Hace relativamente poco me he enterado de que han hackeado una cuenta de un administrador de Mybb de GitHub y corre un peligro de seguridad los foros con esta plataforma. Os dejo el mensaje que nos mandaron.
Hello, Yesterday, 14th of November, my (Pirata Nervo) GitHub account was compromised. By taking advantage of that, the attacker made a commit to our GH pages, more specifically one which is retrieved by the MyBB software in order to process version checks. Unfortunately, the attack allowed the attacker to setup Database backups of any MyBB forum, without exception, via JavaScript. In order for you to know if you were attacked, you must have accessed the Admin CP of your forum from 14th November 23:00 GMT to 15th November 15:30 GMT. If you accessed your AdminCP during this timespan, it is likely that you were attacked. To be sure about it, please log on to your AdminCP now and check your Database Backup Logs from ACP -> Tools & Maintenance -> Database Backups. If the creation date of at least one of them is set to a time between that time span mentioned above, you were affected. We strongly recommend you to alert your users about it so they can change their passwords.
What you have to do: (in case you were attacked)
Alert your users to change password.
Change your password.
Clear your cookies.
I’ve already enabled 2 Factor Authentication on my GitHub account and changed my password. I deeply apologize for this event for it was never my intention to cause any harm to anyone but it should be my responsibility to keep my account as secure as possible.
Ayer, 14 de noviembre, la cuenta de GitHub de uno de los administradores de MyBB fue hackeada. Este ataque permitió al atacante copias de seguridad de cualquier foro de MyBB, sin excepción, a través de JavaScript.
¿Cómo sé si he sido atacado? El administrador debería haber accedido desde el 14 de noviembre 23:00 GMT al 15 de noviembre 15:30 GMT. Deben comprobar sus copias de seguridad a ver si hay alguna durante este periodo de tiempo, si se vieron afectados por esto, MyBB recomienda alertar a los usuarios para un cambio urgente de contraseña.
Los pasos a seguir que da MyBB son los siguientes:
Alertar a los usuarios de un cambio urgente de contraseña.
