage. I want a gazillion dollahs paid to my swiss bank account or he gets it!!!!!!!

That's too strait up for me :erm:

 

[rpm]

Time to get a 205 subpoena demand the details of the user at that time and proceed with criminal case against the person. Let's make an example of him/her

Not a South African IP address

 

[froot]

@rpm
Yeah that makes things difficult.

 

[marine1]

Not a South African IP address

Damn it thought we could really go the all the way with this if it was a South African

 

[Necuno]

Damn it thought we could really go the all the way with this if it was a South African

So just because its not a local IP its not a south african?

 

[froot]

No, the problem comes in with getting an overseas company to give you their subscriber details. It doesn't really happen. Definitely not for South Africa, at least.

 

[marine1]

No, the problem comes in with getting an overseas company to give you their subscriber details. It doesn't really happen. Definitely not for South Africa, at least.

You would be surprised Depends who you get to assist

 

[Necuno]

You would be surprised Depends who you get to assist

Marine1 is legion yo :twisted:

 

[froot]

Although mind you, since it's hosted on Hetzner.... Hetzner DE could assist

 

[Wyzak]

Also experiencing the same issue as @Seriously you cannot "Reply with Quote". This problem occurred about 3 - 5 days ago if not mistaken or even last week sometime on firefox. Also noticed that sometimes my browser keeps on freezing being on this website (not sure if it is the flash content).

Should we also monitor our email for anything suspicious.

Yeah I'm seeing the same issue.

If I click on Reply with quote, the wheel just starts spinning forever. If I click on it again it takes me to a new page with only the quote (think advanced window) and there it works.

 

[koeksGHT]

Not a South African IP address

I suspect Russian, is it listed on honeypot?

Edit broke, when I post it says "double post" I think this forum needs a fresh re install and then restore database

 

[phLOx]

Sounds like the work of a bot anyway. A user would have snooped more.