MyBB web site and downloads compromised

  • October 25, 2011

It’s not good when your site gets infected with malware, specially if you’re a provider of software to many. If you are using MyBB (forum software), please be aware that their web site hacked and the software download packages compromised:

There was unfortunately a vulnerability in the CMS which powers the MyBB home page and downloads system. Using this vulnerability a hacker was able to add a backdoor to one of the files, allowing them to execute arbitrary PHP and manipulate the release packages. The CMS was custom written a number of years ago, however we believe a 3rd party framework used by the CMS contributed to the vulnerability. The CMS shares no code with MyBB so there should be no concern that these events indicate a vulnerability in MyBB. The server is also configured to isolate the subdomains belonging to the MyBB website, so it is unlikely that any data from the community forums or other sections of the site was compromised.

The MyBB team recommend these actions:

  1. Download the latest release of MyBB.
  2. Replace ./index.php (in the root folder of your forum) with the one in the download (./Upload/index.php).
  3. Remove the ./install/ folder

*We are trying to find more information about the backdoor that was added, but no luck yet. If you find a link with the affected version, let us know.

David is a Security Researcher at Sucuri. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.

Related Tags
Related Categories
You May Also Like